3 research outputs found
THE (LACKING) BUSINESS PERSPECTIVE ON SOA – CRITICAL THEMES IN SOA RESEARCH
Service-oriented architecture (SOA) has gained much popularity lately, in both practice and academia. Since SOA concepts and technology are maturing, companies have started to engage in projects that will fundamentally transform IS landscapes over the next decade. While the growing body of SOA research is mostly technology-oriented, the IS community needs to investigate the strategic, organizational, and managerial issues associated with SOA implementation. This paper profiles SOA and Web services research since 2000 with a focus on practices, adoption, and impact. Drawing on a sample of 175 papers in academic journals and conference proceedings, we establish transparency of the current state of research. Our analysis finds that the science base for SOA research from an IS perspective is still under construction thereby reflecting the novelty of the underlying technologies. We conclude that business aspects remain underserved and derive a number of recommendations for the IS community on how to proceed with SOA research
Semantic Service Description Framework for Efficient Service Discovery and Composition
Web services have been widely adopted as a new distributed system technology by industries in the areas of, enterprise application integration, business process management, and virtual organisation. However, lack of semantics in current Web services standards has been a major barrier in the further improvement of service discovery and composition. For the last decade, Semantic Web Services have become an important research topic to enrich the semantics of Web services. The key objective of Semantic Web Services is to achieve automatic/semi-automatic Web service discovery, invocation, and composition. There are several existing semantic Web service description frameworks, such as, OWL-S, WSDL-S, and WSMF. However, existing frameworks have several issues, such as insufficient service usage context information, precisely specified requirements needed to locate services, lacking information about inter-service relationships, and insufficient/incomplete information handling, make the process of service discovery and composition not as efficient as it should be.
To address these problems, a context-based semantic service description framework is proposed in this thesis. This framework focuses on not only capabilities of Web services, but also the usage context information of Web services, which we consider as an important factor in efficient service discovery and composition. Based on this framework, an enhanced service discovery mechanism is proposed. It gives service users more flexibility to search for services in more natural ways rather than only by technical specifications of required services. The service discovery mechanism also demonstrates how the features provided by the framework can facilitate the service discovery and composition processes. Together with the framework, a transformation method is provided to transform exiting service descriptions into the new framework based descriptions.
The framework is evaluated through a scenario based analysis in comparison with OWL-S and a prototype based performance evaluation in terms of query response time, the precision and recall ratio, and system scalability
SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES
Business processes involving several partners in different organisations impose demanding
requirements on procedures for specification, execution and maintenance. A
framework referred to as business process management (BPM) has evolved for this purpose
over the last ten years. Other approaches, such as service-oriented architecture
(SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures
and procedures for modelling and execution of so-called collaborative business
processes (CBPs).
Methods for the specification of business processes play a central role in this context,
and, several standards have emerged for this purpose. Among these, Web Services
Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has
evolved to become the de facto standard for business process definition. As such, this
language has been selected as the foundation for the research in this thesis.
Having a broadly accepted standard would principally allow the specification of
business processes in a platform-independent manner, including the capability to
specify them at one location and have them executed at others (possibly spread across
different organisations). Though technically feasible, this approach has significant
security implications, particularly on the side that is to execute a process.
The research project focused upon these security issues arising when business processes
are specified and executed in a distributed manner. The central goal has been the
development of methods to cope with the security issues arising when BPEL as a
standard is deployed in such a way exploiting the significant aspect of a standard to be
platform-independent
The research devised novel methods for specifying security policies in such a manner
that the assessment of compliance with these policies is greatly facilitated such that the
assessment becomes suited to be performed automatically. An analysis of the securityrelevant
semantics of BPEL as a specification language was conducted that resulted in
the identification of so-called security-relevant semantic patterns. Based on these
results, methods to specify security policy-implied restrictions in terms of such semantic
patterns and to assess the compliance of BPEL scripts with these policies have been
developed. These methods are particularly suited for assessment of remotely defined
BPEL scripts since they allow for pre-execution enforcement of local security policies
thereby mitigating or even removing the security implications involved in distributed
definition and execution of business processes.
As initially envisaged, these methods are comparatively easy to apply, as they are based
on technologies customary for practitioners in this field. The viability of the methods
proposed for automatic compliance assessment has been proven via a prototypic
implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad