A framework for promoting interoperability in a global electronic market-space

The primary contributions to the area of electronic business integration, propounded by this thesis, are (in no particular order):  A novel examination of global Business-to-Business (B2B) interoperability in terms of a "multiplicity paradox" and of a "global electronic market-space" from a Complex Systems Science perspective.  A framework for an, integrated, global electronic market-space, which is based on a hierarchical, incremental, minimalist-business-pattern approach. A Web Services-SOA forms the basis of application-to-application integration within the framework. The framework is founded in a comprehensive study of existing technologies, standards and models for secure interoperability and the SOA paradigm. The Complex Systems Science concepts of "predictable structure" and "structural complexity" are used consistently throughout the progressive formulation of the framework.  A model for a global message handler (including a standards-based message-format) which obviates the common problems implicit in standard SOAP-RPC. It is formulated around the "standardized, common, abstract application interface" critical success factor, deduced from examining existing models. The model can be used in any collaboration context.  An open standards-based security model for the global message handler. Conceptually, the framework comprises the following:  An interoperable standardized message format: a standardized SOAP-envelope with standardized attachments (8-bit binary MIME-serialized XOP packages).  An interoperable standardized message-delivery infrastructure encompassing an RPC-invoked message-handler - a Web service, operating in synchronous and/or asynchronous mode, which relays attachments to service endpoints.  A business information processing infrastructure comprised of: a standardized generic minimalist-business-pattern (simple buying/selling), comprising global pre-specifications for business processes (for example, placing an order), standardized specific atomic business activities (e.g. completing an order-form), a standardized document-set (including, e.g. an order-form) based on standardized metadata (common nomenclature and common semantics used in XSD's, e.g. the order-form), the standardized corresponding choreography for atomic activities (e.g. acknowledgement of receipt of order-form) and service endpoints (based on standardized programming interfaces and virtual methods with customized implementations).Theoretical ComputingPHD (INFORMATION SYSTEMS

Participant Domain Name Token Profile for security enhancements supporting service oriented architecture

This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP). A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue. The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost

Influencing the run-time behaviour of complex services using contexts

Service oriented architecture (SOA) and web services make it possible to construct rich and complex distributed systems which operate at internet scales. However, the underlying design principles of SOA can lead to management problems for processes over web services. This thesis identifies several potential problems with the management of processes over web services, and proposes the use of explicit context as a possible solution. The available options are explored, and the WS-Context specification is implemented and evaluated. The SOA design principles of loose coupling, interaction at an interface, autonomy, and composablity can lead to management problems for processes over web services. Processes over web services where one composite service invokes other composite services which in turn invoke other composite services can lead to complex invocation trees. These invocation trees may be different at different times due to the shifting effect of loose coupling, as new services are swapped in to replace those in previous invocations. In such an environment how well can we define the interface of the top level service in a static document such as a WSDL? Because there is a separation between the ultimate service consumer, and the ultimate service provider how can the service consumer correctly assign fault when a service fails? When concurrency is used, and encouraged, how can we deal with the inevitable race conditions and deadlock? In distributed systems where portions of processes execute on systems beyond our organizational control, how can we pause, or kill these processes? Many of these systems model long-running business processes. How do we communicate changes in process requirements? The use of an explicit context is a potential solution to these types of problems. The abstraction context provides an environment in which the process participants can describe their requirements, query those of other process participants, and react to changes in the environment. A sample context server, based on the WS-Context specification, was implemented using the Erlang language. The sample context server provides the basic operations required to manage and store contextual information about a process. The sample context server was evaluated to determine the cost of employing a context as part of a web service based software system. The performance of the sample server was also evaluated. Test were conducted on the time costs of the basic operations of the context server, and they were found to have a constant time cost. The operations for getting and setting the contents of the context were found to have a time cost dependant on the size of the context. The cost of propagating the context along a chain of service invocations was tested and found to have an overhead which increased linearly with the length of the service invocation chain. The context server was stress tested using a closed loop test which simulated the interaction of a number of concurrent clients, and an open loop test which simulated bursts of arriving requests. The open loop testing showed that the context server could handle 75 concurrent clients. Beyond 75 concurrent clients, the response times of the context server began to slowly increase. The closed loop testing showed that the context server had a maximum throughput of 190 requests per second for bursts of 200 requests with an interarrival time of 4 milliseconds

Privacy trust access control infrastructure using XACML

The use of personal, sensitive information, such as privileges and attributes, to gain access to computer resources in distributed environments raises an interesting paradox. On one hand, in order to make the services and resources accessible to legitimate users, access control infrastructure requires valid and provable service clients' identities or attributes to make decisions. On the other hand, the service clients may not be prepared to disclose their identity information or attributes to a remote party without determining in advance whether the service provider can be trusted with such sensitive information. Moreover, when clients give out personal information, they still are unsure of the extent of propagation and use of the information. This thesis describes an investigation of privacy preserving options in access control infrastructures, and proposes a security model to support the management of those options, based on extensible Access Control Markup Language (XACML) and Security Access Markup Language (SAML), both of which are OASIS security standards. Existing access control systems are typically unilateral in that the enterprise service provider assigns the access rights and makes the access control decisions, and there is no negotiation between the client and the service provider. As access control management systems lean towards being user-centric or federated, unilateral approaches can no longer adequately preserve the client's privacy, particularly where communicating parties have no pre-existing trust relationship. As a result, a unified approach that significantly improves privacy and confidentiality protection in distributed environments was considered. This resulted in the development of XACML Trust Management Authorization Infrastructure (XTMAI) designed to handle privacy and confidentiality mutually and simultaneously using the concept of Obligation of Trust (OoT) protocol. The OoT enables two or more transaction parties to exchange Notice of Obligations (NoB) (obligating constraints) as well as Signed Acceptance of Obligation (SAO), a proof of acceptance, as security assurances before exchange of sensitive resources.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Critical Investigation of Virtual Universities: Applying the UK Structure to Saudi Arabia

The purpose of this study was to investigate the feasibility, practicality and desirability of establishing a virtual university (VU) using new technologies in Saudi Arabia and to explore how to apply the existing VU frameworks to the Saudi Arabian education system. This is desirable in order to accommodate the rapid growth in the number of secondary school graduates, and is regarded as one of the most important challenges currently facing Saudi Universities. The study traces the origins of VUs in the UK and Europe, then examines the tools, forums and methods in use, focusing on the main service-oriented architecture and the Simple Object Access Protocol framework. Primary data were gathered by means of two sets of questionnaires, to explore the appetite for a virtual university in Saudi Arabia and to investigate the use of virtual learning in the UK. Three UK universities that strongly promote virtual learning (The Open University, the International Virtual University and Oxford University) were also researched online, providing an additional edge to the wider research on other universities. The investigation was motivated by a desire to produce a model that would widen learning opportunities for those who otherwise have no access to formal education in Saudi Arabia. The result is a virtual university model designed and developed to be a safe and secure Web-based educational system, providing online education for all, regardless of geographical position or time of day. Data were gathered mainly from secondary sources, such as journals, conference reports and books. A literature review critically assessed several technologies and protocols, and a critical comparison of Web services was conducted. Evidence from the questionnaire, the literature review and informal discussions led this researcher to pursue further the concepts of messaging technology and distributed communication, focusing on implementing JMS and a message-passing system. As a result, a chat application which utilises the publish-and-subscribe messaging model and a translator are presented and recommended as essential elements in achieving virtualisation in higher education. The thesis proposes a third-generation virtual university utilising cloud computing, offering integrated services to learners and including different types of online learning materials, specialized virtual centres for the development of educational courses, library and administrative functions, an interactive environment and online collaboration