Towards Compensable SLAs

In Cooperative Information Systems, service level agreements (SLA) can be used to describe the rights and obligations of parties involved in the transaction (typically the service consumer and the service provider); amongst other information, SLA could define guarantees associated with the idea of service level objectives (SLOs) that normally represent key performance indicators of either the consumer or the provider. in case the guarantee is under-fulfilled or over-fulfilled SLAs could also define some compensations (i.e. penalties or rewards). in such a context, during the last years there have been important steps towards the automation of the management of SLAs, however the formalization of compensations in SLAs still remains as an important challenge. in this paper we aim to provide a characterization model to create SLAs with compensations; specifically, the main contributions are twofold: (i) the conceptualization of the Compensation Function to express consistently penalties and rewards and (ii) a model for Compensable Guarantees that associate SLOs with Compensation Functions. This formalization models aims to establish a foundation to elaborate tools that could provide an automated support to the modeling and analysis of SLAs with compensations. Additionally, in order to validate our approach, we model and analyze a set of guarantee terms from three real world examples of SLAs and our formalization proves to be useful for detecting mistakes that are ty

Supporting Compensations with WS-greement

During the last years the use of service level agreements (SLA) is rising uncontrollably to describe the rights and obligations of parties involved in service provisioning (typically the service consumer and the service provider); amongst other information, SLA could de ne guarantees associated with the idea of service level objectives (SLOs) that normally represent key performance indicators of either the consumer or the provider. In case the guarantee is under or over ful lled SLAs could also de ne some compensations (i.e. penalties or rewards). In such a context, there have been important steps towards the automation of the analysis of SLAs. One of these steps is a characterization model of SLAs with compensations proposed by the authors in a previous work; and another step is the standardisation e ort in the SLAs notation made by WS{Agreement. However, real-world SLAs includes complex concepts that must be considered, namely: (i) SLA terms that specify compensations without an explicit SLO; and (ii) a limit for the compensations. In this paper we extend our prior characterization model considering these complex concepts. Speci cally, (i) we provide up to ve real-world scenarios whose SLAs incorporate aforementioned new concepts; (ii) we extend our model for compensable guarantees considering terms without an explicit SLO; and (iii) we provide a novel WS{Agreement-based syntax to model SLAs with compensations considering these concepts. These contributions aim to establish a foundation to elaborate tools that could provide an automated support to the modelling and analysis of SLAs with compensations.Junta de Andalucía P12--TIC--1867Ministerio de Economía y Competitividad BELI (TIN2015-70560-R

Automated Validation of Compensable SLAs

A Service Level Agreement (SLA) regulates the provisioning of a service by defining a set of guarantees. Each guarantee sets a Service Level Objective (SLO) on some service metrics, and optionally a compensation that is applied when the SLO is unfulfilled or overfulfilled. Currently, there are software tools and research proposals that use the information about compensations to automate and optimise certain parts of the service management. However, they assume that compensations are well defined, which is too optimistic in some circumstances and can lead to undesirable situations. In this article we discuss about the notion of validity of guarantees with a compensation, which we refer to as compensable guarantees (CG). We describe an abstract model of CGs and we provide a technique that leverages constraint satisfaction problem solvers to automatically validate them. We also present a materialisation of the model of CGs in iAgree, a language to specify SLAs and a tooling support that implements our whole approach. An assessment over 319 CGs taken from 24 real-world SLAs suggests that the expressiveness and effectiveness of our proposal can pave the way for using CGs in a safer and more reliable way.Ministerio de Economía y Competitividad BELI (TIN2015-70560-R)Ministerio de Ciencia, Innovación y Universidades TIN2016-81978-REDTJunta de Andalucía P12--TIC--186

SLA management of non-computational services.

El incremento en el uso de arquitecturas orientadas a servicios en los últimos 15 años ha propiciado la propuesta de numerosas técnicas para automatizar y dar soporte al uso de dichos servicios. Un elemento fundamental en la provisión de servicios es el Acuerdo de Nivel de Servicio (ANS), donde se formalizan los requisitos y garantías de consumidor y proveedor respecto del rendimiento del servicio. Las propuestas para servicios computacionales, además de proveer modelos formales para describirlos, proponen la automatización de las diferentes etapas del ciclo de vida del ANS, tales como la negociación de las garantías para crear un ANS, el despliegue de servicios basados en el ANS, o la gestión de los recursos para cumplir las garantías provistas en el mismo. Sin embargo, en los servicios tradicionales, no computacionales, es decir, los servicios que no son ejecutados por recursos computacionales, tales como los servicios de logística o de desarrollo de software, la gestión de sus ANSs todavía se realiza por medios ad-hoc. Así, las soluciones existentes no pueden ser reutilizadas por diferentes servicios. Y, en la mayoría de los casos, esta gestión se hace de manera manual (p.e. revisión de los objetivos acordados en los ANSs de servicios de transporte), por lo que la evaluación de estos ANSs es susceptible a errores y se suele retrasar respecto a la ejecución del servicio (p.e. cuando el ANS ha finalizado), por lo que no se pueden tomar acciones preventivas para evitar el incumplimiento del ANS o estas acciones no son rentables. En estos escenarios, aparecen, además, acuerdos marco para un periodo largo (p.e. 1 aõ), durante el cual pueden aparecen ANSs relacionados con éste para un periodo más específico y el análisis de la coherencia entre acuerdos marco y acuerdos específicos es complicada de hacer durante la ejecución del servicio. En esta tesis, nos proponemos automatizar parcialmente la gestión de los ANSs de servicios no computacionales. Así, por un lado, proponemos que los modelos para servicios computacionales se extiendan a servicios no computacionales, de manera que permitan describir la operativa del servicio y sus garantías. Y, por otro lado, basado en estos modelos, proporcionamos el diseño de operaciones para gestionar el ciclo de vida de los ANS. Concretamente, estas operaciones se basan en las fases de despligue y evaluación del ANS. De forma específica, esta tesis propone tres contribuciones principales. Primero, (A) extender iAgree para dar soporte al modelado de los ANS de servicios no computacionales. Segundo, (B) dar soporte al ciclo de vida de dichos ANS mediante la formalización de las operaciones citadas (configuración del servicio basada en el ANS y monitorización del mismo) y, a partir de estas operaciones, implementamos una arquitectura de referencia para estas operaciones. Y, por último, (C) proveemos el modelado de la relación entre acuerdos marco y específicos que relacione sus términos junto con la formalización de las operaciones para el análisis que aparecen entre ellos. Otros aspectos del ciclo de vida del servicio y del ANS, como la gestión de los recursos para mejorar el rendimiento del servicio o el uso de técnicas (como machine learning) para la predicción del cumplimiento de los ANSs están fuera del contexto de esta tesis, pero se plantean como futuras líneas de extensión. Este trabajo se ha basado en ANSs reales de diferentes dominios, tales como servicios de Transporte y Logística, proveedores de Cloud or outsourcing de desarrollo TIC, que se han utilizado para validar las propuestas. Además, las contribuciones presentadas se han aplicado en el contexto de proyectos reales de soporte de sistemas TIC.The rise of computational services in the last 15 years brought the proposal of a number of techniques to automate and support their enactment. One key element in services is the Service Level Agreement (SLA), where the requirements of service customer are matched with the performance levels from the service provider to define service level guarantees and related responsibilities. The proposals from computational domains are oriented to automate the different stages in the SLA Lifecycle, such as the negotiation of terms which will form the SLA, the deployment of services based on the SLA artifact or the management of computational resources to accomplish SLA goals on runtime. However, traditional non-computational services, that is, services which are not performed by computational resources, such as logistics or software development services, are still supported by ad-hoc mechanisms. Therefore, the existing solutions for the management of their SLAs cannot be reused for other services. This management is usually manually performed (e.g.: reviewing of the goals of an SLA in transport service), so their evaluation is error-prone and delayed regarding the service execution (e.g.: when the SLA is finished), so preemptive actions to avoid SLA violations cannot be taken or/and are expensive to perform. Furthermore, these SLAs are sometimes described on a long term basis (frame agreements), and related SLAs can appear for a shorter term (specific agreements) and the analysis of the validity among them is complex to perform on runtime. In this dissertation, we aim at partially automate the management of SLAs in noncomputational services. On the one hand, we suggest that existing models for computational services can be extended to non computational services and enable the description of the service operative and their guarantees. And, on the other hand, we provide a design for operations to partially support the SLA Lifecycle, based on the previous models. Specifically, these operations are mainly focused on the deployment and fulfillment stages of the SLA. Therefore, the contributions of this dissertation are three. First, (A) providing a model to describe Service Level Agreements of non computational services, as an extension of iAgree, an existing model for SLAs of computational services. Second side, (B) supporting the SLA Lifecycle with the design of the aforementioned operations (service configuration based on SLA and monitoring of SLA) and implementing a reference architecture for such operations. And, lastly, (C) providing a model for frame and specific agreements which relates their terms and formalises the analysis operations among them. Other related operations of the service lifecycle as the management of resources to improve service performance or the use of novel techniques (such as machine learning) to predict the SLA accomplishment are out of the scope of this thesis but planned as future line of extension. The current dissertation has been based on real SLAs from different domains, such as Transport & Logistics, public Cloud providers or IT Maintenance outsourcing, which have been used to validate the proposal. And, furthermore, the contributions have been applied in the context of real IT Maintenance outsourcing projects

Towards SLA-Driven API Gateways

As APIs are becoming popular to build Service-Based Ap- plications (SBA), API Gateways are being increasingly used to facilitate API features management. They o er API management functionalities such as pricing plans support, user authentication, API versioning or response caching. Some parts of the information that an API Gateway needs are already included into a Service Level Agreement (SLA), that providers use to describe the rights and the obligations of involved par- ties in the service. Unfortunately, current API Gateways do not use any SLA representation model nor SLA underlying technology, thereby miss- ing potential opportunities. In this paper we analyze the state of the art to justify the current situation and we identify some research challenges so as to achieve SLA-Driven API Gateways.European CommissionSpanish and the Andalusian R&D&I programs TIN201232273Spanish and the Andalusian R&D&I programs TIC5906Spanish and the Andalusian R&D&I programs P12TIC-1867Spanish and the Andalusian R&D&I programs TIN2014-53986-RED

Governify for APIs: SLA-Driven Ecosystem for API Governance

As software architecture design is evolving to a microservice paradigm, RESTful APIs are being established as the preferred choice to build applications. In such a scenario, there is a shift towards a growing market of APIs where providers offer different service levels with tailored limitations typically based on the cost. In such a context, while there are well-established standards to describe the functional elements of APIs (such as the OpenAPI Specification), having a standard model for Service Level Agreements (SLAs) for APIs may boost an open ecosystem of tools that would represent an improvement for the industry by automating certain tasks during the development. In this paper, we introduce Governify for APIs, an ecosystem of tools aimed to support the user during the SLA-Driven RESTful APIs’ development process. Namely, an SLA Editor, an SLA Engine and an SLA Instrumentation Library. We also present a fully operational SLA-Driven API Gateway built on the top of our ecosystem of tools. To evaluate our proposal, we used three sources for gathering validation feedback: industry, teaching and research.Ministerio de Economía y Competitividad TIN2015- 70560-RMinisterio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU15/0298

A Service Level Agreement Driven Framework to Customise Cloud Service Billing

Cloud service providers offer to their customers a variety of pricing policies, which range from the simple, yet widely used pay-as-you-go schema to complex discounted models. When executing the billing process, stakeholders have to consider usage metrics and service level objectives in order to obtain the correct billing and conform to the service level agreement in place. The more metrics, discount and compensations rules are added to the pricing schema, the more complex the billing generation results. In this paper we present a monitoring-based solution that enables the dynamically definition of both service level objectives and discount rules, so that providers can customise the billing generation process in terms of the service level agreement they offer. We validate our proposal in a real-world scenario, introducing a micro-service based software solution deployed in a Kubernetes cluster.Ministerio de Economía y Competitividad BELI (TIN2015-70560-R)Ministerio de Ciencia, Innovación y Universidades Horatio RTI2018-101204-B-C21Ministerio de Ciencia, Innovación y Universidades TIN2016-81978-REDTJunta de Andalucía P12-TIC-186

The role of limitations and SLAs in the API industry

As software architecture design is evolving to a microservice paradigm, RESTful APIs are being established as the preferred choice to build applications. In such a scenario, there is a shift towards a growing market of APIs where providers offer different service levels with tailored limitations typically based on the cost. In this context, while there are well established standards to describe the functional elements of APIs (such as the OpenAPI Specification), having a standard model for Service Level Agreements (SLAs) for APIs may boost an open ecosystem of tools that would represent an improvement for the industry by automating certain tasks during the development such as: SLA-aware scaffolding, SLA-aware testing, or SLA-aware requesters. Unfortunately, despite there have been several proposals to describe SLAs for software in general and web services in particular during the past decades, there is an actual lack of a widely used standard due to the complex landscape of concepts surrounding the notion of SLAs and the multiple perspectives that can be addressed. In this paper, we aim to analyze the landscape for SLAs for APIs in two different directions: i) Clarifying the SLA-driven API development lifecycle: its activities and participants; 2) Developing a catalog of relevant concepts and an ulterior prioritization based on different perspectives from both Industry and Academia. As a main result, we present a scored list of concepts that paves the way to establish a concrete road-map for a standard industry-aligned specification to describe SLAs in APIs.Ministerio de Economía y Competitividad TIN2015-70560-RMinisterio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU15/0298

SLA-Driven Governance of RESTful Systems

The Software as a Service (SaaS) paradigm has become entrenched in the industry as a deployment model, bringing flexibility to the customers and a recurring revenue to the business. The main architectural paradigm of SaaS systems is the service-oriented one since it provides numerous advantages in terms of elasticity, fault tolerance, and flexible architectural design. Currently, the RESTful paradigm, a layer of abstraction on the server created by defining resources and entities that can be accessed by means of a URI, is the preferred choice for the construction of SaaS, as it promotes the deployment, isolation and integration of microservices through APIs. Nowadays, APIs are regarded as a new form of business product and ever more organizations are publicly opening up access to their APIs as a way to create new business opportunities. In the same way, other organizations also consume a number of third-party APIs as part of their business. We henceforth define the concept of a RESTful System as an information system following the RESTful paradigm to shape the integration model between both its own components as well as other information systems. Furthermore, understanding governance as the way in which a component is directed and controlled, in RESTful Systems, those components will be the RESTful APIs and what we aim to control or regulate is their behavior (i.e., how an API is being consumed or provided). As APIs are increasingly regarded as business products, a crucial activity is to describe the set of plans (i.e., the pricing) that depicts the functionality and performance being offered to clients. API providers usually define certain limitations in each instance of a plan (e.g., quotas and rates); for example, a free plan might be limited to having one hundred monthly requests, and a professional plan to have five hundred monthly requests. However, although API providers use the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers, there is no standard model used by API providers for modeling API pricing (including the plans and limitations). Although some providers do model the information regarding the API pricing and API limitations with an ad hoc approach, there is no widely accepted model in the industry. Wherefore answering questions regarding API limitations (e.g., determining whether or not a certain pricing is valid) is still a manual or non-interoperable process coming along with some inconveniences (being tedious, time-consuming, error-prone, etc.). Understating governance as to how a system is directed and controlled, we translate this concept to meet the SLA-driven approach: we consider the SLA (i.e., API pricing) as the element that will drive the directions, policies and rules to deliver and maintain the RESTful System. Adding the SLA to the idea of governance of RESTful systems leads to the main hypothesis of this dissertation: there is no well-established model for describing API pricings)in RESTful systems, which is hindering the automatic SLA-Driven governance. We claim the main goal of this thesis to be: the creation of an expressive, fully-fledged specification of SLAs for RESTful APIs endorsed with an open ecosystem of tools aimed at the SLA-Driven Governance of RESTful systems. The results of this endeavor are twofold: (I) Creation of a sufficiently expressive specification for the description of API pricings and the analysis of their validity. This comprises: (i) conducting an analysis of real-world APIs to evaluate the characteristics of the API pricings and limitations; (ii) identifying the relevance of SLAs in APIs in both academic and industrial scenarios; (iii) proposing a comprehensive model for describing API pricings; (iv) defining analysis operations for common questions regarding the validity in API pricings and limitations; (v) performing an evaluation of the model in real-world APIs. (II) Implementation of an ecosystem of tools to support the SLA-Driven governance of RESTful APIs. This includes: (i) developing a set of API governance tools; (ii) implementing a validity analysis operation; (iii) performing a validation of the tools and operations in realistic scenarios. In this thesis, we present the Governify4APIs ecosystem as the set comprised of (i) a model aimed at describing API pricings that is closely aligned with industry standards in APIs (OpenAPI Specification) and (ii) a set of companion tools for enacting the automatic governance using our specification, ranging from low-level validation tasks to SaaS solutions based on our model. Governify4APIs is, therefore, a fully-fledged specification, aligned with the mainstream standards and intended to enable an SLA-Driven Governance of RESTful Systems.El paradigma del software como servicio (SaaS) se ha afianzado en la industria como modelo de despliegue, aportando flexibilidad a los clientes y unos ingresos constantes a las organizaciones. El principal paradigma arquitectónico de los sistemas SaaS es la arquitectura orientada a servicios, ya que proporciona numerosas ventajas en términos de elasticidad, tolerancia a fallos y diseño flexible. RESTful, una capa de abstracción sobre el servidor creada mediante la definición de recursos y entidades a las que se puede acceder mediante una URI, es la opción preferida para la construcción de SaaS, ya que promueve el despliegue, el aislamiento y la integración de microservicios a través de APIs. Hoy en día, las APIs se consideran una nueva forma de producto empresarial y cada vez más organizaciones abren públicamente el acceso a sus APIs como forma de crear nuevas oportunidades de negocio. Del mismo modo, otras organizaciones también consumen una serie de APIs de terceros como parte de su negocio. A partir de ahora definimos el concepto de Sistema RESTful como un sistema de información que sigue el paradigma RESTful para conformar el modelo de integración tanto entre sus propios componentes como con otros sistemas de información. Además, entendiendo gobierno como la forma en que se dirige y controla un componente, en los sistemas RESTful, esos componentes serán las APIs RESTful y lo que pretendemos controlar o regular es su comportamiento (es decir, cómo se está consumiendo o proporcionando una API). Dado que las APIs están, cada vez más, siendo consideradas como productos comerciales, una actividad crucial es describir el conjunto de planes (es decir, el pricing) que describe la funcionalidad y el rendimiento que se ofrece a los clientes. Los proveedores de API suelen definir ciertas limitaciones en cada instancia de un plan (por ejemplo, quotas y rates); por ejemplo, un plan gratuito podría estar limitado a tener cien peticiones mensuales, y un plan profesional a tener quinientas peticiones mensuales. Sin embargo, aunque los proveedores de APIs utilizan el concepto de Acuerdo de Nivel de Servicio (SLA) para delimitar la funcionalidad y las garantías a las que se comprometen con sus clientes, no existe ningún modelo estándar usado por los proveedores para modelar el pricing de las API (incluyendo los planes y limitaciones). Aunque algunos proveedores modelan la información relativa a los pricings y las limitaciones de las APIs con un enfoque ad hoc, no existe un modelo ampliamente aceptado en el sector. Por lo tanto, responder a las preguntas relativas a las limitaciones de la APIs (por ejemplo, determinar si un determinado pricing es válido o no) sigue siendo un proceso manual o no interoperable, cosa que conlleva algunos inconvenientes (es tedioso, consume tiempo, es propenso a errores, etc.). Entendiendo el gobierno como la forma de dirigir y controlar un sistema, podemos traducir este concepto teniendo en cuenta el SLA, esto es, consideramos este elemento como aquel sobre el que se realiza la dirección, políticas y reglas para entregar y mantener el sistema RESTful. Añadir el concepto SLA a esa idea de gobierno de sistemas RESTful nos lleva a la hipótesis principal de esta tesis: no existe un modelo bien establecido para describir los SLAs (o pricing) en los sistemas RESTful, lo que está dificultando el gobierno automático. Es, por tanto, el objetivo principal de esta tesis la creación de una especificación expresiva y completa de SLAs para APIs RESTful, respaldada por un ecosistema abierto de herramientas orientadas al gobierno de sistemas RESTful dirigido por SLAs. Los resultados principales han sido: (I) Creación de una especificación suficientemente expresiva para la descripción de los pricings de la API y el análisis de su validez. Esto comprende: (i) realizar un análisis de APIs del mundo real para evaluar las características de los pricings y limitaciones de las APIs; (ii) identificar la relevancia de los SLAs en las APIs tanto en escenarios académicos como industriales; (iii) proponer un modelo completo para describir los pricings de las APIs; (iv) definir operaciones de análisis para preguntas comunes sobre la validez en los pricings y limitaciones de las APIs; (v) realizar una evaluación del modelo en APIs del mundo real. (II) Implementación de un ecosistema de herramientas para apoyar la gobernanza SLA-Driven de las APIs RESTful. Esto incluye: (i) desarrollar un conjunto de herramientas de gobierno de APIs; (ii) implementar una operación de análisis de validez; (iii) realizar una validación de las herramientas y operaciones en escenarios realistas. En esta tesis, presentamos el ecosistema Governify4APIs como el conjunto compuesto por (i) un modelo destinado a describir los pricings de las APIs y alineado estrechamente con los estándares de la industria (OpenAPI) y (ii) un conjunto de herramientas complementarias para el gobierno automático utilizando este modelo, que van desde tareas de validación hasta soluciones SaaS. Por lo tanto, Governify4APIs es una especificación acompañada de todo lo necesario, alineada con los estándares industriales y destinada a permitir un gobierno de sistemas RESTful dirigidos por SLAs

Challenges in the specification of full contracts

Partially supported by the Nordunet3 project “COSoDIS”.The complete specification of full contracts - contracts which include tolerated exceptions, and which enable reasoning about the contracts themselves, can be achieved using a combination of temporal and deontic concepts. In this paper we discuss the challenges in combining deontic and other relevant logics, in particular focusing on operators for choice, obligations over sequences, contrary-to-duty obligations, and how internal and external decisions may be incorporated in an action-based language for specifying contracts. We provide different viable interpretations and approaches for the development of such a sound logic and outline challenges for the future.peer-reviewe