André Miede

Structuring SOA Governance

Companies’ IT Systems are confronted with constantly changing market conditions, new competitive threats and a growing number of legal regulations. The service-oriented architecture (SOA) paradigm provides a promising way to address these challenges at the level of a company’s IT infrastructure. These challenges, as well as the management of the newly introduced complexity and heterogeneity, are targeted by SOA Governance approaches. In recent years, a number of concrete frameworks for SOA Governance addressing these issues have been proposed. There is no holistic approach considering all proposed elements, consolidating them in order to form a universally applicable model. In this contribution, we motivate SOA Governance, investigate and compare different approaches, identify common concepts, and derive a generic model for governance of Service-oriented Architectures.

Resource Planning Heuristics for Service-Oriented Workflows

Resource allocation and resource planning, especially in a SOA and grid environment, become crucial. Particularly, in an environment with a huge number of workflow consumers requesting a decentralized cross-organizational workflow, performance evaluation and execution-management of service-oriented workflows gain in importance. The need for an effective and efficient workflow management forces enterprises to use intelligent optimization models and heuristics to compose workflows out of several services under real-time conditions. This paper introduces the required architecture workflow performance extension - WPX.KOM for resource planning and workload prediction purposes. Furthermore, optimization approaches and a high-performance heuristic solving the addressed resource planning problem with low computational overhead are presented.

QoS-Aware Service Composition for Complex Workflows

In Service-oriented Architectures, business processes are realized by composing loosely coupled services. With the ongoing success of Web services technologies, the invocation of Web services goes beyond enterprises’ borders. So, besides implementing required services within one enterprise, services can be purchased from external service providers. With a growing number and variety of services, enterprises can choose between functionally equivalent services at different cost and quality levels. The paper at hand addresses this service selection problem considering complex workflow patterns. Aggregation functions for different quality of service parameters are proposed and a linear optimization problem is formulated, which can be solved using integer linear programming techniques or by applying heuristic solutions.

WS-Re2Policy: A Policy Language for Distributed SLA Monitoring and Enforcement

Web service technology and the Service-oriented Architecture (SOA) paradigm have become state of the art for the integration of systems across enterprise boundaries. Here, a strong need for policies exists, which describe the Quality of Service delivered by third parties.Current policy languages in the area of Web services and SOAs allow the specification of requirements with respect to the Quality of Service as well as the parameters, which should be monitored. They do not cover the countermeasures needed and accepted in case of requirement violations. Especially, in distributed scenarios it is helpful to provide the monitoring units with information about possible reactions to violations in order to enforce policies at the monitoring units. Therefore, we developed the Web service requirements and reactions policy language (WS-Re2Policy), which overcomes those issues by specifying requirements and reactions in a single policy to be distributed to independent monitoring units.

QoS-Based Optimization of Service Compositions for Complex Workflows

In Service-oriented Architectures, business processes can be realized by composing loosely coupled services. If services in the Internet of Services with comparable functionalities but varying quality levels are available at different costs on service marketplaces, service requesters can decide, which services from which service providers to select. The work at hand addresses computing an optimal solution to this service-selection-problem considering complex workflow patterns. For this, a linear optimization problem is formulated, which can be solved by applying integer linear programming techniques.

Study and Comparison of Adaptation Mechanisms for Performance Enhancements of Mobile Web Service Consumption

Mobile Web services lie on the intersection of two big IT trends, namely Service-oriented Architectures (SOA) and mobile applications. So, their usage is likely to expand dramatically in the next years. However, the heavyweight nature of service-orientation in terms of the messaging-overhead that is necessary in order to achieve interoperability and loose-coupling comes in contrast with the lightweight nature of mobile devices and with the need to transmit wirelessly as few data as possible. This study categorizes the mechanisms that have been designed in order to bridge this gap, provides comparisons, discusses the results of related experiments, and introduces the future scenario in which the insights of the study can be exploited.

A Generic Metamodel for IT Security Attack Modeling for Distributed Systems

Understanding and discussing the security aspects of IT systems during their development is challenging for both domain specialists and IT experts - neglecting this aspect leads to communication problems and, eventually, to less secure systems. An important factor for these challenges is the distribution and variety of basic IT security concepts, attacks, and countermeasures, e.g., in the standard literature. In this paper, we propose a generic metamodel for IT security capturing both its major concepts and their relationships to each other. With a focus on attacks, we show how this model is applied to different scenarios in distributed systems, i.e., Peer-to-Peer systems, Service-oriented Architectures, and Mobile ad hoc Networks. This allows for a better understanding of IT security in general and attacks in particular, thus, enabling effective communication between different parties during the development of security-critical IT systems.

Qualitative and quantitative aspects of cooperation mechanisms for monitoring in service-oriented architectures

Cooperation mechanisms for agents monitoring service-based workflows are a means to address the increasing complexity of modern enterprise architectures. These mechanisms are inspired by existing biological mechanisms and extend an existing decentralized monitoring architecture in order to handle deviations from Service Level Agreements autonomously. As the core cooperation mechanisms have been subject of our previous work and have been described in detail earlier, we present now an evaluation of our concepts regarding both effectiveness and efficiency, based on an implemented prototype.

Cross-organizational security - the service-oriented difference

Service-oriented Architectures (SOA) are a powerful paradigm to address integration challenges for information technology systems in enterprises. The service-based integration of legacy systems and business partner systems makes it necessary to introduce and adapt suitable SOA security measures in order to secure the enterprise both within and for cross-organizational collaboration. While there is an active research community for SOA security, standard literature on the topic has not yet identified the influence of the SOA paradigm on security aspects in a structured manner, especially in an enterprise context. In our paper, we work towards this goal by identifying the main elements of cross-organizational SOA in the form of a conceptual model and by discussing these elements regarding their impact on security issues. Based on this, research challenges for SOA security are defined and structured.

Decision support for Web service adaptation

With the Internet of Services, Web services from all areas of life and business will be o ered to service consumers. Even though Web service technologies make it easy to consume services on arbitrary devices due to their platformindependence, service messaging is heavyweight. This may cause problems if services are invoked using devices with limited resources, e.g., smartphones. To overcome this issue, several adaptation mechanisms to decrease service messaging have been proposed. However, none of these are the best-performing under all possible system contexts. In this paper, we present a decision support system that aims at helping an operator to apply appropriate adaptation mechanisms based on the system context. We formulate the corresponding decision problem and present two scoring algorithms ‐ one Quality of Service-based and one Quality of Experience-based. Missing data and, thus, an incomplete system context is a serious challenge for scoring algorithms. Regarding the problem at hand, missing data may lead to errors with respect to the recommended adaptation mechanisms. To address this challenge, we apply the statistical concept of imputation, i.e., substituting missing data. Based on the evaluation of di erent imputation algorithms used for one of our scoring algorithms, we show which imputation algorithms significantly decrease the error imposed by the missing data and decide whether imputation algorithms tailored to our scenario should be investigated.