Eric Wohlstadter

GlueQoS: middleware to sweeten quality-of-service policy interactions

A holy grail of component-based software engineering is write-once, reuse everywhere. However, in modern distributed, component-based systems supporting emerging application areas such as service-oriented e-business (where Web services are viewed as components) and peer-to-peer computing, this is difficult. Non-functional requirements (related to quality-of-service (QoS) issues such as security, reliability, and performance) vary with deployment context, and sometimes even at run-time, complicating the task of re-using components. In this paper, we present a middleware-based approach to managing dynamically changing QoS requirements of components. Policies are used to advertise non-functional capabilities and vary at run-time with operating conditions. We also provide middleware enhancements to match, interpret, and mediate QoS requirements of clients and servers at deployment time and/or runtime.

Transaction policies for service-oriented computing

Service-oriented computing is emerging as a distributed computing model where autonomous services interact with each other using standard Internet technology. In addition to the application-specific functions that services provide (different) services may also support (different) sets of protocols and formats addressing extra-functional concerns such as transaction processing and reliable messaging. This raises the need for services to complement their functional service descriptions with descriptions of extra-functional capabilities, requirements, and/or preferences, which must be matched and enforced for service interactions. In this paper, we address the problem of transactional coordination in service-oriented computing. We argue for the use of declarative policy assertions to advertise and match support for different transaction styles (direct transaction processing, queued transaction processing, and compensation-based transaction processing), and introduce the concept of and system support for transaction coupling modes as the policy-based contracts guiding transactional business process execution. We focus on concrete, protocol-specific policies that apply to relevant Web services specifications. Using transaction policies and our middleware system, we are able to support a reliable SOC environment.

Imagen: runtime migration of browser sessions for javascript web applications

Due to the increasing complexity of web applications and emerging HTML5 standards, a large amount of runtime state is created and managed in the users browser. While such complexity is desirable for user experience, it makes it hard for developers to implement mechanisms that provide users ubiquitous access to the data they create during application use. This paper presents our research into browser session migration for JavaScript-based web applications. Session migration is the act of transferring a session between browsers at runtime. Without burden to developers, our system allows users to create a snapshot image that captures all runtime state needed to resume the session elsewhere. Our system works completely in the JavaScript layer and thus snapshots can be transfered between different browser vendors and hardware devices. We report on performance metrics of the system using five applications, four different browsers, and three different devices.

A static aspect language for checking design rules

Design rules express constraints on the behavior and structure of a program. These rules can help ensure that a program follows a set of established practices, and avoids certain classes of errors.Design rules often crosscut program structure and enforcing them is emerging as an important application domain for Aspect Oriented Programming. For many interesting design rules, current general purpose AOP languages lack the expressiveness to characterize them statically and enforce them at compile time.We have developed a domain specific language called Program Description Logic (PDL). PDL allows succinct declarative definitions of programmatic structures which correspond to design rule violations. PDL is based on a fully static and expressive pointcut language. PDL pointcuts allow characterizing a wide range of design rules without sacrificing static verification.We evaluate PDL by comparing it to FxCop, an industrial strength tool for checking design rules.

Script InSight: Using Models to Explore JavaScript Code from the Browser View

As Web programming standards and browser infrastructures have matured, the implementation of UIs for many Web sites has seen a parallel increase in complexity. In order to deal with this problem, we are researching ways to bridge the gap between the browser view of a UI and its JavaScript implementation. To achieve this we propose a novel JavaScript reverse-engineering approach and a prototype tool called Script InSight. This approach helps to relate the semantically meaningful elements in the browser to the lower-level JavaScript syntax, by leveraging context available during the script execution. The approach uses run-time tracing to build a dynamic, context-sensitive, control-flow model that provides feedback to developers as a summary of tracing information. To demonstrate the applicability of the approach we present a study of an existing open-source Web 2.0 application called the Java Pet Store and metrics taken from several popular online sites.

A Service-oriented Middleware for Runtime Web Services Interoperability

A major goal of service-oriented architectures is to enable software interoperability in heterogeneous and dynamic environments. Web services standards and protocols aim to support this goal and middleware systems implementing these standards and protocols consequently are needed. Maintenance and administration of middleware is made difficult due to variations in standards and their constant evolution. In this paper, we introduce a new service-oriented middleware architecture for runtime Web services interoperability. Different from other middleware systems our approach applies service-oriented computing principles on the middleware layer, thereby establishing an on-demand model for middleware features. Clients can use middleware as services, dynamically discovering and using the services as interoperability requirements are determined. Further, middleware as services allows middleware to be provided and managed separately from its clients. We present the policy-based programming model, architecture, and details of our middleware, and discuss new challenges that arise in this context, such as distribution of middleware services. The approach is validated through a scenario integrating Web service transaction middleware

Generating wrappers for command line programs: the Cal-Aggie Wrap-O-Matic project

Software developers writing new software have strong incentives to make their products compliant to standards such as CORBA, COM, and Java Beans. Standards compliance facilitates interoperability, component based software assembly, and software reuse, thus leading to improved quality and productivity. Legacy software, on the other hand, is usually monolithic and hard to maintain and adapt. Many organizations, saddled with entrenched legacy software, are confronted with the need to integrate legacy assets into more modern, distributed, componentized systems that provide critical business services. Thus, wrapping legacy systems for interoperability has been an area of considerable interest. Wrappers are usually constructed by hand which can be costly and error-prone. We specifically target command-line oriented legacy systems and describe a tool framework that automates away some of the drudgery of constructing wrappers for these systems. We describe the Cal-Aggie Wrap-O-Matic system (CAWOM), and illustrate its use to create CORBA wrappers for: a) the JDB debugger, thus supporting distributed debugging using other CORBA components; and b) the Apache Web server, thus allowing remote Web server administration, potentially mediated by CORBA-compliant security services. While CORBA has some limitations, in several relatively common settings it can produce better wrappers at lower cost.

Enforcing security for desktop clients using authority aspects

Desktop client applications interact with both local and remote resources. This is both a benefit in terms of the rich features desktop clients can provide, but also a security risk. Due to their high connectivity, desktop clients can leave a users machine vulnerable to viruses, malicious plug-ins, and scripts. Aspect-Oriented Software Development can be used to address security concerns in software in a modular fashion. However, most existing research focuses on the protection of server-side resources. In this paper we introduce an aspect-oriented mechanism, Authority Aspects, to enforce the Principle of Least Privilege on desktop clients. This helps to ensure that legitimate resource access is allowed and illegitimate access is blocked. We present a case study applying our approach on two desktop applications: an RSS feed aggregator and a Web browser.

Automated object persistence for JavaScript

Traditionally web applications have required an internet connection in order to work with data. Browsers have lacked any mechanisms to allow web applications to operate offline with a set of data to provide constant access to applications. Recently, through browser plug-ins such as Google Gears, browsers have gained the ability to persist data for offline use. However, until now its been difficult for a web developer using these plug-ins to manage persisting data both locally for offline use and in the internet cloud due to: synchronization requirements, managing throughput and latency to the cloud, and making it work within the confines of a standards-compliant web browser. Historically in non-browser environments, programming language environments have offered automated object persistence to shield the developer from these complexities. In our research we have created a framework which introduces automated persistence of data objects for JavaScript utilizing the internet. Unlike traditional object persistence solutions, ours relies only on existing or forthcoming internet standards and does not rely upon specific runtime mechanisms such as OS or interpreter/compiler support. A new design was required in order to be suitable to the internets unique characteristics of varying connection quality and a browsers specific restrictions. We validate our approach using benchmarks which show that our framework can handle thousands of data objects automatically, reducing the amount of work needed by developers to support offline Web applications.

Web Service Mashup Middleware with Partitioning of XML Pipelines

Traditionally, the composition of Web services to create mashups has been achieved by using an application server as a mediator between a client browser and services. To avoid this bottleneck, mashups are sometimes implemented so that Web service composition takes place directly from the end user’s browser. Creating such implementations is difficult because developers must manage the separation of software into various distributable pieces, in different languages, and coordinate their communication. In this paper we describe a middleware for managing Web service mashups in a disciplined, and flexible way. We build upon the established abstraction of XML pipelines, but describe a new approach for selectively partitioning pipeline components between a browser client and application server. We provide a performance evaluation for a common mashup application scenario.