Fulvio Frati

The Use of a Meta-Model to Support Multi-Project Process Measurement

In todays environment, software companies are engaged in multiple projects delivered on heterogeneous platforms for a wide class of applications in disparate application domains. They are increasingly engaged in the co-development of software systems through joint software development projects including staff from partners and customers as well as their own. As a result, they must support multiple software development processes while trying to guarantee uniform levels of process enactment, and product quality across all projects. Our approach is capable of providing process measurement in a joint-project, multi-process model business environment. It is based on a simple meta-model for computing across-process, multiple-project metrics designed to permit monitoring of CMMI compliance. The open source tool Spago4Q has been developed to support our approach and is capable of producing the measurements needed for monitoring of a set of large-scale development projects using different process models, in a real industrial setting in Europe. The results support the view that that it will not always be possible to aggregate the same set of metrics across disparate process models.

Scalability Patterns for Platform-as-a-Service

Platform-as-a-Service is a cloud-based approach that provides enterprises with all the functionalities for developing, deploying, and administering services, without the burden of installing, configuring, and managing the underlying middleware, operating system, and hardware. In this context, scalability becomes a fundamental requirement, and appropriate solutions need to be studied and evaluated. In this paper, we present different scalability patterns for a Platform-as-a-Service infrastructure and a two-level approach to performance monitoring allowing automatic scalability management. We also provide a performance evaluation of the scalability patterns on a Service-Oriented Architecture (SOA) PaaS, which considers the impact on performance of SOA security standards.

FOCSE: An OWA-based Evaluation Framework for OS Adoption in Critical Environments

While the vast majority of European and US companies increasingly use open source software for non-key applications, a much smaller number of companies have deployed it in critical areas such as security and access control. This is partly due to residual difficulties in performing and documenting the selection process of open source solutions. In this paper we describe the FOCSE metrics framework, supporting a specific selection process for security-related open source code. FOCSE is based on a set of general purpose metrics suitable for evaluating open source frameworks in general; however, it includes some specific metrics expressing security solutions’ capability of responding to continuous change in threats. We show FOCSE at work in two use cases about selecting two different types of security-related open source solutions, i.e. Single Sign-On and Secure Shell applications.

Web Service Assurance: The Notion and the Issues

Web service technology provides basic infrastructure for deploying collaborative business processes. Web Service security standards and protocols aim to provide secure communication and conversation between service providers and consumers. Still, for a client calling a Web service it is difficult to ascertain that a particular service instance satisfies—at execution time—specific non-functional properties. In this paper we introduce the notion of certified Web service assurance, characterizing how service consumers can specify the set of security properties that a service should satisfy. Also, we illustrate a mechanism to re-check non-functional properties when the execution context changes. To this end, we introduce the concept of context-aware certificate, and describe a dynamic, context-aware service discovery environment.

A metamodel for modeling and measuring Scrum development process

Many organizations using agile processes would like to adopt a process measurement framework, e.g. for assessing their process maturity. In this paper we propose a meta-model supporting derivation of specific data models for agile development processes. Then, we show how our meta-model can be used to derive a model of the Scrum process.

Exploiting Participatory Design in Open Innovation Factories

In this paper we describe a methodology and a set of tools that support the exploitation of ideas, suggestions and proposals coming from different sources, internal and external to the organization (e.g. customers and employees). Items extracted from incoming message flows are used as a basis of a participatory design process. In this context, we discuss the design principles of an environment we call Open Innovation Factory, supporting collaborative design of new products and services.

CAS++: An Open Source Single Sign-On Solution for Secure e-Services

Business and recreational activities on the global communication infrastructure are increasingly based on the use of remote resources and services, and on the interaction between different, remotely located parties. On corporate networks as well as on the open Web, the huge number of resources and services often requires to multiple log-ons leading to credential proliferation and, potentially, to security leaks. An increasingly widespread approach to simplify and secure the log-on process is Single Sign-On (SSO) that allows automatic access to secondary domains through a single log-on operation to a primary domain. In this paper, we describe the basic concepts of SSO architecture focusing on the central role of open source implementations. We outline three major SSO trust models and the different requirements to be addressed. We then illustrate CAS++, our open source implementation of a Single Sign-On service. Finally, we illustrate the application of CAS++ to a real case study concerning the development of a multi-service network management system. The motivation for our work has been raised in response to the requirements of such case study within the Pitagora project.

Design principles for competence-based Recommender Systems

In this paper we analyze the principal preconditions and limitations for designing a competence-based Recommender System. In detail this analysis is contextualized in the ARISTOTELE European project. In the second part of the paper an architectural view is proposed taking in consideration the objective to propose standard and non-standard suggestions. This solution will permit to insert serendipity approaches into classical solutions.

Secure Authentication Process for High Sensitive Data E-Services: A Roadmap

The widespread diffusion of distributed services, providing access to resources through the Net, has stressed the need of secure ways to authenticate users. The heterogeneity of resources leads to different authentication mechanisms implementations often requiring multiple log-on actions also in intra-domain multi-services scenario. The article presents a roadmap on authentication mechanisms implemented at different levels of services’ software structure.

A Competitive Scalability Approach for Cloud Architectures

The success of cloud computing has radically changed the way in which services are implemented and deployed, and made accessible to external and remote users. The cloud computing paradigm, in fact, supports a vision of distributed IT where software services and applications are outsourced and used on a pay-as-you-go basis. In this context, the ability to guarantee an effective management of cloud performance and to support automatic scalability become fundamental requirements. Cloud users are increasingly interested in a transparent and coherent vision of cloud, where performance is guaranteed in different scenarios, and under different and heterogeneous loads. In this paper, we analyze the benefits of an integrated scalability approach at different layers of the cloud stack, focusing on the computing infrastructure and database layers. To this aim, we provide different performance metrics and a set of rules based on them to evaluate the status of the cloud stack and scale it on demand to maintain stable performance. We then implement a proof-of-concept architecture to experimentally analyze cloud performance in three scenarios of scalability: computing infrastructure only, database only, and the case in which computing infrastructure and database compete for resources.