Ghita Kouadri Mostefaoui

Toward Behavioral Web Services Using Policies

Making Web services context-aware is a challenge. This is like making Web service expose appropriate behaviors in response to changes detected in the environment. Context awareness requires a review and extension of the current execution model of Web services. This paper discusses the seamless combination of context and policy to manage behaviors that Web services expose during composition and in response to changes in the environment. For this purpose, a four-layer approach is devised. These layers are denoted by policy, user, Web service, and resource. In this approach, behavior management and binding are subject to executing policies of types permission, obligation, restriction, and dispensation. A prototype that illustrates how context and policy are woven into Web services composition scenarios is presented as well.

On Modeling and Developing Self-Healing Web Services Using Aspects

Like any computing application, Web services are subject to failure and unavailability due to multiple reasons like Web service faulty-code and unreliable communication-infrastructure. A manual correction of Web services failure is error-prone and time-consuming. An effective Web services environment should be able to monitor its state, diagnosis faults, and automatically recover from failures. This process is known as self-healing. In this paper, we address self-healing issues of Web services using Aspect-Oriented Programming (AOP). AOP supports separation of self-healing concerns from Web services code and promotes maintenance and reusability.

Decoupling Security Concerns in Web Services Using Aspects

This paper discusses the aspect-oriented framework for Web services (AoF4WS) that supports on-demand context-sensitive security in Web services. Flexible security schemes are needed in many Web services applications where authentication, authorization, etc., can no longer be used in their current form. Security mechanisms are to be customized to the continuously changing requirements of Web services. Examples of this customization concern cryptographic protocol for a specific situation and timeout for user credentials. The AoF4WS uses aspect-oriented programming and frames. Aspects provide flexibility to the framework, and frames adjust aspects to specific requirements

On the Secure Sharing of Legacy Data

We describe a framework for the secure sharing and aggregation of legacy data. The framework, \emph{sif} (for service-oriented interoperability framework), has two key principles at its core: that it should be possible to expose data from any legacy data source, irrespective of the underlying technologies or data models, and that data owners should be afforded the opportunity for expressive access control policies. sif abstracts issues such as secure transport and heterogeneous federation from application developers via a Java API. Our particular focus in this paper is sifs plug-in mechanism, which gives rise to a simple and elegant means of facilitating interoperability.

SC-WS: A Context-based, Aspect-oriented Approach for Handling Security Concerns in Web Services

This paper discusses Aspect-Oriented Programming (AOP) as an efficient way to handle security concerns in Web services. Without AOP, the necessary security code would be mixed with the business logic that a Web service implements. This renders the maintenance of both code and business logic tedious and prone to errors. AOP allows confining codes of non-functional concerns like security and self-healing into specific modules so that they do not cross-cut with the Web services business logic. The proposed aspect-oriented approach in this paper is built upon three levels referred to as user, component, and resource, and adopts three types of context, one context per level. The contexts contain various details on the environment of Web services, which permits activating the necessary aspects in response to these details. A set of experiments validating this approach are also reported in this paper.