Irum Rauf

Modeling behavioral RESTful web service interfaces in UML

A web service interface contains information about the names of the operations that can be invoked on the service and the input and output parameters of these operations. The Web Application Description Language (WADL) is a language to describe the interface of a web service that follows the Representation State Transfer (REST) architectural style. Currently, WADL descriptions do not describe the behavioral semantics of the operations neither ensure that the published interfaces follow the REST style, that is they are RESTful. In this paper, we present an approach to model the structural and behavioral interface of a RESTful web service using UML class and UML protocol diagrams. These models lead to RESTful interfaces that describe the behavior of operations in terms of preconditions and postconditions. The contracts can then be published in an extended version of the WADL language and used for documentation, stub generation, testing and monitoring purposes.

Modeling a composite RESTful web service with UML

The process of web service composition involves different partner web services that are published over the internet. The Representational-State Transfer (REST) web services adopt different architectural style compared to Remote Procedure Call (RPC) web services. In this paper, we address these differences in the context of web service compositions and motivate the need for new designing techniques that lead to RESTful interfaces. We provide a UML based modeling approach for the composition of RESTful web services that models the composition for its static and behavioral features. These models provide RESTful compositions by construction, serve as a part of specification document, have mapping to several web implementation languages and can also be used to validate a RESTful composition. We illustrate the applicability of the approach with a sample Hotel and Flight booking RESTful composite web service.

From Nondeterministic UML Protocol Statemachines to Class Contracts

A UML protocol state machine describes a behavioral interface for a class as a number of states and transitions between states triggered by method calls. In this paper, we present an approach to generate behavioral class interfaces in the form of class contracts from UML protocol state machines. The generated contracts can be used for documentation, test case generation, test case oracle, and as run-time assertions and thus help to test and validate the implementation of a class against its interface. We formalize protocol state machines with its structure and semantics for generating class contracts. The state invariants of the source and target states are considered along with the pre- and post-conditions of the transitions. Different types of transitions like simple, join, fork, high-level, and self transitions are supported, as well as non-deterministic behavior. The approach is supported by a tool to generate automatically the contracts from UML models.

UML Based Modeling of Web Service Composition - A Survey

Web service composition is an emerging trend in the field of service oriented architecture, where a new Web service is developed using existing Web services. Developing a composite Web service is a complex task. There are a number of reported techniques for modeling Web service compositions to specify the exact requirements, identify errors, and eliminate the conflicts in the development of a composite Web service at design level. In this paper, we study and classify various UML based approaches for modeling web service compositions. We also present a detailed analysis of all such approaches.

Designing level 3 behavioral RESTful web service interfaces

A web service interface contains information about the names of the operations that can be invoked on the service and the input and output parameters of these operations. This information is not enough to facilitate service developer and consumer in understanding the behavior of the service. In the context of RESTful web services, the requirements of RESTful interface should also be met that are not fulfilled by just advertising the allowed operations on the resources. In addition, RESTful services take hypermedia as an engine of application states. Such services are defined to be at level 3 of Richardson Maturity Model(RMM). In this paper, we present an approach to model the structural and behavioral interface of a RESTful web service using UML class and UML protocol diagrams. These models lead to RESTful interfaces that conform to level 3 of RMM and describe the behavior of operations in terms of preconditions and post-conditions. These models facilitate the authentication mechanism and provide clear mapping to HTTP requests and responses. The generated contracts of methods can be published in an extended version of the WADL language and also used for documentation, stub generation, testing and monitoring purposes.

Generating class contracts from UML protocol statemachines

We present an approach to generate behavioral class interfaces in the form of class contracts from UML 2.0 protocol state machines. A generated class contract defines a pre- and post-condition for each operation that triggers a transition in the state machine. We consider the following protocol SM elements: state and state invariants, simple transitions, compound transitions, high-level transitions, complete transitions, self transitions also deal with the case of firing priorities. The generated contracts can be used as a behavioral interface, for documentation, run-time checking and test case generation.

Scenario-Based Design and Validation of REST Web Service Compositions

We present an approach to design and validate RESTful composite web services based on user scenarios. We use the Unified Modeling Language (UML) to specify the requirements, behavior and published resources of each web service. In our approach, a service can invoke other services and exhibit complex and timed behavior while still complying with the REST architectural style. We specify user scenarios via UML Sequence Diagrams. The service specifications are transformed into UPPAAL timed automata for verification and test generation. The service requirements are propagated to the UPPAAL timed automata during the transformation. Their reachability is verified in UPPAAL and they are used for computing coverage level during test generation. We validate our approach with a case study of a holiday booking web service.

Analyzing Consistency of Behavioral REST Web Service Interfaces

REST web services can offer complex operations that do more than just simply creating, retrieving, updating and deleting information from a database. We have proposed an approach to design the interfaces of behavioral REST web services by defining a resource and a behavioral model using UML. In this paper we discuss the consistency between the resource and behavioral models that represent service states using state invariants. The state invariants are defined as predicates over resources and describe what are the valid state configurations of a behavioral model. If a state invariant is unsatisfiable then there is no valid state configuration containing the state and there is no service that can implement the service interface. We also show how we can use reasoning tools to determine the consistency between these design models.

Formalizing Object Oriented Design Patterns with Object-Z

As design patterns are gaining widespread acceptance at industrial level, efforts have come into play to formalize them. The formalization of design patterns is done to clear ambiguities in their concept, check consistency in models by developing verification tools, and provide ease of use to the designer. In this paper, we survey the work on formalization of design patterns. The approach proposed of Kim and Carrington has been studied in detail, which focuses on formalizing design patterns in Object-Z. We use this approach to formalize bridge, composite, and decorator patterns. We believe that formalization of these design patterns will lead to a better and minimal fault implementation of the final software

Towards a Model-Driven Security Assurance of Open Source Components

Open Source software is increasingly used in a wide spectrum of applications. While the benefits of the open source components are unquestionable now, there is a great concern over security assurance provided by such components. Often open source software is a subject of frequent updates. The updates might introduce or remove a diverse range of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. Therefore, there is a great demand for the techniques that would allow the developers to automate the process of security assurance in the presence of frequent releases. The problem of security assurance is especially challenging because to ensure scalability, such main open source initiatives, as OpenStack adopt RESTful architecture. This requires new security assurance techniques to cater to stateless nature of the system. In this paper, we propose a model-driven framework that would allow the designers to model the security concerns and facilitate verification and validation of them in an automated manner. It enables a regular monitoring of the security features even in the presence of frequent updates. We exemplify our approach with the Keystone component of OpenStack.