Joachim Götze

A single sign-on framework for web-services-based distributed applications

The basic specifications of Web services com- pletely ignore the need for secure services that are based on a solid authentication and authorization infrastructure. An enhancement of the basic specifications is in progress, but takes time to complete. A large-scale application built today is still in need of an authentication and authorization infrastructure to offer its services to the customers of the service provider and only to the customers. In the following such an infrastructure is described that is able to empower Web services to properly handle authentication and authorization. This infrastructure is designed as services that can be used by any Web service needing authentication and authorization.

Exchanging Data Agreements in the DaaS Model

Rich types of data offered by data as a service(DaaS) in the cloud are typically associated with different and complex data concerns that DaaS service providers, data providers and data consumers must carefully examine and agree with before passing and utilizing data. Unlike service agreements, data agreements, reflecting conditions established on the basis of data concerns, between relevant stakeholders have got little attention. However, as data concerns are complex and contextual, given the trend of mixing data sources by automated techniques, such as data mash up, data agreements must be associated with data discovery, retrieval and utilization. Unfortunately, exchanging data agreements so far has not been automated and incorporated into service and data discovery and composition. In this paper, we analyze possible steps and propose interactions among data consumers, DaaS service providers and data providers in exchanging data agreements. Based on that, we present a novel service for composing, managing, analyzing data agreements for DaaS in cloud environments and data marketplaces.

Voice over IP - considerations for a next generation architecture

Voice over IP is on its way to becoming an alternative to the classical telephony system because more and more Voice over IP providers offer their solutions on the Internet and try to increase their clientele. But current voice over IP technology is still in its commercial and technological infancy and has not yet proven to be worldwide accessible, usable and scalable as the classical telephony system has proven in the past 100 years. In this paper, architecture for a next generation Voice over IP model will be outlined and discussed. The main focus lies on interoperability between different Voice over IP providers as well as dependability and robustness.

A hash-based pseudonymization infrastructure for RFID systems

Many proposals have been made to solve the privacy implications of RFID systems: The main idea to ensure location privacy is to change the identifiers of RFID tags regularly. For building inter-organizational RFID systems, pseudonyms can be used to provide a link to the respective owner of a tag without affecting location privacy. Based on these considerations, in this paper a pseudonymization infrastructure is presented that is based on one-way hash functions and thus is a better fit for the specific demands of resource scarce tags than approaches based on public key cryptography

A Lightweight Service Grid Based on Web Services and Peer-to-Peer

What is The Grid? This question has been asked by many people and has been answered by many more. On our way to the One Grid, it is currently only possible to distinguish between several Computational, Data and Service Grids. This paper introduces Venice, a lightweight Service Grid that allows for easy service deployment, easy maintenance and easy service usage. It contains management services, information services and application services that can be used to build distributed applications upon. Its main focus in on providing a flexible and dependable infrastructure for deploying services that do not require special knowledge and expertise in Grid computing.

Web Services Directory Based on Peer-to-Peer Technology

Service-oriented architectures foster the interaction of a multitude of different services. In order to ensure flawless service interaction, a directory service is needed that can be used to find suitable services for a desired task. A centralized solution for local services might be suitable for small systems, but on a larger scale - when systems start to interact via federations of trust - the need for a highly available and easily maintainable directory service arises

License4Grid: Adopting DRM for Licensed Content in Grid Environments

Processing of licensed content with automatic compliance checking of the license terms is currently not supported in Grid environments. However, applications processing large amounts of data is a topic recently gaining more and more attention. The use of high performance computing capabilities, e.g., provided by Grid environments, is an obvious choice to speed up the processing time. Currently, most of the input data required in such Grid applications is freely accessible by standard Grid technology. However, many upcoming applications for Grid Computing require data provided under a specific license, also leading to license violations on a regular basis, because license compliance can currently not be validated. Data under a specific license is often retrieved from outside the Grid over individual portals directly from a content provider or distributor. Beside the additional efforts for user and security management, such external distribution approaches prevent an association between the license information and the content. In this work, the internal distribution approach for licensed content in Grid environments (License4Grid) is designed, maintaining the association between the license information and the corresponding data. The design respects the requirements emerging from handling either unprotected and protected content and makes use of the user and security mechanisms provided by common Grid technologies in order to fit into the environment homogeneously.

Iterative Service Orchestration based on Dependability Attributes

In a service-oriented architecture (SOA), the orchestration of services to new services and complex workflows is a common approach. Because the complexity and capability of the orchestrated services are increased, it is important to maintain and ensure the dependability attributes, e.g. availability and reliability, in such an environment. Today, most approaches focus on the needs during the creation of a single application, but the Internet became a commodity for end users during the last years and more services are available every day. While the range of available services is growing, the end users are helpless selecting a service providing the quality of service they expect. Therefore, a straightforward approach is needed allowing the creation and modification of orchestrated services by end users with respect to dependability attributes.

Facilitating Scientific Workflow Configuration with Parameterized Workflow Skeletons

This paper describes an operator for configuring scientific workflows that facilitates the process of assigning workflow activities to cloud resources. In general, modeling and configuring scientific workflows is complex and error-prone, because workflows are built of highly parallel patterns comprising huge numbers of tasks. Reusing tested patterns as building blocks avoids repeating errors. Workflow skeletons are parametrizable building blocks describing such patterns. Hence, scientists have a means to reuse validated parallel constructs for rapidly defining their in-silico experiments. Often, configurations of data parallel patterns are generated automatically. However, for many task parallel patterns each task needs to be configured manually. In frameworks like MapReduce, scientists have no control of how tasks are assigned to cloud resources. What is the strength of such patterns, may lead to unnecessary data transfers in other patterns. Workflow Skeletons facilitate the configuration by providing an operator that accepts parameters, this allows for scalable configurations saving time and cost by allocating cloud resources just in time. In addition, this configuration operator helps to define configurations that avoid unnecessary data transfers.

A Model for Policy-Based Automation of Usage Accounting across Multiple Cloud Infrastructures

Cloud Computing provides flexible and dynamic provisioning of resources, services, and applications. As such, Cloud Computing is the ideal IT infrastructure for the ever changing workload of companies and service providers. Although, cloud providers offer functionality for usage accounting, this functionality is limited to their own requirements. Companies and service providers as cloud users have also a need for usage accounting, but with different requirements than the cloud providers. Additionally, cloud users are not limited to a single cloud, but make use of multiple cloud infrastructures and applications depending on their needs. Cloud users require a usage accounting infrastructure not only capable of supporting billing as an accounting application, but capable of supporting all kinds of applications. For example applications like cost allocation or trend analysis. In order to be able to manage such a complex and adaptable usage accounting infrastructure, we present a policy-based management approach. Policies are used as a high-level description of the intended behavior of the infrastructure which are then utilized to derive configurations for the infrastructure services. Such a solution ensures the efficient management and administration of complex usage accounting infrastructures.