Paul Fremantle

Enterprise services

Examining the emerging field of Web Services and how it is integrated into existing enterprise infrastructures.

Multi-tenant SOA Middleware for Cloud Computing

Enterprise IT infrastructure incurs many costs ranging from hardware costs and software licenses/maintenance costs to the costs of monitoring, managing, and maintaining IT infrastructure. The recent advent of cloud computing offers some tangible prospects of reducing some of those costs; however, abstractions provided by cloud computing are often inadequate to provide major cost savings across the IT infrastructure life-cycle. Multi-tenancy, which allows a single application to emulate multiple application instances, has been proposed as a solution to this problem. By sharing one application across many tenants, multi-tenancy attempts to replace many small application instances with one or few large instances thus bringing down the overall cost of IT infrastructure. In this paper, we present an architecture for achieving multi-tenancy at the SOA level, which enables users to run their services and other SOA artifacts in a multi-tenant SOA framework as well as provides an environment to build multi-tenant applications. We discuss architecture, design decisions, and problems encountered, together with potential solutions when applicable. Primary contributions of this paper are motivating multi-tenancy, and the design and implementation of a multi-tenant SOA platform which allows users to run their current applications in a multi-tenant environment with minimal or no modifications.

Federated Identity and Access Management for the Internet of Things

We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol -- built on top of HTTP -- for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.

Web API Management Meets the InternetźofźThings

In this paper we outline the challenges of Web API management in Internet of Things IoT projects. Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, as well as usage control and throttling. We look at how Web API management principles, including some of the above elements, translate into a world of connected devices IoT. In particular, we present and evaluate a prototype that addresses the issue of managing authentication with millions of insecure low-power devices communicating with non-HTTP protocols. With this first step, we are only beginning to investigate IoT API management, therefore we also discuss necessary future work.

Solving the grand challenge using an opensource CEP engine

The DEBS Grand Challenge is an annual event in which different event-based systems compete to solve a real-world problem. The 2014 challenge is to demonstrate scalable real-time analytics using high-volume sensor data collected from smart plugs over a one and a half month period. This paper aims to show how a general-purpose commercially available event-based system - the WSO2 Complex Event Processor (WSO2 CEP) - was used to solve this problem. In addition, we explore areas where we created extensions to the WSO2 CEP engine to better solve the challenge.

WSO2 Stratos:an application stack to support cloud computing

Abstract Cloud computing has heralded many advantages including self-service, elasticity, pay as you go, improved accessibility to computation resources, and ease of deployment and deployment automation. However, to extend those advantages to a larger audience, higher-level abstractions such as Software as a Service (SaaS) or Platform as a Service (PaaS) are needed. This paper presents Stratos, which is a Platform-as-a-Service based around the principles and design of Service Oriented Architecture (SOA). Furthermore, we introduce the concept of Cloud Native attributes, which we argue are properties essential to extend the benefits of the underlying Cloud to PaaS and SaaS users. We present Stratos as a Cloud Native PaaS offering, discuss the architecture that enables Cloud Native attributes, and discuss scenarios where Stratos can be useful to the end user. Zusammenfassung Cloud Computing verspricht viele Vorteile, insbesondere Nachfrageelastizität, verbesserte Erreichbarkeit von Rechenressourcen und vereinfachte Verwendung bzw. Einsatzautomatisierung. Um diese Vorteile einem breiten Publikum zur Verfügung stellen zu können, bedarf es jedoch hoher Abstraktionen wie etwa Software as a Service (SaaS) oder Platform as a Service (PaaS). Der vorliegende Beitrag stellt Stratos vor, das eine solche, auf Service-orientierten Architekturen basierende PaaS ist. Wir diskutieren die Architektur sowie Szenarien, in denen Stratos für den Endanwender wertvoll ist.

Cloud Services Gateway: A Tool for Exposing Private Services to the Public Cloud with Fine-grained Control

By enabling users to allocate computing resources on demand, cheaply, and in an elastic manner, Cloud Computing has made large computation resources available to small and medium size organizations. However, using the Cloud requires users to place their computations, data, or both in a shared data center own by an outsider. This sharing has raised many security concerns. Such concerns are much apparent with use cases like health informatics, where the security of the information is critical and imposed by government regulations. We propose a hybrid approach to solve this problem, where only computations are moved to the public domains while keeping the data within the private network, and computations may access data through a set of services that expose data following the Principle of Least Privilege. Such architectures will, however, require computations in the cloud to connect to the local network that holds the data, and the obvious solution: that is opening up ports in the organizational firewall could potentially create security loopholes. As an alternative, we propose Cloud Services Gateway (CSG), which enable users to selectively expose their private services that reside inside a firewall to outside clients while maintaining fine grained control. This paper motivates hybrid Cloud architectures and presents the architecture and design decisions of Cloud Services Gateway.

Carbon: towards a server building framework for SOA platform

SOA proposes an architecture that composes many services together in a loosely coupled manner, and those services may provide a wide spectrum of features like implementing Business Logic, supporting Service Orchestration, Service Mediation, and Eventing, etc. Each user would, typically, choose a subset of these features and build his architecture on them. Although it is conceptually possible to fit all the features into the same server, due to performance and modularity concerns, the functionalities are broken across several servers and deployed rather than deploying as a single server. This paper presents Carbon, a component based server building framework that allows users to pick and choose different SOA concepts and build their own customized servers. Furthermore, the same framework enables those different features to share cross cutting concerns like storage, security, user interfaces, throttling, eventing etc., thus simplifying the server development process and reducing the footprint of the overall implementation. We present Carbon, the design decisions, and architecture while comparing and contrasting the proposed framework with other component based frameworks. The primary contributions of this paper are proposing a server building framework for SOA platform, taking initial steps towards defining and implementing such a framework, and sharing experiences of building and using the framework in real world settings. Furthermore, we propose a minimal kernel for SOA upon which the proposed platform can be constructed.

A survey of secure middleware for the Internet of Things

The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area. Subjects Computer Networks and Communications, Embedded Computing, Real-Time and Embedded Systems, Security and Privacy, World Wide Web and Web Science

A Detailed Analysis of IoT Platform Architectures: Concepts, Similarities, and Differences

The IoT is gaining increasing attention. The overall aim is to interconnect the physical with the digital world. Therefore, the physical world is measured by sensors and translated into processible data, and data has to be translated into commands to be executed by actuators. Due to the growing interest in IoT, the number of platforms designed to support IoT has risen considerably. As a result of different approaches, standards, and use cases, there is a wide variety and heterogeneity of IoT platforms. This leads to difficulties in comprehending, selecting, and using appropriate platforms. In this work, we tackle these issues by conducting a detailed analysis of several state-of-the-art IoT platforms in order to foster the understanding of the (i) underlying concepts, (ii) similarities, and (iii) differences between them. We show that the various components of the different platforms can be mapped to an abstract reference architecture, and analyze the effectiveness of this mapping.