Zhuqing Li

A Policy-Based Architecture for Web Services Security Processing

With the development of the Internet, Web Services technology has gradually become the development direction of the e-business, e-government and other fields, and the corresponding security mechanism has received unprecedented attention, while how to design an integrated architecture to enhance web services security remains a problem very difficult to tackle with, and there are no good solutions to support individualized security requirements. As a result of our study we present in this paper a policy-based architecture termed PBA4WSSP for web services security processing. In PBA4WSSP, the processes of all security problems are based on security policy in service stage to enable system security and flexibility. Moreover, this architecture provides the five security services including as integrity, confidentiality, non-repudiation, authentication and authorization. In PBA4WSSP, a web service security module have been designed and implemented.

Development of global specification for dynamically adaptive software

As software systems are becoming increasingly complex, they need to dynamically and continually adapt their behavior to changing conditions in the long-term running. There will be large numbers of adaptations in these systems when evolving and the adaptations may be unknowable until system operation. To specify these adaptations, this paper proposes the mode-supported Linear Temporal Logic (mLTL) that is an effective way to describe global specifications of adaptive software. The global specifications are defined for adaptive software as requirements from the perspective of global adapting process. The model checking problem of mLTL is also resolved using Linear Temporal Logic (LTL) and Labelled Transition System Analyser (LTSA). Finally, we provide a prototype implementation for modelling and analyzing adaptive programs, and experimental evaluation shows feasibility and scalability of our approach.

Towards a Formal Verification Approach for Implementation of Web Services Specifications

The implementation of Web services specifications is the key issue of Web services container which is the infrastructure of SOC. The specifications are always depicted in natural language, which may lead to misunderstanding or ambiguity. In this situation, the implementations of the same specification by different containers will re-introduce interoperability which is supposedly addressed by Web services. These may lead to the reliability problems among upper applications. Currently, formal methods is a precise mathematic way to model the specifications and verify the correctness of the properties. To solve the issues, first, we introduce an XML programming language called SODL (Service-Oriented Description Language) to describe the implementation of specifications. Then, using SODL, we describe the message processing logic according to specifications and implement a Web services container. Furthermore, the logic described in SODL can be converted to automata, by which lots of tools can be applied to verify the properties of container according to the specifications.

PBA4WSSP: a policy-based architecture for web services security processing

Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

FSM4WSR: A Formal Model for Verifiable Web Service Runtime

Web service runtime is an important infrastructure middleware for service-based applications. It processes exchanged messages according to web service protocols. Correct implementation of web service protocols is critical for ensuring the reliability of web service runtime. In this paper, we first introduce a Service-Oriented Description Language (SODL) to precisely and concisely describe message processing logics for web service protocol implementations. Then, we propose a formal model for verifiable web service runtime, named FSM4WSR, based on Estelle (an ISO formal description standard). FSM4WSR uses module and channel to capture the essential components of the runtime architecture. Furthermore, the internal behaviors in each module are formally described by using a combination of the extended finite-state machine and SODL. Based on FSM4WSR, we automatically generate the web service protocol implementations and construct a verifiable web service runtime system, named XServices SODL Runtime.

CoServices: A Service-based Collaboration Platform for Distributed Cooperative Applications

The availability of high performance network brings up a number of distributed cooperative applications. However, most of the current cooperative applications are developed in a certain domain, and the system design or the functional modules cannot be reused in the other application scenarios. While, after analyzing a lot of cooperative systems in different scenarios, we found that these systems contain many common modules that have similar functions. Obviously, duplicated development of these modules leads to a mass of unnecessary costs. So, in this paper we proposed a service-based collaboration platform called Co Services which provides these commons modules for new cooperative applications. To make the platform adaptive to heterogeneous scenarios, we have defined a set of interfaces using web service so that the platform can be compatible with multiple kinds of client platforms. Besides, we have built a web service based uniform data sharing model which can be used to represent different types of data and integrate various data sources. In addition, to satisfy divers need for concurrency control in different applications, we have designed a configurable concurrency control algorithm which can be customized by configuration. Last, we have developed two applications based on Co Services to validate the effectiveness of the platform.

Towards Hierarchical Modeling and Analysis of Web Services Choreography

Web services choreography as an important approach of composing web services describes the global model of service interactions among a set of participants. Modern software design paradigms promote hierarchy as one of the key constructs for structuring complex specifications. In development of complex service-oriented systems, hierarchical composition in which a composed service could also be composed into a high level system model is a great approach for system modeling, and behavioural equivalence which checks whether two choreographies in different levels describe essentially the same behaviour is an important aspect of system verification. This paper proposes a formal modeling and analysis approach for hierarchical web services choreographies. A formal language Chor which originates from WS-CDL describes dynamic behaviour of choreographies and a novel bisimulation is used for analyzing behavioural equivalence of Chor language. We introduce a hierarchical model for describing and analyzing complex choreographies. Abstract choreographies can be refined to detailed models and external and observable behaviour be preserved equivalently. Our approach can also be extended to formally analyze hierarchical and global interaction models for general concurrent systems.

Integrating Business Processes and Business Rules

Integration between business processes and business rules is necessary for some applications which not only hold numerous business knowledge or policies but also need the intercommunication among some distributed and heterogeneous components. This paper proposes a main process and multiple bypass process to focus the integration occurring between a bypass process and a rule set. In order to hold the context of some external services decided by business rules, we design a special scope activity in the bypass process. Moreover, an architecture and an algorithm are provided to illustrate the interaction between a BPEL engine and a rule engine for the integrating BPEL processes and business rules.

A policy-based architecture for web services authentication

With the rapid development of the Internet, web service technology has been extensively used in distributed applications and is highly likely to replace other various technologies for the distributed application development. However, concerning most hard issues of the web services authentication, no proper solutions have been discovered and available for use now. Due to its dynamic and cross-domain characteristics, web services authentication is confronted with new challenges and difficulties. Each service or autonomous domain may have their separate authentication technologies and identity token types. Meanwhile, the same services may adopt different authentication technologies in terms of different application scenarios. Therefore, the difficult question arises as how to design an integrated and flexible architecture to enhance trust in web services. According to our findings, presented in this paper is a policy-based architecture for web services authentication termed PBA4WSA. Compared with the other architectures, the PBA4WSA can better satisfy the characteristics of web services.

Orchestra Designer: an open-source tool for scientific workflow modeling

Scientific workflow has become an important tool used by scientists to operate distributed resources in current scientific research. However, the gap between scientific domain and workflow specification has increased the difficulty of adopting scientific workflow. Further, the lack of collaborative mechanism has gradually become a major obstacle for scientists to share scientific workflow. In this paper, we introduced an open-source tool for scientific workflow modeling, called Orchestra Designer. It solves above problems by isolating domain tasks from workflow specification and providing a service-oriented collaboration bus. Meanwhile, Orchestra Designer supports the design of cross domains scientific workflows.