Toward Behavioral Web Services Using Policies

Making Web services context-aware is a challenge. This is like making Web service expose appropriate behaviors in response to changes detected in the environment. Context awareness requires a review and extension of the current execution model of Web services. This paper discusses the seamless combination of context and policy to manage behaviors that Web services expose during composition and in response to changes in the environment. For this purpose, a four-layer approach is devised. These layers are denoted by policy, user, Web service, and resource. In this approach, behavior management and binding are subject to executing policies of types permission, obligation, restriction, and dispensation. A prototype that illustrates how context and policy are woven into Web services composition scenarios is presented as well.      

基于角色的Web Services动态访问控制模型

已有模型对Web Services的访问控制多数是静态的、粗粒度的,不能满足动态的面向服务的Web Services环境。为此提出了一个基于角色的Web Services动态访问控制模型(RBDAC),此模型可以根据用户访问时的上下文信息来激活角色分配和权限分配,并动态地做出访问控制决定。     

Web服务行为兼容性的判定与计算

确保Web服务行为兼容是实现Web服务无缝集成与协作的一个重要问题.在服务视图概念的基础上,给出了Web服务行为兼容性的相关定义.提出一种基于π演算的Web服务行为兼容性的定性判定与定量计算方法.该方法首先通过算法自动地将Web服务行为和Web服务间的交互行为表达成π演算进程,然后借助π演算的操作语义和形式化推演实现服务行为兼容性自动的定性判定;随后在π演算的进程变换理论的基础上提出算法实现服务兼容性自动的定量计算.该方法在服务动态组合与服务动态替换中的典型应用表明,该方法对于服务组合的正确建立和可靠执行具有重要作用.     

Web Services中基于信任的动态访问控制*

在Web Services系统中,用户行为的动态不确定性,使得现有的访问控制模型难以控制用户的恶意行为。针对这一问题,提出一种基于信任的动态访问控制模型。该模型将安全断言标记语言和可扩展的访问控制标志语言相结合,并采用了一种基于忠诚度的信任度计算方法。仿真结果显示,该访问控制方式能有效地遏制恶意行为,实现访问控制的动态性,具有较好的通用性、灵活性和可扩展性。     

面向行为的可信Web服务选择方法

通过服务组合构建应用软件已成为SOC（Service-Oriented Computing）环境下满足用户需求的一种主要途径，而服务选择是服务组合的重要环节，其选择结果对组合服务的可信性有重要的影响。针对当前服务选择结果中服务的预期行为与执行行为相差较远的问题，设计了有效的流程相似性度量方法FQSim。该方法综合考虑服务流程的静态结构与动态行为，提高了服务流程相似性计算结果的准确性。仿真实验验证了所提方法的有效性，与已有方法相比，流程相似性度量方法FQSim有更优的准确率。     

Personalised ubiquitous file access with XML Web Services

The explosion of new types of end-user devices, as well as the increase in the number of users with broadband connection in private households, opens up the opportunity to provide access to documents and services residing in the home domain from remote locations. Also, the increased mobility of users, as well as the need to be able to work in all locations, further adds to the requirement of remote document access. The contribution of this paper is threefold. First, it introduces the Mobile Home Access system, which simplifies remote access to resources in a home domain. The Mobile Home Access (MHA) system is based on the Service-Oriented Computing concept and realized using XML Web Services for communication between the home domain and the end-user device, while employing the Common Internet File System (CIFS) network file system to allow appropriate file access in the home domain. The second contribution is the mechanism whereby such a service can be deployed when network elements like firewalls and NAT routers are introduced. The challenge of establishing a connection from a remote device is general for both client–server services and peer-to-peer services. The paper proposes and describes a design and implementation of a solution using XML Web Services technologies, and thus shows how NAT traversal technology can be integrated with such middleware. The third contribution of this paper is a performance analysis of the current implementation of the Mobile Home Access service. The results of the analysis should be interesting for the applicability of XML Web Services in mobile computing in general.     

Modelling access policies using roles in requirements engineering

Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for eliciting and analysing these types of requirements, because they do not allow complex organisational structures and procedures that underlie policies to be represented adequately. This paper discusses roles and why they are important in the analysis of security. The paper relates roles to organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies.     

基于限界模型检查的Web服务行为失配检测

在Web服务组合过程中,常因交互协议不一致等导致服务失配;Web服务失配检测可准确捕捉失配点,为实现服务的有效组合奠定基础。采用限界模型检查技术,提出一种基于可满足性模理论(SMT)的Web服务行为失配检测方法。该方法首先将服务失配检测问题转化为逻辑公式的可满足性判定问题,然后利用Yices工具实现Web服务行为失配检测,最后通过实例进一步阐述该方法的有效性。     

一种Web服务模型的动态行为转换方法研究实现

随着业务流程的复杂性与日俱增,编排和协调Web服务的价值也日益被人们所认识。近年来,国内外一些研究机构和IT企业在关于模型驱动架构MDA在Web服务中的应用方面作了不同程度的研究,但仅仅集中于Web服务模型的静态结构转换。根据MDA的思想,在Web服务模型的转换中,使用动态行为的平台无关模型PIM来定义业务流程,并提供将PIM转换成平台相关模型PSM的方法。研究Web服务模型的动态行为转换,讲述用UML活动图定义业务流程,并提供一种如何从UML活动图转换成BPEL的方法。     

基于UML活动图的Web服务合成动态行为建模方法研究

描述了利用UML进行Web服务合成的建模方法,包括静态结构建模和动态行为建模两个方面,针对Web服务合成的动态行为建模部分,详细说明了利用UML活动图进行建模时需要注意的问题,如活动图的控制流模式与Web服务合成控制流模式的语义对应关系,所支持的数据模式,以及为了方便模型转换对活动图actions元素的概念扩展,给出了动态行为建模方法,并给出了基于OCL的转换规则以及UML活动图元素到BPEL4WS元素的映射关系,最后通过订单管理案例对所述方法进行验证,为Web服务合成提供了新的思路。     

Enhancing mobile Web access using intelligent recommendations

Intelligent Web recommendations derived from frequent user Web-access patterns can help typical mobile users efficiently navigate standard Web sites. To facilitate mobile Web access, mobile clients' display resolution must gradually increase. Additionally, servers need a simple and elegant solution for displaying content effectively on mobile devices. We propose an implicit server-side approach using intelligent Web recommendations that can significantly enhance the mobile-browsing experience.     

Web services policies

In addition to the basic Web services architecture, various specifications already exist for adding security, reliable messaging, and transaction mechanisms to Web services messages. All of these include numerous options to let them meet various application requirements. Specifying option choices for Web services in basic communication areas such as security, reliable messaging, privacy, and transactions is the immediate goal underlying efforts to define Web services policies.     

Refreshment policies for Web content caches

Web content caches are often placed between end users and origin servers as a mean to reduce server load, network usage, and ultimately, user-perceived latency. Cached objects typically have associated expiration times, after which they are considered stale and must be validated with a remote server (origin or another cache) before they can be sent to a client. A considerable fraction of cache “hits” involve stale copies that turned out to be current. These validations of current objects have small message size, but nonetheless, often induce latency comparable to full-fledged cache misses. Thus, the functionality of caches as a latency-reducing mechanism highly depends not only on content availability but also on its freshness. We propose policies for caches to proactively validate selected objects as they become stale, and thus allow for more client requests to be processed locally. Our policies operate within the existing protocols and exploit natural properties of request patterns such as frequency and recency. We evaluated and compared different policies using trace-based simulations.     

Automated verification of access control policies using a SAT solver

Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach. This work is supported by NSF grants CCF-0614002 and CCF-0716095.     

Web服务自动化测试技术

赋时Petri网为装配序列规划提供了有效的建模方法,但其在求解最优装配序列时受到组合复杂性的严重制约。零压缩二叉决策图(ZBDD)是处理大规模组合集合和0-1稀疏向量的一种有效符号技术,能够有效缓解组合爆炸问题。将赋时Petri网与ZBDD结合起来,给出了一种求解装配序列最优解的有效方法。首先通过转换算法将赋时Petri网转换为等价的普通Petri网,接下来给出普通Petri网可达状态及迁移引发函数的ZBDD表示方法,最后基于ZBDD给出最优装配序列求解算法。实例验证表明,该算法在求解过程中通过隐式符号操作实现了Petri网的可达状态搜索,有效缓解了计算过程中的组合复杂性。     

Web Services

Web Services gelten als die Technologie, mit der in Zukunft Softwarekomponenten innerhalb einer Organisation und zwischen Organisationen integriert werden.     

一个Web服务可信体系结构

Web服务的安全可信问题是影响其广泛应用的重要因素。已有的解决方案大多从安全角度出发,但对于服务面对攻击或安全威胁时仍能按照预期工作则缺乏考虑。从Web服务的安全可信需求出发,对安全的概念进行了拓展,提出了可信的目标和内涵。在此基础上,提出一个以安全交互、联合身份和分布策略为基础,以运维管理、共用机制为支撑的Web服务可信体系结构,其可为Web服务安全可信提供体系结构层面的支持。     

基于语义Web技术的属性访问控制模型*

基于语义Web技术和扩展访问控制标记语言(XACML),提出了一种具有语义的属性访问控制模型.该模型利用XACML,可实现基于属性的访问控制;而利用语义Web技术,可降低属性策略定义和维护的复杂性,同时也可保护用户的敏感属性.     

应用于Web服务合成的一种有效的Web服务发现策略

随着Web服务的流行，如何发现Web服务为研究者们提出了挑战．文中将描述Web服务的信息分为服务操作信息（OWSDL）、服务功能信息（一般属性）和服务约束信息（实例属性）．基于描述服务的三部分信息，分三步实现服务查找．第一步，基于领域本体商业规范OWSDL实现服务操作同构；第二步，基于服务概要描述的一般属性，满足服务的功能需求；第三步，应用服务匹配度模型，基于概要描述的实例属性，按需为消费者提供恰当的服务．最后，通过实例证明了该方法是一种有效的Web服务发现策略．