SOA Security 2010 : Symposium für Sicherheit in Service-orientierten Architekturen ; 28. / 29. Oktober 2010 am Hasso-Plattner-Institut

Meinel, Christoph, Thomas, Ivonne, Warschofsky, Robert, Menzel, Michael, Junker, Holger, Schwenk, Jörg, Roth, Volker, Peters, Jan, Raepple, Martin, Störtkuhl, Thomas, Quint, Bruno, Kleinhenz, Michael, Wagner, Daniel

January 2011

"Forschung meets Business" - diese Kombination hat in den vergangenen Jahren immer wieder zu zahlreichen interessanten und fruchtbaren Diskussionen geführt. Mit dem Symposium "Sicherheit in Service-orientierten Architekturen" führt das Hasso-Plattner-Institut diese Tradition fort und lud alle Interessenten zu einem zweitägigen Symposium nach Potsdam ein, um gemeinsam mit Fachvertretern aus der Forschung und Industrie über die aktuellen Entwicklungen im Bereich Sicherheit von SOA zu diskutieren. Die im Rahmen dieses Symposiums vorgestellten Beiträge fokussieren sich auf die Sicherheitsthemen "Sichere Digitale Identitäten und Identitätsmanagement", "Trust Management", "Modell-getriebene SOA-Sicherheit", "Datenschutz und Privatsphäre", "Sichere Enterprise SOA", und "Sichere IT-Infrastrukturen". / 'Research meets Business' is the successful concept of the SOA Security Symposia held at the Hasso-Plattner-Institute that has lead to interesting discussions in the community. The SOA Security Symposium 2010 continued this tradition and invited researchers and representatives from the industry to discuss concepts, issues, and solution in the field of SOA Security. The topics presented in the scope of this symposium focused on the security related topics 'Secure Digital Identities and Identity Management', 'Trust Management', 'Model-driven SOA Security', 'Privacy',' Secure Enterprise SOA', and 'Secure IT-Infrastructures'.

SOA Security

SOA Sicherheit

Sichere Digitale Identitäten

Identitätsmanagement

Modell-getriebene SOA-Sicherheit

Datenschutz

SOA Security

Secure Digital Identities

Identity Management

Trust Management

Model-driven SOA Security, Privacy

Secure Enterprise SOA

Data processing Computer science

Exposing and Aggregating Non-functional Properties in SOA from the Perspective of the Service Consumer

Becha, Hanane

18 October 2012

Non-functional properties (NFPs) represent an important facet of service descriptions, especially when a Service Oriented Architecture (SOA) approach is used. An effective SOA service development approach requires the identification, specification, implemen-tation, aggregation, management and monitoring of service-related NFPs. However, at this point in time, NFPs are either not handled at all or handled partially in proprietary ways. The goal of this thesis is to encourage their availability for use. In this thesis, the focus is on the NFPs relevant from the perspective of service consumers, in opposition to the perspective of service providers (or developers) and to multi-perspectives. In other words, the scope covers only the NFPs that need to be pub-lished to help service consumers determine whether a given service is an appropriate one for their needs (e.g., description of NFPs to be attached to the service along with the functionality description). This thesis provides the following contributions to the SOA knowledge base: definition of a domain-independent catalogue comprising 17 NFPs relevant to the descriptions of atomic services from the perspective of service consumers. These NFPs have been derived from a literature review and have been vali-dated via a two-step survey; formalization of NFP representation by defining data structures to enable quantifying and codifying them, together with a corresponding XML schema; definition, implementation and validation of algorithms to aggregate the NFPs of the composite service based on the NFPs of its underlying services, with a discussion of the NFP aggregation limitations; definition of a modeling approach for the NFP-aware selection of services, which involves aspect-oriented modeling with the User Requirements Nota-tion, in the context of SOA; integration of NFP descriptions into the Web Services Description Language (WSDL); and definition and use of the discriminator operator in service composition, to en-able the creation of fault-tolerant composite services. Overall, this work contributes to research by providing better insight on the nature, rele-vance, and composability of NFPs in a service engineering context. As for industrial im-pact, this work contributes a validated collection of NFPs with a concrete syntax and composition algorithms ready to be used for defining, selecting, and composing NFP-driven services and for evolving current SOA-related standards.

SOA

WS

NFP

QoS

WSDL

URN

AoURN

Modélisation et validation expérimentale de nouvelles structures SOA large bande et de techniques d'élargissement de la bande passante optique / Modeling and experimental validation of new broadband SOA structures and techniques for widening the SOA optical bandwidth

Motaweh, Tammam

11 December 2014

L’amplification optique large bande à base de SOA est devenue indispensable pour la montée en débit des systèmes de transmissions optiques et pour pouvoir exploiter au mieux la bande optique des fibres optiques. Ce travail présente une étude théorique et expérimentale d’un SOA large bande passante développé par Alcatel Thales III-V Lab dans le cadre des projets ANR AROME et UltraWIDE. Dans cette thèse, nous avons d’abord effectué une modélisation semi-phénoménologique du gain matériau et du coefficient de gain d’une structure à base de multi-puits quantiques avec un nombre réduit de paramètres. L’intégration de notre modèle dans un modèle de SOA déjà développé au laboratoire a montré son efficacité pour restituer quantitativement le comportement statiques (gain, facteur de bruit) des nouvelles structures SOA large bande sur une large plage de longueurs d’onde (> 110 nm), de courants d’alimentation et de puissances optiques. A l’aide de ce modèle, nous avons étudié l’influence de la structure du SOA sur la bande passante pour un gain cible en jouant sur la longueur, le nombre d’électrode et le courant d’alimentation du SOA. Nous avons mis en évidence qu’une structure bi-électrodes n’apportait pas d’amélioration de la bande passante optimisée par rapport au cas mono-électrode. En revanche, la structure bi-électrode permet d’optimiser la puissance de saturation et le facteur de bruit du SOA, sans sacrifier ni le gain maximal ni la bande passante optique. Nous avons aussi montré que, pour ce type de composants, une augmentation de la puissance optique injectée pouvait être compensée par une augmentation du courant d’alimentation pour maintenir une large bande passante optique. Nous avons également mis en place deux techniques d’élargissement de la bande passante optique de SOA à large bande. La première technique est fondée sur le filtrage en réflexion spectralement sélectif (ESOA). Le dispositif expérimental a permis d’amplifier simultanément 8 canaux CWDM dans une bande passante (définie à −1 dB) de 140 nm. La deuxième technique, basée sur un amplificateur hybride Raman-SOA, a fourni une bande passante optique (définie à −1 dB) de 89 nm avec un gain de 17 dB. Nous avons ainsi pu réaliser une transmission simultanée de 5 canaux CWDM allant jusqu’à 10 Gb/s sur 100 km. / SOA-based optical amplification became crucial for increasing optical system capacity and to benefit from the broad bandwidth of optical fibers. In this work we present both theoretical and experimental studies for a new broadband SOA developed by Alcatel Thales III-V lab in the framework of AROME and UltraWIDE ANR projects.We developed firstly a semi-phenomenological model for both the material gain and the gain coefficient of a multi-quantum well -based SOA structure with a reduced set of parameters. This material gain model has been integrated in an existing SOA model and proved its performance in reproducing steady state behavior of this new broadband SOA (gain and noise figure) for a wide range of wavelengths, input powers and bias currents. Thanks to this model, we studied the influence of the SOA geometrical structure on the optical bandwidth for a given target gain, by varying length, number of electrodes and bias current. We showed that two-electrode SOA structures do not provide any improvement of the bandwidth compared to the one-electrode case. However, the two-electrode structure allows the optimization of both the SOA saturation power and the noise figure, without sacrificing neither the maximum gain nor the optical bandwidth. We have also shown that for this kind of component, an increase in the injected optical power could be compensated by an increase in the supply current to maintain a wide optical bandwidth.We have also investigated two techniques to widen the optical bandwidth of our broadband SOA. The first one is based on a modification of the SOA structure by introducing a selective reflection filter (ESOA). Its experimental implementation allowed the amplification of an 8-CWDM-channel comb in a bandwidth (defined at -1 dB) of 140 nm. The second one, based on a hybrid Raman-SOA amplifier, provided an optical bandwidth (defined at -1 dB) of 89 nm with a gain of 17 dB. With this last technique, we were able to achieve a 5-CWDM-channel comb transmission up to 10 Gb/s over 100 km.

SOA large bande

Modélisation du gain matériau

SOA multi-puits quantique

Bande passante optique

Optimisation structurelle des SOA

Égalisation large bande

Amplificateur hybride Raman-SOA

Transmission CWDM

Semi-conductor optical amplifier (SOA)

Broadband SOA

Material gain modelling

Multiple quantum wells SOA

Optical bandwidth

Structural optimization of SOAs

Broadband equalization

Hybrid Raman-SOA amplifier

CWDM transmission

621.381 045

BUILDING RELIABLE AND ROBUST SERVICE-BASED SYSTEMS FOR AUTOMATED BUSINESS PROCESSES

Jang, Julian

January 2007

Doctor of Philosophy(PhD) / An exciting trend in enterprise computing lies in the integration of applications across an organisation and even between organisations. This allows the provision of services by automated business processes that coordinate business activity among several collaborating organisations. The best successes in this type of integrated distributed system come through use of Web Services and Service-based Architecture, which allow interoperation between applications through open standards based on XML and SOAP. But still, there are unresolved issues when developers seek to build a reliable and robust system. An important goal for the designers of a loosely coupled distributed system is to maintain consistency for each long running business process in the presence of failures and concurrent activities. Our approach to assist the developers in this domain is to guide the developers with the key principles they must consider, and to provide programming models and protocols, which make it easier to detect and avoid consistency faults in service-based system. We start by defining a realistic e-procurement scenario to illustrate the common problems faced by the developers which prevent them from building a reliable and robust system. These problems make it hard to maintain the consistency of the data and state during the execution of a business process in the occurrence of failures and interference from concurrent activities. Through the analysis of the common problems, we identify key principles the developers must consider to avoid producing the common problems. Then based on the key principles, we provide a framework called GAT in the orchestration infrastructure. GAT allows developers to express all the necessary processing to handle deviations including those due to failures and concurrent activities. We discuss the GAT framework in detail with its structure and key features. Using an example taken from part of the e-procurement case study, we illustrate how developers can use the framework to design their business requirements. We also discuss how key features of the new framework help the developers to avoid producing consistency faults. We illustrate how systems based on our framework can be built using today’s proven technology. Finally, we provide a unified isolation mechanism called Promises that is not only applicable to our GAT framework, but also to any applications that run in the service-based world. We discuss the concept, how it works, and how it defines a protocol. We also provide a list of potential implementation techniques. Using some of the implementation techniques we mention, we provide a proof-of-concept prototype system.

Business Processes

SOA

Web Services

Transaction

Secure Mobile Service-Oriented Architecture

Zhang, Feng

January 2012

Mobile transactions have been in development for around ten years. More and more initiatives and efforts are invested in this area resulting in dramatic and rapid development and deployment of mobile technologies and applications. However, there are still many issues that hinder wider deployment and acceptance of mobile systems, especially those handling serious and sensitive mobile transactions. One of the most important of them is security.This dissertation is focused on security architecture for mobile environments. Research issues addressed in this dissertation are based on three currently important groups of problems: a) lack of an open, comprehensive, adaptable and secure infrastructure for mobile services and applications; b) lack of standardized solutions for secure mobile transactions, compliant with various regulatory and user requirements and applicable to different types of popular mobile devices and hardware/software mobile platforms; and c) resource limitations of mobile devices and mobile networks.The main contribution of this dissertation is large-scale, secure service-oriented architecture for mobile environments. The architecture structures secure mobile transaction systems into seven layers, called trusted stack, which is equivalent to ISO/OSI layered networking model. These layers are, starting from the bottom: 1) secure element (chip) layer, 2) applets layer, 3) middleware layer, 4) mobile applications layer, 5) communication layer, 6) services broker layer, and 7) mobile service provider layer. These seven layers include all necessary components required for implementation and operations of secure mobile transaction systems and therefore provide a framework for designing and implementing such systems.Besides the architecture, four types of security services necessary and critical for serious mobile transactions, have also been designed and described in the dissertation. These services are: (1) mobile registration and identity management; (2) mobile PKI; (3) mobile authentication and authorization; and (4) secure messaging. These services are lightweight, therefore suitable for mobile environments, technologies and applications, and also compliant with existing Internet security standards.Finally, as the proof of correctness of the proposed concept and methodology, a prototype system was also developed based on the designed security architecture. The system provides comprehensive security services mentioned above to several types of mobile services providers: mobile banking, mobile commerce, mobile ticketing, and mobile parking. These types of providers have been selected only as currently the most popular and representative, since the architecture is applicable to any other type of mobile service providers.

Secure

Mobile

Service-Oriented Architecture (SOA)

Exposing and Aggregating Non-functional Properties in SOA from the Perspective of the Service Consumer

Becha, Hanane

18 October 2012

Non-functional properties (NFPs) represent an important facet of service descriptions, especially when a Service Oriented Architecture (SOA) approach is used. An effective SOA service development approach requires the identification, specification, implemen-tation, aggregation, management and monitoring of service-related NFPs. However, at this point in time, NFPs are either not handled at all or handled partially in proprietary ways. The goal of this thesis is to encourage their availability for use. In this thesis, the focus is on the NFPs relevant from the perspective of service consumers, in opposition to the perspective of service providers (or developers) and to multi-perspectives. In other words, the scope covers only the NFPs that need to be pub-lished to help service consumers determine whether a given service is an appropriate one for their needs (e.g., description of NFPs to be attached to the service along with the functionality description). This thesis provides the following contributions to the SOA knowledge base: definition of a domain-independent catalogue comprising 17 NFPs relevant to the descriptions of atomic services from the perspective of service consumers. These NFPs have been derived from a literature review and have been vali-dated via a two-step survey; formalization of NFP representation by defining data structures to enable quantifying and codifying them, together with a corresponding XML schema; definition, implementation and validation of algorithms to aggregate the NFPs of the composite service based on the NFPs of its underlying services, with a discussion of the NFP aggregation limitations; definition of a modeling approach for the NFP-aware selection of services, which involves aspect-oriented modeling with the User Requirements Nota-tion, in the context of SOA; integration of NFP descriptions into the Web Services Description Language (WSDL); and definition and use of the discriminator operator in service composition, to en-able the creation of fault-tolerant composite services. Overall, this work contributes to research by providing better insight on the nature, rele-vance, and composability of NFPs in a service engineering context. As for industrial im-pact, this work contributes a validated collection of NFPs with a concrete syntax and composition algorithms ready to be used for defining, selecting, and composing NFP-driven services and for evolving current SOA-related standards.

SOA

WS

NFP

QoS

WSDL

URN

AoURN

The Runtime Behavior of Composite SOAP Web Services under Transient Loads

Meng, Yuxuan

23 September 2008

Services are computational elements that expose functionality in a platform independent manner. They are the basic building blocks of the service-oriented (SO) design/integration paradigm. Composite Web Services (CWS) aggregate multiple Web Services (WSs), which is typically achieved by use of a workflow language. A workflow coordinates services in a manner that is consistent with the desired overall functionality (e.g. business process).<p> When the atomic and composite services are exposed to various users, the performance and runtime behavior of WSs becomes important. To ensure wide deployment of CWS, the performance issues must be studied. This research focuses on the performance of atomic and composite SOAP (Simple Object Access Protocol) WSs under transient overloads. This research includes conducting experiments with WSs, studying the runtime behavior, and building simulation models of WSs workflow patterns. Simulation models of different WSs workflow patterns are built to study different situations. Timeout and network latency are added to the model to better simulate real systems. The simulation models are used to predict the runtime behavior of WSs and CWS, as well as to improve the performance with existing, limited resources.

Workflow

SOA

Web Service

Performance

Transient overload

The Runtime Behavior of Composite SOAP Web Services under Transient Loads

Meng, Yuxuan

23 September 2008

Services are computational elements that expose functionality in a platform independent manner. They are the basic building blocks of the service-oriented (SO) design/integration paradigm. Composite Web Services (CWS) aggregate multiple Web Services (WSs), which is typically achieved by use of a workflow language. A workflow coordinates services in a manner that is consistent with the desired overall functionality (e.g. business process).<p> When the atomic and composite services are exposed to various users, the performance and runtime behavior of WSs becomes important. To ensure wide deployment of CWS, the performance issues must be studied. This research focuses on the performance of atomic and composite SOAP (Simple Object Access Protocol) WSs under transient overloads. This research includes conducting experiments with WSs, studying the runtime behavior, and building simulation models of WSs workflow patterns. Simulation models of different WSs workflow patterns are built to study different situations. Timeout and network latency are added to the model to better simulate real systems. The simulation models are used to predict the runtime behavior of WSs and CWS, as well as to improve the performance with existing, limited resources.

Workflow

SOA

Web Service

Performance

Transient overload

En SOA utvärderingsmall med fokus på integration, arkitektur och tjänster : Ett praktikfall på Logica

Krkic, Arman, Dalan, Johan

January 2008

Today, there are no standardized ways to characterize SOA, many are talking about SOA and many say they are using SOA. One way that we have chosen to characterize this phenomenon is through an evaluation that will indicate whether SOA have been used in the development. Basedon a Service Oriented Architecture literature study, we have created an evaluation pattern resulting SOA principles of integration, architecture and services. This evaluation was applied to Logica's own integration system AgrCom through an empirical study to result in a response indicating whether AgrCom is SOA based. The results of the evaluation show that AgrCom is part of an SOA solution but not an SOA as a whole concept. The study shows that it takes morethan just systems in an activity to be referred to as the SOA-based, hence the architecture of anactivity must be taken into account.

SOA

Service Oriented Architecture

Integration

Services

AgrCom

應用SOA於企業資訊整合之研究-以S公司為例 / Research into application of SOA in Enterprise Information Integration - On Example of a mobile phone company S

詹豫峰, Chan, Yu Feng

Unknown Date

多年來企業IT隨著營運需要, 百家齊放, 多方應用應運而生, ERP, BPM, SCM, CRM…..多的無法數計的各樣大型中型小型企業營運及管解析決方案。企業要如何面對競爭激烈的市場？又能保持內部流程的彈性去因應變化？如何在最短的時間內取得營運資訊? 又如何將資料彙整成資訊進而轉變成為具體可行的決策? 基於以上述企業迫切的需求，如何運用資訊科技來達到企業的目標以及就更加重要了! 但是, 隨著資訊的發展, 企業往往因應當時需要導入許多的解決方案, 時日一久, 疊床架屋, 各類應用及系統間, 產生越來越複雜的關係, 整合的需求也隨之而來 而EAI 應用整合平台乃至利用Web Service 加上SOA的新架構，及時提供了企業對應用系統的整合，維持流程的彈性應用，更進一步協助企業降低各種應用整合的風險、節省資訊軟體的開發與維護成本、強化對外客戶及供應商的合作關係，從而產生對企業的效益。 本研究使用個案探討的方式，選定幾個個案主體內部因應企業發展所遭遇的問題及於資訊平台上的挑戰做分析及可行性方案做建議，針對手機流通業在內部系統上整合的議題作探討，並說明企業資訊整合及SOA導入所可能帶來的效益, 同時也探討SOA的迷思與陷阱。 對於手機流通產業而言，企業資源規劃ERP, 流程控制平台、客戶關係管理系統、結帳系統、獎金系統、後勤應用平台系統…等是企業營運的核心也就是整合的開端與標的，亦是整合重點之所在。經由類似於EAI平台導入或建立SOA架構，提供營運應用系統之間資訊的同步與高度整合，更提供決策人員快速反應的營運資訊。 本研究探討手機流通業者在系統建置過程中，如何運用企業整合平台之特性及新興的SOA架構, 利用有效的Framework以整合各異質性平台應用系統以達到資訊與資料的整合及有效率的資料交換，並藉由資訊的及時傳遞提供各不同應用系統使用者一致及同步的資訊，並因而提高資訊的可用度及對客戶的快速服務，並增加企業的競爭力。 / With numerous emerging information technologies and solutions (e.g. ERP, BPM, SCM, CRM…etc), decision makers strive to choose the ones which fit their organizations the most. In order to keep competitive in the market, enterprises need these technologies to stay responsive to operating information and flexible to changes. However, this is not an easy question to answer. Most of the IT officiers today are facing complex IT landscapes with many disconnected and legacy systems. Many Enterprise Application Integration (EAI) platforms suggest solutions to this problem but fail to fulfill their promises because of costly TCO and inadequate compatibility. Services Oriented Architecture (SOA) offers a practical and affordable solution to the above question. This essay proposes an SOA implementation plan to a mobile phone distribution company with some case studies. Through this implementation plan, we try to analyze the possible ROI and foreseeable risk. In our case, the legacy and disconnected systems include ERP system, OA system, CRM system, account closing system, bonus calculation system and logistic support system. We also discuss how SOA framework can facilitate the implementation process.

服務導向架構

SOA