Fortified Web Services Contracts for Trusted Components Avi Jencmen Amiram Yehudai

Fortified Web Services Contracts for Trusted Components2 13/12/2005 Contents Web Services – An Introduction Software Contracts Problem Description Web Services Contracts  A Simple Example  Basic Level Contracts  Behavioral Level Contracts  Synchronization Level Contracts  QoS Level Contracts Proof Of Concept Outline Related Work Future Work

Fortified Web Services Contracts for Trusted Components3 13/12/2005 Web Services Defined 1 a software system designed to support interoperable machine-to-machine interaction over a network Other systems interact with Web Service using SOAP messages Web Service interfaces are described using WSDL 1 from Web services Architecture; World Wide Web Consortium, February 2004

Fortified Web Services Contracts for Trusted Components4 13/12/2005 Web Services Architecture Sem Requester Agent Provider Agent + + Requestor EntityProvider Entity Requestor Human Provider Human 4. Parties Interact 2. Parties Agree on Semantics & WSD 3. Input Semantics & WSD WSD Sem WSD + 1. Parties Discover Each Other

Fortified Web Services Contracts for Trusted Components5 13/12/2005 Actors Provider Entity  A person or organization that provides an appropriate agent to implement a particular service Provider Agent  A software agent that is capable of and empowered to perform the actions associated with a service on behalf of its owner Requester Entity  A person or organization that wishes to make use of a provider entity’s Web Service  Uses a requester agent to exchange messages with the provider entity’s provider agent Requester Agent  A software agent that wishes to interact with a provider agent in order to request that a task be performed on behalf of its owner

Fortified Web Services Contracts for Trusted Components6 13/12/2005 Vocabulary WSD  Machine-processable specification of the Web Service interface  Defines: Message formats Datatypes Transport protocols Transport serialization formats  Written in WSDL SEM  Shared expectation about the behavior of the service  The "agreement" regarding the purpose and consequences of the interaction  No standard language

Fortified Web Services Contracts for Trusted Components7 13/12/2005 Process Phases Discover  The requester entity somehow obtains both the Web Service description (WSD) and the associated semantics (SEM) of the service Agree  The requester and provider entities agree on the semantics and Web service description of the desired interaction Interact  The requester agent and provider agent exchange SOAP messages on behalf of their owners

Fortified Web Services Contracts for Trusted Components8 13/12/2005 Web Services Standards SOAP 1.2  An XML envelope Headers + Body  An HTTP binding SOAP is “transport independent”  A convention for doing RPC  An XML serialization format for structured data

Fortified Web Services Contracts for Trusted Components9 13/12/2005 The SOAP Envelope <SOAP-ENV:Envelope xmlns=" Header: A collection of zero or more SOAP header blocks Extension mechanism Body: Contains the messages to be passed between the agents

Fortified Web Services Contracts for Trusted Components10 13/12/2005 Software Contracts Relationship between a class and its clients as a formal agreement Expresses each party's rights and obligations Contract information can describe four different levels of interaction:  Basic level – Basic or syntactic contracts are required simply to make a system work  Behavioral level – Behavioral contracts, improve the level of confidence in a sequential context  Synchronization level – Synchronization contracts, improves confidence in distributed or concurrency contexts  QoS level – quality-of-service contracts, quantifies quality of service and are usually negotiable

Fortified Web Services Contracts for Trusted Components11 13/12/2005 The Four Levels of Contracts

Fortified Web Services Contracts for Trusted Components12 13/12/2005 Problem Description Web Services are a standard means to support interoperable machine-to-machine interaction They do not solve the problem of trust between service requesters and providers Thesis Goal: To provide a formal contract description language between the requester entity and the provider entity

Fortified Web Services Contracts for Trusted Components13 13/12/2005 A Simple Example A company (travel agent) wants to offer the ability to book complete vacation packages: plane/train/bus tickets, hotels, car rental, excursions, etc Service providers (airlines, bus companies, hotel chains, etc) are providing Web services to query their offerings and perform reservations Credit card companies are providing services to guarantee payments made by consumers

Fortified Web Services Contracts for Trusted Components14 13/12/2005 Basic Level Contracts Specify the methods, in/out parameters of the service as messages the service can receive Basic level contracts are typically implemented as the Web Service’s underlying object interface Interface TravelAgent { void enterDestination(in City destinationCity, in DateTime destinationDate); void setDestinationCity(in City destinationCity); void setDestinationDate(in DateTime destinationDate); FlightList getFilghts(); void chooseFlight(in Flight choosenFlight); }

Fortified Web Services Contracts for Trusted Components15 13/12/2005 WSDL 1.1 Definitions element at the root, and a collection of definitions inside The definitions structure includes six major elements:  types – provides data type definitions used to describe the messages exchanged  message – represents an abstract definition of the data being transmitted. A message consists of logical parts, each of which is associated with a definition within some type system  portType – is a set of abstract operations. Each operation refers to an input message and output messages  binding – specifies concrete protocol and data format specifications for the operations and messages defined by a particular portType  port – specifies an address for a binding, thus defining a single communication endpoint  service – is used to aggregate a set of related ports

Fortified Web Services Contracts for Trusted Components16 13/12/2005 WSDL 1.1 Structure * * * ? ? * * * ? * ? * Binding extensibility elements are used to specify the concrete grammar for the input (3), output (4), and fault messages (5) Per-operation extensibility elements (2) as well as per-binding extensibility elements (1)

Fortified Web Services Contracts for Trusted Components17 13/12/2005 Travel Agent Example Messages to be used in the TravelAgent Web service TravelAgentService Binding to SOAP The service element definition

Fortified Web Services Contracts for Trusted Components18 13/12/2005 Basic Level Contracts Architecture Requester Agent Provider Agent 2. Interact according to WSD 1. Agree on WSD WSD SOAP

Fortified Web Services Contracts for Trusted Components19 13/12/2005 Behavioral Level Contracts Specify an operation’s behavior by using Boolean assertions, called pre- and postconditions, for each service offered, as well as for class invariants Interface TicketBooking { Confirmation reserveSeats(in Flight choosenFlight, in int numOfSeats) { Require CorrectNumber: numOfSeats > 0 and numOfSeats < reservationLimit(); Ensure SeatsReserved: availableSeats() = – numOfSeats; } int availableSeats(in Flight choosenFlight); int reservationLimit(); }

Fortified Web Services Contracts for Trusted Components20 13/12/2005 WS-Policy Framework WS-Policy  A general-purpose model and corresponding syntax to describe and communicate the policies of a Web service WS-PolicyAttachment  An addendum to WS-Policy indicating how to attach policy assertions to an XML document (specifically to an WSDL document)

Fortified Web Services Contracts for Trusted Components21 13/12/2005 WS-Policy Structure wsse:Kerberosv5TGT wsse:X509v3 An Example Using Assertions from the WS-SecurityPolicy Language

Fortified Web Services Contracts for Trusted Components22 13/12/2005 WS-BehavioralContractPolicy Syntax

Fortified Web Services Contracts for Trusted Components23 13/12/2005 WS-BehavioralContractPolicy Example Precondition: numOfSeats > 0

Fortified Web Services Contracts for Trusted Components24 13/12/2005 Travel Agent Example Attaching Behavioral Policy to the WSDL file

Fortified Web Services Contracts for Trusted Components25 13/12/2005 Behavioral Level Contracts Architecture Requester Agent Provider Agent 3. Interact according to WSD & Behavioral Contract 2. Agree on WSD & Behavioral Contract WSDBEH CON + Discovery Service 1.a. 1.c. 1.b.Supply WSD & Behavioral Contract Criteria Obtain WSD and Behavioral Contract Info Return WSD and Behavioral Contract Info WSDBEH CON + WSDBEH CON + WSDBEH CON + WSDBEH CON +

Fortified Web Services Contracts for Trusted Components26 13/12/2005 Synchronization Level Contracts Specify the service behavior in a concurrent environment by indicating the coordination protocols it supports Interface TicketBooking { Confirmation reserveSeats(in Flight choosenFlight, in int numOfSeats) Synchronization Atomic; int availableSeats(in Flight choosenFlight) Synchronization Atomic; int reservationLimit(); }

Fortified Web Services Contracts for Trusted Components27 13/12/2005 WS-Coordination Framework WS-Coordination  Describes an extensible framework for providing protocols that coordinate the actions of distributed applications WS-AtomicTransaction  Provides the definition of the atomic transaction coordination type WS-BusinessActivity  Provides the definition of a business activity coordination type

Fortified Web Services Contracts for Trusted Components28 13/12/2005 WS-Coordination Framework Architecture

Fortified Web Services Contracts for Trusted Components29 13/12/2005 WS-SynchronizationContractPolicy Syntax

Fortified Web Services Contracts for Trusted Components30 13/12/2005 WS-SynchronizationContractPolicy Example Operation supporting only AtomicTransaction Protocol:

Fortified Web Services Contracts for Trusted Components31 13/12/2005 Travel Agent Example Adding Synchronization Policy to the WSDL file

Fortified Web Services Contracts for Trusted Components32 13/12/2005 Synchronization Level Contracts Architecture Requester Agent Provider Agent 4. Interact according to Contract 2. Agree on WSD & Synchronization Contract WSDSYN CON + WSDSYN CON + Discovery Service Coordination Service 1. Discover Service 3. Share Coordination Context Cxt WSDSYN CON +

Fortified Web Services Contracts for Trusted Components33 13/12/2005 QoS Level Contracts Specifies the obligation of a service provider to perform a service according to agreed-upon guarantees for IT-level service parameters (such as availability, response time and throughput) Interface TicketBooking { Confirmation reserveSeats(in Flight choosenFlight, in int numOfSeats) SLAParameter TransactionRate; }

Fortified Web Services Contracts for Trusted Components34 13/12/2005 WSLA Framework A framework for specifying and monitoring Service Level Agreements for Web Services

Fortified Web Services Contracts for Trusted Components35 13/12/2005 WSLA Structure

Fortified Web Services Contracts for Trusted Components36 13/12/2005 WS-QoSContractPolicy Example Transaction

Fortified Web Services Contracts for Trusted Components37 13/12/2005 Travel Agent Example Adding QoS Policy to the WSDL file

Fortified Web Services Contracts for Trusted Components38 13/12/2005 QoS Level Contracts Architecture Requester Agent Provider Agent 4. Interact according to Contract 2. Agree on Semantics & QoS Contact WSDQOS CON + WSDQOS CON + Discovery Service Coordination Service 1. Discover Service 3. Share Coordination Context Measurement Service Condition Evaluation Service Management Service SLA Services 5. Measure, Manage and Evaluate the Contract SLA WSDQOS CON +

Fortified Web Services Contracts for Trusted Components39 13/12/2005 POC Outline Requester Agent Provider Agent 3.b. Interact according to Contract Directory Service 1.b. Supply Contract Criteria 1.a. Obtain Contract Info 1.c. Return Contract Info CON Measurement Service Condition Evaluation Service Management Service SLA Service 4. Measure, Manage and Evaluate the Contract Discovery Service Contract Service Behavioral Contract Service Synchronization Contract Service QoS Contract Service 3.a. Share Coordination Context WSD CON + WSD CON + 2. Agree on Contract CON Cxt Coordination Service

Fortified Web Services Contracts for Trusted Components40 13/12/2005 POC Outline

Fortified Web Services Contracts for Trusted Components41 13/12/2005 Related Work WSOL (work from Carleton University, Ontario, Canada)  Web Service Offerings Language  Formal specification of multiple classes of service for one Web Service  Focus on QoS (a.k.a., non-functional) constraints OWL-S (w3c Member Submission by SRI International)  Semantic Markup for Web Services  Ontology for Web Services WSDL-S (w3c Member Submission by IBM)  Web Service Semantics  A mechanism to associate semantic annotations with Web services that are described using Web Service Description Language

Fortified Web Services Contracts for Trusted Components42 13/12/2005 Future Work Enforcement mechanism UDDI Contract Attachment Ontology for Web Service Contracts