nordunet 2008 helsinki.april 2008 olaf owe, cristian prisacariu,, gerardo schneider, oslo university...
TRANSCRIPT
NorduNet 2008Helsinki .April 2008
Olaf Owe, Cristian Prisacariu,, Gerardo Schneider, Oslo UniversitySeif Haridi, Pablo Giambiagi, Swedish Institute of Computer ScienceJoseph C. Okika, and Anders P. Ravn, Aalborg University
www.ifi.uio.no/cosodis/
NorduNet3 Project 2006 - 2010
Contract-Oriented Software Developmentfor Internet Services
Why Contracts ?
Collaboration across organizational domains presumes trust, but…
When trust is insufficient, use contracts
SOA and contracts• The consumer either trusts the provider…• … or they sign a contract which:– Determines the rights and obligations of each signatory– Usually states how the contract is to be monitored– Specify functional but also extra-functional qualities of the
service: e.g. security, performance
How ?• Developers need language support to program
services that are:
– Distributed– Interoperable– Discoverable– Contract-aware
The Marketplace
Language/Approach
Aspect Web Services (WS-*)
Semantic Web (*-S)
Electronic Business (eb-*)
Interface WSDL OWL-S ebBSI
Functionality WS-BPEL, WSOL OWL-S (IOPE), WSMO
ebBPSS
Protocol WS-BPEL, WS-CDL WSMO, OWL-S ebBPSS
Security WS-Security OWL-S ebCPA(SecurityPolicy)
QoS WS-PolicyWS-TrustWSOLWSLA
OWL-SWSMOWSML
ebCPP(XMLDSIG)ebCPA
Key Issues for Contracts
• Definition• Feasibility checking• Compatibility checking• Conformance checking• Monitoring
C
C ≠Ø
C1 ≤ C2
P |= C
P || I(C)
COSoDIS Mission
• develop novel approaches to implement and reason about contracts in a service oriented architecture.
• design and give proof of usefulness of system modeling tools and programming language tools
• to empower SOA developers to deploy highly-dynamic, negotiable and monitorable Internet services.
Formal modeling of contracts
• develop a model of contracts in a SOA • A minimum requirement is to combine QoS specification and
behavioral models (essential to constrain protocol implementation and to enforce confidentiality).
• develop practical and efficient methods to enforce information flow properties of realistic code, including cryptographic protocol implementations.
1. Johs H. Hammer and Gerardo Schneider, On the definition and policies of confidentiality2. Cristian Prisacariu and Gerardo Schneider, A Formal Language for Electronic Contracts3. Pablo Giambiagi, Olaf Owe, Anders P. Ravn, and Gerardo Schneider, Language-Based Support for
Service Oriented Architectures: Future Directions
C
Deontic LogicThe logic of obligation (ought-to), permission, and prohibition • is based on propositional and modal logics.
• ought-to-do expressions consider names of actions:”The Internet Provider ought to send a password to the Client”
• ought-to-be expressions consider results of actions”The average bandwidth ought to be more than 20kb/s”
• Georg H. von Wright started to sustain a logic of actions
We consider Obligation, Permission and Prohibition over actions only
Programming language support for contracts
• extend Creol with “wrapper” primitives for correct-by-construction wrapped code.
• contracts for QoS and confidentiality will be modeled as first-class entities
• develop techniques for constructing monitors from contracts.
1. A. Torjusen, Olaf Owe, and Gerardo Schneider, Towards integration of XML in the Creol object-oriented language
2. Olaf Owe, Gerardo Schneider, and Martin Steffen, Components, Objects, and Contracts
P |= C
P || I(C)
Reasoning about contracts
• extraction of models to facilitate reasoning about contracts.
• timing constraints will be mapped to timed automata • using the Maude tools for model checking and
exhaustive search.
1. Emilia Cambronero, Joseph C. Okika, and Anders P. Ravn, Analyzing Web Service Contracts - An Aspect Oriented Approach
2. Gordon Pace, Cristian Prisacariu, and Gerardo Schneider, Model Checking Contracts -a case study
C ≠ØC1 ≤ C2
Web Service Analyses
WS-BPEL WS-CDL
(Timed) Automata
translation
TimedAutomata
translation
C ≠Ø
Compatibility
WS-BPEL WS-CDL
(Timed) Automata
TimedAutomata
?
C1 ≤ C2
Contract Patterns and Case Studies
• establishing representative examples, equipping them with suitable contracts.
• distill some useful contract patterns • provide corresponding verification patterns.
1. Zhenbang Chen, Zhiming Liu, Volker Stolz, Lu Yang, and Anders P. Ravn, A refinement driven component-based design
2. Sakyibea Darko-Ampem, Maria Katsoufi, and Pablo Giambiagi, Secure Negotiation in Virtual Organizations
Fitting it Together
Applications
Models WS-CDL
Implement-ations.
Creol, Java, etc
WS-BPEL
Platform
Policies(Contract templates)
Service-Level Agreement
Contracts (e.g. CL)
Verification certificatesRV -> monitors
∏|
∏|
∏|
Logics.
Expected Results - 2010
• A modal logic for defining high level contracts
• Model checking tools for checking WS*-style contracts
• Larger Case Study? CoCoME• Monitoring?
C
C ≠Ø
C1 ≤ C2
P |= C
P || I(C)
Conclusion
• SOA is here to stay• Independent development needs contracts• Contracts must be checkable• Checking tools are reaching maturity
• The challenge: Fit the pieces together
www.ifi.uio.no/cosodis/