TCDV: Trusted Coordination in
Dynamic Virtual Organisations.
1
Molina-Jimenez ,
1
D.J.Palmer ,
1
S.K.Shrivastava
C.
1School of Computing Science, University of Newcastle, UK
{Carlos.Molina, Doug.Palmer, Santosh.Shrivastava} @ncl.ac.uk
Introduction
The project is conducting research necessary for developing tools and techniques to enable virtual organisations (VOs) to be formed and managed in a trustworthy
manner. In particular: (i) Trusted coordination mechanisms required for service discovery, composition, deployment, dynamic quality of service (QoS) control and
monitoring will be developed; (ii) Complementing the above mechanisms will be the development of techniques for specifying services and their behaviours, so that
contractual service level agreements (SLAs) between organisations forming a VO can be derived and contract/SLA monitoring and enforcing mechanisms can be
instrumented; (iii) Enhancing the Web services with high level services based on the mechanisms and techniques developed in (i) and (ii); and (iv) Demonstrating the
applicability of the overall framework by selecting some particularly demanding application scenarios on trusted information sharing.
Middleware for regulated interactions: From the viewpoint of each party
involved, the overarching requirements are (i) that their own actions meet
locally determined policies; and that these actions are acknowledged and
accepted by other parties; and (ii) that the actions of other parties comply with
agreed rules and are irrefutably attributable to those parties. These
requirements imply the collection, and verification, of non-repudiable evidence
of the actions of parties who interact with each other.
B
Contract monitoring and enforcement services: At a higher level (above this
middleware), one would like services for contract management. Electronic
contract management services should provide ways for representing contracts in
terms of rights and obligations so that they can be enforced and monitored. It is
clearly not possible to prevent organisations within a VO from misbehaving and
attempting to cheat on their agreed trust relationships. The best that can be
achieved is to ensure that all contractual interactions between such
organisations are funnelled through their respective contract management
services, and that all other non-contractual interactions are disallowed.
update
Contract
Manager
A
update
Contract
Manager
i
Organization A
Organization B
update
C
Example: Imagine that three organisations (A, B, and C, figure above) share
some information i. An update to i proposed by A gets installed, provided: (i) B
and C have evidence that the update originated at A; (ii) each party has
evidence that the other two parties approve the update.
We are implementing component middleware to support non-repudiable
interactions [1,2]: non-repudiable service invocation (NR-Invocation) and nonrepudiable information sharing (NR-Sharing).
Of course, there is no easy way of automatically transforming a contract written
in a natural language into an executable version, but several systematic, semiautomatic approaches have been proposed and are under investigation. We
have developed a systematic way of representing contracts as finite state
machines (FSMs) and described how rights and obligations can be monitored
and enforced, and integrated with role based access control (RBAC)
mechanisms [3]. This work needs to be progressed further as it is not yet clear
how such a framework can be deployed dynamically and made to respond to
changes.
Service composition and enactment: High-level tools are required for service creation and management, including a service description language with exception
handling facilities for consistency management. The fact that individual services may have clean “ACID” transactional semantics does not necessarily imply that
composite services (CSs) will have the same: it has long been realised that not all interactions can be structured as ACID transactions. In many cases, a CS will be
composed of a mixture of transactional and non-transactional services, and CS functions will be required to preserve user specific consistency properties in the
presence of a variety of exceptions. For this reason, a CS can be very complex in structure, containing many temporal and data-flow dependencies between its
constituent services. Not only do we need a high level language for service description capable of expressing these dependencies we also need a run time
environment where constituent services can be invoked respecting these dependencies. Service invocations should be possible despite the temporary unavailability
of these services, for instance due to processor or network failures, among others.
We believe that workflow management systems provide a suitable approach for CS specification (as a business process) and enactment. We are developing a
decentralised workflow management system using J2EE middleware for distributed enactment of composite services which can be used for coordinating Web and
Grid service executions. This system, DECS, is described in the accompanying poster.
References:
[1] N. Cook, S.K. Shrivastava, and S.M. Wheater, "Distributed Object Middleware to Support Dependable Information Sharing between Organisations", Proc.
IEEE/IFIP Int. Conf. on Dependable Syst. and Networks, Bethesda, USA, June 2002.
[2] N. Cook, P. Robinson and S.K. Shrivastava, “Component Middleware to Support Non-repudiable Service Interactions”, Proc. IEEE/IFIP Int. Conf. on Dependable
Syst. and Networks, Florence, Italy, June 2004.
[3] C. Molina-Jimenez, S.K. Shrivastava, E. Solaiman and J. Warne, “Contract Representation for Run-time Monitoring and Enforcement”, Proceedings of IEEE
Conference on Electronic Commerce, Newport Beach, CA, June 2003.