semantic web services (standards, monitoring, testing and security)
DESCRIPTION
TRANSCRIPT
Semantic Web Services (Standards, Monitoring, Testing and
Security)Department of Engineering-Information
TechnologyPresented by : Reza Ghanbari
2010
Outline• Introduction of Web Service• Semantic Web Services
– Introduction– Life Cycle
• Foundation Standards of Web Service– HTTP– WSDL– SOAP– UDDI
• Foundation Standards of Semantic Web Service• OWL-S• OWL-S Virtual Machine• Monitoring of Semantic Web Service• Security of Semantic Web Service
– Message Level Protection– Message Privacy– Parameter Checking– Authentication– Authorization
• Conclusion of Semantic Web Services• References
Web Service
• A program programmatically accessible over standard
internet protocols
• Loosely coupled, reusable components
• Encapsulate discrete functionality
• Distributed
• Add new level of functionality on top of the current web
Web Services Framework
Problems of Web Services
• Descriptions are syntactic
• It says nothing (in machine - interpretable form) about what
the software system does, or what sequence of messages is
used to interact with it.
• All tasks associated with web services application
development have to be carried out by humans like discovery,
composition and invocation
• Problems of scalability
Vision of Semantic Web Services
Web[URI, HTML, HTTP]
Sta
tic
Dyn
am
ic
Syntax Semantic
Web Services[UDDI , WSDL, SOAP]
Semantic Web[RDF, OWL]
Semantic WebServices
Semantic Web Services
• Semantic Web Technology– Machine readable data
– Ontological basis
• Applied to– Web Services Technology• Reusable computational resources
• To automate all aspects of application development through reuse
Semantic Web Services Concepts
• Service– Service Provider & Requester
– Concrete Service • A specific performance of actions at a given time by one
party for another
– Service Description• A computational machine-readable representation of the
service, in terms of the value which it provides
• Abstract Service Description
• Concrete Service Description
S.W.S. Concepts[1]
• Agents
– Software components which represent the parties as
agents for the online presence as well as the
automated representation
• Service Provider Agent
• Service Requester Agent
– Act as representatives online on behalf of some party
S.W.S. Concepts[2]
• Communication– An online service interaction between the Service Provider Agent and
the Requester Agent to exchange of messages according to a certain protocol known by both the parties
• Choreography– A communication protocol among multiple parties during the
automated online services– Determines the constraints on the ordering of messages sent
• Grounding– One or more communication endpoints to send and receive the
messages according to some transport protocol
• Orchestration– A specification of an agent to provide type as well as sending time of a
message
S.W.S. Concepts[3]• Mediation
– Data Mediation• Consists of transforming from one syntactic format to another which may expect different
syntactic formats of the messages provided by different Service Provider Agents
– Ontology Mediation• Is used to make different choices based on the vocabulary when two parties describe
services• Reasoning
– One party is to reason with a description produced by the other party– Some additional reasoning will be necessary to translate between the two approaches
– Protocol Mediation• Reconciles the two different design of the interaction choreographies• Translating a message sequence into a different message sequence to accomplish the same
end
– Process Mediation• Reconciles the differences in the internal processes at the side of each party• The hardest form of mediation ( may impossible without engaging in process re-
engineering)
S.W.S. Concepts[4]
If the messages and choreographies are annotated semantically, then the mediation is possible automatically
S.W.S. Concepts[5]
• Life Cycle
S.W.S. Concepts[6]
• Service Modeling Phase
– Outset of the discovery phase
– Service Requester prepares a description of the
service what is interested in receiving
– Service Providers create abstract service descriptions
representing the service in which can be provided
S.W.S. Concepts[7]
• Service Discovery Phase– Matching• Compatibility of the requirement description and
the offer description
– Centralized Service Discovery• SMEP (Simple Message Exchange Protocol)
– During discovery, a requester may identify several providers which are potentially able to meet their needs
S.W.S. Concepts[8]
• Service Definition Phase– The conversation among the Service Requester
and one or more contacted as well as identified Service Providers
– Random Selection
– Analysis Selection
– Service Requester and Provider have agreed a service to be delivered, when the phase is successfully completed between two parties
S.W.S. Concepts[9]
• Service Delivery Phase– It can take place ;• Immediately • while after service definition has been completed• entirely off-line• involve communication between the two parties– It is again organized by an interaction choreography
by;» Service Delivery» Monitoring» Cancellation
Foundation Standards of Web Service
• Hypertext Transfer Protocol (HTTP)
– Communication Protocol to achieve interoperability via the web based on a set of standards built directly upon it regardless of their choice of platform or programming language
– Benefits:
• HTTP is everywhere
• Firewalls normally allow HTTP traffic
Foundation Standards of Web Service
• Web Service Description Language (WSDL)– Is an XML-based language since ;• It is a pure text format• It is platform independent, • It can be easily parsed by any programming language• It is fairly easy to read
– Describes the service including the service name, functions, input and output parameters
Foundation Standards of Web Service
• Simple Object Access Protocol (SOAP)– Its significant lies in its relationship with HTTP
– Platform and language independent based on XML
– Communication between applications via Internet
– format of the sending messages
– W3C recommendation
– Simple and extensible
– Allows to get around firewalls
SOAP
SOAP Request
SOAP Envelope
SOAP Response
SOAP Envelope
Foundation Standards of Web Service
• Universal Description, Discovery and Integration (UDDI)
– UDDI is an XML-based standard for describing, publishing, and finding Web services.
– It is a specification for a distributed registry of Web services
– platform independent, open framework
– It can communicate via SOAP, CORBA, Java RMI Protocol
– It uses WSDL to describe interfaces to web services
– Open industry initiative
– Parts:• A registry of all a web service's metadata
• A set of WSDL port type definitions
Why add semantics to Web Services?
• Better Reuse– Semantic descriptions of services to help find relevant
services• Better Interoperability– Beyond syntax to semantics, mapping of data exchanged
between the services• Configuration/Composition– Enable dynamic binding of partners
• Some degree of automation across process lifecycle– Process Configuration– Process Execution
Foundation Standards of Semantic Web Services
• Semantic Annotation for WSDL and XML Schema (SAWSDL)– Standard finished in 2007
– Annotating WSDL with semantic information
– Built on existing Web Services standards using only extensibility elements
– Mechanism independent of the semantic representation language
– Provides means for mapping data between different Web Services
WSDL Description
Service
End
Poin
t
Brings
Faul
t
Faul
t Ref
.
Msg
Ref
.
Operation
Interface
Faul
t
Faul
t Ref
.
Msg
Ref
.
Operation
Types
Type
Defi
nitio
n
Elem
ent D
ecla
ratio
n
Ope
ratio
n St
yle MEP
Msg
. Lab
el
Schema MappingModel References
Foundation Standards of Semantic Web Services
• SAWSDL– Extensibility attributes• modelReference
– Association between a WSDL component and a concept in some semantic model
– Annotations» WSDL components» WSDL Type Definitions
• liftingSchemaMapping– Mappings between WSDL Type Definitions and semantic data
• loweringSchemaMapping– Mappings between semantic data and WSDL Type Definitions
Foundation Standards of Semantic Web Services
• SAWSDL
– Annotation of the operation element
• Carries a reference to a concept in a semantic model
that provides a high level description of the operation
– Annotation of the interface element
• Provides a reference to a concept or concepts in a
semantic model
Foundation Standards of Semantic Web Services
• SAWSDL– Tools
• SAWSDL4J– Java API for manipulating and creating annotated SAWSDL
documents
• WSMO Studio– Semantic Web Service and Semantic Business Process modeling
environment
– Set of Eclipse plugins
• Radiant– WSDL-S/SAWSDL Annotation Tool
– Eclipse plug-in
OWL-S
• Ontology Web Language for Services• Represents an upper ontology for the description of
Semantic Web Services expressed in OWL• It is a Semantic Web Services description language,
expressed in OWL which describes the properties and capabilities of Web services
• Covers areas as; – Web services capability-based search and discovery,
– Specification of service requester and provider interactions
– Service execution
OWL-S Virtual Machine
• The OWL-S Virtual Machine (OVM) – A generic OWL-S processor – A generic execution engine– Executes the Process Model of a given service– During the execution, • processes inputs of Service Requester and outputs
returned by the Service Providers,• realizes the control and data flow of the composite
Process Model, • uses the Grounding to invoke WSDL based web services
when needed.
Monitoring[1]
• During the process model execution– What exactly should be monitored?
• Clear semantics of the process model
– Which model should be chosen? • Analyzing the process model and the grounding (It is possible to identify
important events that might be monitored)
– Event Types• Process Call• Inputs Assignment• Outputs Processing• Preconditions evaluation• (Conditional) result evaluation• Control construct execution• Grounding events• Failures and erroneous events
Monitoring[2]
• Event types are derived only from the logic of the process model and therefore can be used in any application
• Event types are neutral to the purpose for which they can be used
• Process Call– Start events are associated with input values and end events
additionally with produced output values and effects. – A simple and a composite process represent decomposition
of a process into subprocesses while an atomic process represents an execution of an existing web service operation
Monitoring[3]
• Inputs assignment– Input values of processes can be provided either
by the user (client) of the process model or by the data binding that is used
• Outputs Processing– Outputs of atomic processes are obtained as a
result of the service execution which is covered by the process call event type For simple and composite processes a new event type is needed to represent that the output value of the process is obtained from some output data binding
Monitoring[4]
• Preconditions evaluation– Represents process of the preconditions
evaluation with variables values assigned and with the true or false status
• (Conditional) result evaluation– Represents an evaluation of a result comprising
the grounded inCondition, produced effects and output bindings. A special event type represents a situation when no result can be applied which can be failed for all conditional results.
Monitoring[5]
• Control construct execution
– For each control construct one event type represents
its start and one its end
– For control constructs whose execution depends on an
expression evaluation (if-then-else, repeat-while,
repeat-until) the information representing this
expression evaluation and the branch chosen is
included in the starting event type
Monitoring[6]
• WSDL grounding events– Defines mappings of atomic processes to WSDL
operations and of inputs and outputs to WSDL messages and message parts
• Failures and erroneous events– For different categories of errors specific event
types are defined
Web Services Security Background
• Standards are proposed or accepted regarding authentication, encryption, and identity management
• RSA ,Hash Functions and Digital Signature Algorithms• Fundamental areas
– Message level protection– Message privacy– Parameter checking– Authentication– Authorization
• XML signatures• SAML – Security Assertion Markup Language
Web Services Security
• RSA– Used for any public/private key pair– Properties:• E(P, E(M,P)) M• E(P, E(M,P)) M
Where M is Sent Message and P is the Public Key
• Hash/Digest Functions– message dependent
• Digital Signature– Used for Authentication , Data Integrity and Non-
Repudiation
Message Level Protection
• Message Integrity
• A provider gets the hashed message which is
created by SHA-1 Algorithm , Then creates the
digest again and compares with the one from
the sender to verify the integrity of the
messages
Message Privacy
• Confidential Message• Message header has token and signature• Typically WS are chained together to form a
complex service• end-to-end encryption schemes unlike SSL• Solution: XML encryption
Parameter Checking
• Message validity
• To ensure the contents of a message are
appropriate to the service and well formed
• To prevent the SQL injection attack , look for
“ ; “ syntax
Authentication
• Verifying that the requester is who he/she
claims to be
• E.g. user name / password
• Send credential by issuing certificates to the
trusted authorities
Authorization
• Takes place after authentication and grantees the rights
of accessing
• Access Control Implementations
– Access matrix
– Access Control List (ACL)
– Role Based Access Control (RBAC)
Authorization (Access Control Implementations)
• Access matrix– Subject: An entity capable of accessing objects. The concept of
subject equates that of a process– Object: Anything to which access is controlled. E.g. files,
programs, segments of memory– Access right: The way in which an object is accesses by the
subject. Examples: read, write, and execute• Access Control List (ACL)
– Access matrix can be decomposed by columns, yielding access control lists
– For each object, it lists the users and their permitted access rights
– It may also have a default or public entry to covers subjects that are not explicitly listed
– Elements of the list may include individual as well group of users
Authorization (Access Control Implementations)
• Role Based Access Control (RBAC)(i) Reference model
• Objects, Operations, Permissions, Roles and Users (in-band artifacts)
(ii) System and Administrative model• System functionality, Administrative operations and reviews
• Permission to access a resource• Defines Roles and assigning permissions to RolesNOTE: OWL-S should map Users, Roles, Groups etc. to
the ontology
Conclusion of Semantic Web Services
• It is becoming an important and integral part of the Web (including intranets)
• It aims to provide an expressive, comprehensive framework for
– handling activities on the Web
– Enabling the use of agents on the Web
• Many tools and applications exist today; mostly prototype
• It is an active research area
• Strong interest and many paths to adoption also exist like the standards path
References• Introduction to the Semantic Web and Semantic Web Services, by Liyang Yu• Semantic Web Services Concepts, Technologies, and Applications by Rudi Studer, Stephan Grimm, Andreas
Abecker (Eds.)• J. Kopecky, C. Bournez, and E. Prud’hommeaux, “Semantic annotations forwsdl working group,” 2007
http://www.w3.org/2002/ws/sawsdl/• R. Akkiraju and B. Sapkota, “Semantic annotations for wsdl and xml schema usage guide,” 2007
http://www.w3.org/TR/sawsdl-guide/• K. Verma and A. Sheth, “Using sawsdl for semantic service interoperability,”2007.
http://lists.w3.org/Archives/Public/www-archive/2007May/att0081/SAWSDLSTC07-May21.pdf• “Sawsdl4j,” http://www.schneier.com/essay-037.pdf• “Wsmo studio,” http://www.wsmostudio.org• “Radiant,” http://lsdis.cs.uga.edu/• Adding Semantics to Web Services Standards, by Kaarthik Sivashanmugam, Kunal Verma, Amit Sheth, John Miller • SAWSDL: Semantic Annotations for WSDL and XML Schema, by Jacek Kopecky, Tomas Vitvar, Carine Bournez and
Joel Farrell• Semantic Web Services Monitoring: An OWL-S based Approach, by Roman Vaculín, Katia Sycara• Specifying and Monitoring Composite Events for SemanticWeb Services, by Roman Vaculín, Katia Sycara• Web Service Security Management Using Semantic Web Techniques, by Diego Zuquim Guimarães Garcia , Maria
Beatriz Felgar de Toledo• Authorization and Privacy for Semantic Web Services, by Lalana Kagal and Tim Finin, Naveen Srinivasan, and Katia
Sycara, SRI International