by Christophe Ponsard, Gautier Dallons, Stéphane Mouton and Philippe Massonet
Many companies are currently moving or considering the move to a service-oriented architecture (SOA) model. This model holds the promise of flexibility and cost reduction by enabling business-level integration across organization boundaries. While this supports large companies by allowing them to better structure both internally and externally, it is also of benefit to small and medium enterprises (SMEs), as their highly value-added expertise can be made available more easily and with fewer overheads. However, achieving this vision still requires a number of challenges to be solved: management of quality of service, accounting, security and trust, interoperability and so on. CETIC, a Belgian research and technology transfer centre, is taking an active part in this work though a number of projects at both European and regional levels. Here we describe how the above challenges are presently being addressed, both at research level and within real-world deployments occurring in connection with that research.
Managed Quality of Service
Achieving commercial quality means being able to provide guarantees about quality of service. This is not an easy task given that service delivery can require the dynamic composition of a number of elementary services in an open environment. Each step in such a chain is a potential point of degradation or failure. With success comes a strong federation of companies, each providing an improved return to all of them. Such a federation has been achieved in the Belgian Walloon Marshall plan, through the Walloon World Wide Space Application (3WSA) project. The coordinator of this project is Spacebel, an SME active in the space domain. The developed platform is derived from the ESA Service Support Environment (http"//http://services.eoportal.org/) and aims at chaining commercial services from various providers and processors of space data, each of which is supported by specific SMEs. In line with this effort, the following research issues are being transferred:
Quality assurance, possibly through a defined certification process, for checking the adherence of a service implementation to its specification. This means service evaluation prior to deployment (for functional aspects) and at run-time (for non-functional aspects).
High-availability assurance through a number of failure-provisioning mech-anisms at platform level. In resource-intensive platforms such as Grid computing, this can be achieved through techniques such as redundant executions, failure anticipation and check-pointing. Such work is currently being finalized by the HPC4U project, led by the University of Paderborn.
Contract with failure clause and risk assessment, where a service contract between provider and customers specifies agreed service levels. Failure and associated penalties can also be part of this. Reliability figures can be gathered and published by independent third parties (brokers) who typically also carry out negotiations. A practical risk assessment approach can then be applied to reach the optimal price/penalties. Such an approach, based on WS-Agreement protocol extensions, is currently being developed by the AssessGrid consortium, led by the University of Berlin (TUB).
New delivery models consider software as a service (SaaS), and move away from a licensing model. On top of this, billing may require more elaborate models if the final result has been produced by the chaining of a number of services, each of which brings some value for the customer in its business domain. This added value can be used by the accounting model in addition to technical costs such as CPU, RAM or disk usage. Platform infrastructure must therefore provide a means of tracking contributions in service chains, aggregating customer usage, applying pricing schemes (eg per usage, per time frame), and allowing data injection into accounting applications to finally bill customers. Such mechanisms are currently being investigated within the 3WSA platform mentioned earlier, with each data/processing service being accounted for based on the defined area of interest as shown in the figure.
Security and Trust
Service orientation also means relying to some extent on externalized infrastructure, but security and trust issues such as data confidentiality, service availability and trusted infrastructure represent major barriers. To cope with these, new concepts such as Virtual Organization and service federation are being developed. These rely on the design, deployment and management of an adequate set of policies through which it is possible to enforce authentication, access control and confidentiality in a heterogeneous, dynamic and open environment. This does not mean enforcing strong security rules everywhere, but only where they are needed (ie based on actual trust relations). Such work is currently being investigated in the GridTrust FP6 project. It is also being applied in some of the eighteen Grid business experiments of the BEinGRID FP6 integrated project and in the previously described 3WSA project.
SOA is now past the early adopter phase. The mainstreaming process requires the above challenges to be addressed but also the emergence of a unifying framework. The NESSI European platform, which has gathered key industrial players and a strong research community, has the ambition to deliver this. NESSI is structured around problem- and domain-oriented workgroups, a number of which CETIC is involved in as they relate to the above challenges. The European Commission is also strongly supporting this in the 7th ICT framework programme. The massive submission to objective 1.2 shows how important SOA is considered to be for achieving strong ICT support for the European economy of the 21st century. This is particularly the case for the federation of SMEs - the major workforce in Europe - around high-value services.
CETIC Research Centre, Belgium
Tel: +32 71 91 98 26