OASIS: Advancing open standards for the global

Document Sample
OASIS: Advancing open standards for the global Powered By Docstoc
					 1


 2   Quality Model for Web Services

 3   September 2005

 4   Document identifier:
 5        WSQM -2.0

 6
 7   Location:
 8

 9
10   Editor:
11             Eunju Kim (NCA), Youngkon Lee (KOREA Polytechnic University)

12
13   Abstract:
14          The purpose of this document is to provide a model for Web services quality
15          management and quality factors in the process of developing and using Web services.
16          We define the consistent and systematic conceptual model of Web services quality,
17          which may be used by intimate associates, i.e. stakeholders, developers, service
18          providers, and customers of Web services.

19   Status:
20             This document is a Working Draft.


21




22




23




24


25   wsdm-muws-part2-1.0
     Copyright © OASIS Open 2003-2005. All Rights Reserved.                             Page 1 of 43
26   Table of Contents
27   1     Introduction ............................................................................................................................. 5
28       1.1    Purpose ............................................................................................................................. 5
29       1.2    Compliance ....................................................................................................................... 5
30   2     References and Acronyms...................................................................................................... 6
31       2.1    Normative References ...................................................................................................... 6
32       2.2    Acronyms .......................................................................................................................... 7
33   3     Web Services Quality Model ................................................................................................... 8
34       3.1    Quality Factor of Web Services ........................................................................................ 9
35         3.1.1       Web Services Quality as a Service ............................................................................ 9
36         3.1.2       Quality Service Model ................................................................................................ 9
37       3.2    Quality Associates for Web Services .............................................................................. 10
38         3.2.1       Stakeholder and Developer ..................................................................................... 10
39         3.2.2       Provider .................................................................................................................... 10
40         3.2.3       Consumer ................................................................................................................ 11
41         3.2.4       QoS Broker .............................................................................................................. 11
42         3.2.5       Quality Assurer ........................................................................................................ 11
43         3.2.6       Quality Manager ....................................................................................................... 11
44       3.3    Quality Activity of Web Services ..................................................................................... 12
45         3.3.1       Development Quality Contract ................................................................................. 13
46         3.3.2       Web Services Quality Contract ................................................................................ 14
47   4     Business Value Quality ......................................................................................................... 15
48       4.1    Definition ......................................................................................................................... 15
49       4.2    Quality Sub-factors .......................................................................................................... 15
50       4.3    Quality Contracts ............................................................................................................. 17
51       4.4    Quality Associates ........................................................................................................... 17
52       4.5    Related Standard ............................................................................................................ 17
53   5     Service Level Measurement Quality ..................................................................................... 18
54       5.1    Definition ......................................................................................................................... 18
55       5.2    Quality Sub-factors .......................................................................................................... 18
56         5.2.1       Performance ............................................................................................................ 18
57         5.2.2       Stability .................................................................................................................... 19
58       5.3    Quality Contracts ............................................................................................................. 20
59       5.4    Quality Associates ........................................................................................................... 20
60       5.5    Related Standards .......................................................................................................... 21
     wsdm-muws-part2-1.0
     Copyright © OASIS Open 2003-2005. All Rights Reserved.                                                                             Page 2 of 43
61   6     Interoperability Quality .......................................................................................................... 22
62       6.1    Definition ......................................................................................................................... 22
63       6.2    Quality Sub-factors .......................................................................................................... 22
64       6.3    Quality Contracts ............................................................................................................. 22
65       6.4    Quality Associates ........................................................................................................... 23
66       6.5    Related Standards .......................................................................................................... 23
67   7     Business Processing Quality ................................................................................................ 25
68       7.1    Definition ......................................................................................................................... 25
69       7.2    Quality Sub-factors .......................................................................................................... 25
70         7.2.1       Reliable Messaging .................................................................................................. 26
71         7.2.2       Message Context ..................................................................................................... 26
72         7.2.3       Transaction .............................................................................................................. 26
73       7.3    Quality Contracts ............................................................................................................. 27
74       7.4    Quality Associates ........................................................................................................... 27
75       7.5    Related Standards .......................................................................................................... 28
76   8     Manageability Quality............................................................................................................ 30
77       8.1    Definition ......................................................................................................................... 30
78         8.1.1       Management Functions ........................................................................................... 30
79         8.1.2       Manageable Services .............................................................................................. 30
80         8.1.3       Management Level .................................................................................................. 30
81       8.2    Quality Sub-factors .......................................................................................................... 31
82         8.2.1       Manageable Level.................................................................................................... 31
83         8.2.2       Managed Levels ....................................................................................................... 31
84       8.3    Quality Contracts ............................................................................................................. 32
85       8.4    Quality Associates ........................................................................................................... 32
86       8.5    Related Standard ............................................................................................................ 33
87   9     Security Quality ..................................................................................................................... 34
88       9.1    Definition ......................................................................................................................... 34
89         9.1.1       Qualities of Security Services .................................................................................. 34
90         9.1.2       Security Service Level ............................................................................................. 35
91       9.2    Quality Sub-factors .......................................................................................................... 36
92         9.2.1       Sub-factor Definitions............................................................................................... 36
93         9.2.2       Security Factors & Related Technology Mapping ................................................... 38
94         9.2.3       Security Profile ......................................................................................................... 39
95       9.3    Quality Contracts ............................................................................................................. 41
96       9.4    Quality Associates ........................................................................................................... 42
97       9.5    Related Standards .......................................................................................................... 43
     wsdm-muws-part2-1.0
     Copyright © OASIS Open 2003-2005. All Rights Reserved.                                                                            Page 3 of 43
98




     wsdm-muws-part2-1.0
     Copyright © OASIS Open 2003-2005. All Rights Reserved.   Page 4 of 43
99    1 Introduction
100   System integration through Web Services gains in more importance as the focus of the Internet
101   business model is moving from B2C to EAI, B2B. The successful system integration through Web
102   Services means providing faster and more reliable services as if remote Web Services are local
103   Web Services. In other words, high quality of Web Services is being recognized as the critical
104   element of successful business based on SOA (Service Oriented Architecture) This document
105   presents Web Services Quality Model so that associates may precisely understand and describe
106   Web Services quality.


107   1.1 Purpose
108   This document is to present Web Services Quality Model which MUST be considered while
109   performing all the necessary interactions such as order, development, management and
110   maintenance among the associates during lifecycle of Web Services. The model is classified into
111   3 sub-models: Quality Associates Model, Quality Contract Model, and Quality Management
112   Model.
113


114   1.2 Compliance
115   This document suggests Web Services Quality Model (WSQM) in conceptual level. Therefore, in
116   order to apply this model onto real world, the quality properties and the scope sub-factors must
117   be defined according to the characteristics of Web Services. Meanwhile, due to its concept-
118   limited description, it is required to create the quality check list corresponding with the framework
119   of WSQM in this document.




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                     Page 5 of 43
120   2 References and Acronyms
121   2.1 Normative References
122
123     - ISO 9126
124        URL: http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39752
125     - WS-I Basic Profile 1.1
126       URL: http://www.ws-i.org/Profiles/BasicProfile-1.1-2004-08-24.html
127     - WS-I Basic Security Profile Version 1.0
128       URL: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2004-05-12.html
129     - WS-I Simple SOAP Binding Profile Version 1.0
130       URL: http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html
131     - OASIS WS-Reliable Messaging
132       URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrm
133     - OASIS BPEL4WS(Business Process Execution Language For Web service)
134       URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel
135     - OASIS WS-CAF(Composite Application Framework)
136       URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-caf
137     - W3C WS-CDL (Web service Choreography Description Language)
138       URL: http://www.w3.org/TR/2004/WD-ws-cdl-10-20040427/
139     - OASIS WSDM
140        URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsdm
141     - W3C XML Encryption
142       URL: http://www.w3c.org/Encryption/2001
143     - W3C XML Digital Signature
144       URL: http://www.w3c.org/Signature
145     - OASIS SAML
146       URL: http://www.oasis-open.org/home/index.php
147     - OASIS XACML
148       URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
149     - OASIS WS-Security Specification
150        URL: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-
151        1.0.pdf
152     - W3C XKMS (XML Key Management Specification)
153       URL: http://www.w3c.org/2001/XKMS/
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                               Page 6 of 43
154     - MS, VeriSign, IBM WS-SecurityPolicy (Web Services Security Policy Language)
155       URL: ftp://www6.software.ibm.com/software/developer/library/ws-secpol.pdf
156     - MS, VeriSign, IBM WS-Trust (Web Services Trust Language)
157       URL: ftp://www6.software.ibm.com/software/developer/library/ws-trust.pdf
158     - MS, VeriSign, IBM WS-Federation (Web Services Federation Language)
159       URL: ftp://www6.software.ibm.com/software/developer/library/ws--fed.pdf


160   2.2 Acronyms
161     - ISO: International Standard Organization
162     - BLA: Business Level Agreement
163     - SLA: Service Level Agreement
164     - SOAP: Simple Object Access Protocol
165     - WSDL: Web service Description Language
166     - UDDI: Universal Description, Discovery and Integration
167     - XML: eXtensible Markup Language
168     - 2PC: 2 Phase Commit
169     - ACID: Atomicity, Consistency, Isolation and Durability
170     - WSDM: Web services Distributed Management
171     - HTTP: Hyper Test Transfer Protocol
172     - SSL: Secure Socket Layer
173     - TLS: Transport Layer Security
174     - IPSec: IP Security
175     - DOS: Denial of Service
176     - IDS: Intrusion Detection Service
177     - IPS: Internet Protocol Security
178     - S/MIME: Secure / Multipurpose Internet Mail Extension
179     - PGP: Pretty Good Privacy
180     - MIME: Multipurpose Internet Mail Extensions
181     - XML-DSIG: XML Digital Signature Standard
182     - PKI: Public Key Infrastructure
183     - XKMS: XML Key Management Specification
184     - SAML: Security Assertion Markup Language
185     - XACML: Extensible Access Control Markup Language

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                            Page 7 of 43
186   3 Web Services Quality Model
187   Web Services Quality Model configures major components of Web Services and presents a
188   milestone for the quality of service level. As shown in <Figure 3-1>, the Web Services Quality
189   Model consists of 3 components: Quality Factor, Quality Associate, and Quality Activity. The
190   Quality Factor is a fundamental component that recognizes Web Services quality to manage its
191   quality. The Quality Associates refer to roles or tasks of the organizations or people related to
192   Web Services. And the Quality Activity refers to various action models performed by Quality
193   Associates for the stability of Web Services quality. The Web services Associates MAY require
194   any necessary contracts while interacting with one another. So, the suggested model focuses on
195   consolidating the necessary Quality Factors for Web Services quality incurred from Quality
196   Activity.




197

198                                     <Figure 3-1> Web Services Quality Model

199
200   The Web services Quality Model illustrated in <Figure 3-1> refers to Quality components and
201   their relationships. Since most of Web services are remotely provided, Web Services quality has
202   its significance when the quality in remote services is fully considered.
203   The Quality Associates are the organizations or people related to inspection, loading, provision
204   and use of Web services. The associates could be developers, providers, users and managers of
205   Web services. Depending on their interests, they have different views regarding Web services
206   quality. Their quality contracts are concluded through negotiations, based on quality model
207   instance of their own viewpoint.
208   The Quality Activity configures various activities of Web services such as contracting among
209   Quality Associates. There are three types of the Quality Contract: 1) Employment Contract, 2)
210   Development Contract, 3) Management Contract. Development Contract is a contract between
211   Stakeholder and Developer at the time of development consignment. Employment Contract is a
212   contract between Provider and User for quality guarantee. Lastly, Management Contract is a
213   contract about Web Services quality required for its management when Stakeholder consigns its
214   management to a dedicated management facility.




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                 Page 8 of 43
215   3.1 Quality Factor of Web Services
216   Web Services is regarded as a product remotely used, so the quality of Web Services should be
217   reviewed when they are used in remote site.


218   3.1.1 Web Services Quality as a Service
219   Web Services are provided as a service, not the product itself. Considering the service-oriented
220   features of Web Services, Web Services Quality Model should be established from the view of
221   service quality, not the product.


222   3.1.2 Quality Service Model
223
224   Web Services quality as a service is literally the quality of using Web Services and depending on
225   the views of using a service, it can be considered in three layers; 1)Business Level Layer, 2)
226   Service Level Layer, 3) System Level Layer. Each layer has one or several quality sub-factors
227   (see Figure 3-2).
228   The first layer, Business Level Layer is the quality to represent the business value perceived by
229   the user while using Web Services and is called Business Value Quality.
230   The second layer, Service Level Layer is the measurable performance quality of Web Services
231   perceived by the user while using Web Services and is called ‘Service-Level Measurable Quality.’
232   This quality includes performance issues such as stability and scalability as well as response
233   time. The quality factors at the user level layer can be obtained by evaluating the service quality
234   that User experiences while using Web Services.
235   The third layer is the System Level Layer. This layer can be divided into 'interoperability layer' and
236   'management and security layer'. Interoperability layer is the layer that determines whether Web
237   services, which are developed in different system environments by different developers, can
238   properly interoperate. The quality of this layer can be subdivided into two types of quality
239   depending on the user's interest. One is the quality of whether message format among Web
240   Services is exchangeable, that is, whether the format conforms the standard and/or guideline
241   specified by standard organizations, called Interoperability Quality. Another one is the quality of
242   whether the interoperating messages properly execute business logic, called Business
243   Processing Quality. This can be subdivided into 'Reliable Messaging' for stably delivering at any
244   unstable networking situations and quality factors for properly executing a desired ‘Business
245   Context’. The quality at interoperability view layer can be obtained by evaluating 'message log
246   information', which is saved by intercepting a message in the middle of exchange between Web
247   Services and 'message processing status log information', which is saved while a message is
248   being processed. Management and security layer is a layer to indicate the quality from the
249   management and security view of Web Services and can be divided into the manageability quality
250   and security quality. Manageability Quality is the quality to indicate the manageability from within
251   or outside of the system. Security Quality is the quality to indicate the level of the counteraction of
252   Web Services to the unauthorized access or attack from outside. The manageability and security
253   layer quality can be checked by testing the manageability and security related features.
254   <Figure 3-2> illustrates the concept of 6 major quality factors that belong to the three layers
255   mentioned above.




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                      Page 9 of 43
256

257                                     <Figure3 -2> Web service Quality Factors

258


259   3.2 Quality Associates for Web Services
260   A Web service quality associate is the person who is related to each step of Web services life
261   cycle such as stakeholder, inspection, loading, provision and use and its related system. The
262   Quality Associate is namely the model of these stakeholders suggested in the draft. <Figure 3-3>
263   illustrates the relation between the web quality stakeholders and their quality contracts, which are
264   concluded due to necessity.


265   3.2.1 Stakeholder
266   A Web service stakeholder is the main body who requests the development of a Web service to a
267   developer and user who has the authority to place an order related to Web services development.
268   A stakeholder delivers the requirements of Web services quality to a developer when requesting
269   the development. That's because a stakeholder has an expectation as to what quality level a Web
270   service is developed. The quality requirements should be prepared before development.


271   3.2.2 Developer
272   The developer considers the Web services quality requirements that will meet the quality
273   standard and designs the structure to meet the quality accordingly. A stakeholder uses the quality
274   models while testing whether a Web service meets the quality level, which is specified in the
275   quality requirements. Testing the quality is called 'Quality Inspection Procedure'


276   3.2.3 Provider
277   A Web service provider is also a user who provides the existing Web services or a new Web
278   service independently developed by the provider. The Web services quality has an important
279   meaning on the provider's side because the provider's company will lose profits if a competitor
280   provides better quality service to the stakeholder. Therefore, it should be focused that a Web

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 10 of 43
281   service is developed and managed so that a better quality would be provided by measuring
282   quality more accurately on a Web service provider's side.


283   3.2.4 Consumer
284   A Web service consumer is a user who actually uses the Web services. It is understood that a
285   customer is also most closely related to Web services quality because a user and a consumer
286   selects the highest quality service in case there are several available Web services. Therefore,
287   the method to define the accurate quality class and level concerning Web services quality should
288   be provided to the consumer. Consequently, it can be said that the choice whether or not to use a
289   Web service depends directly on the quality.
290


291   3.2.5 QoS Broker
292   On the Web services user's side, most users expect to get the highest quality Web service. A
293   QoS Broker saves Web services information, especially concerning the quality in order to search
294   appropriate quality information among the registered Web services when any quality-related
295   request is accepted and provide a user with the Web services suitable for the user's
296   requirements. Like this, a QoS Broker registers Web services quality properties using the Web
297   services quality model suggested in the draft when registering a Web service. In addition, a QoS
298   Broker monitors whether a registered Web services provides the registered quality level. The
299   quality models are used when a QoS Broker monitors the quality properties.
300


301   3.2.6 Quality Assurer
302   A quality assurer functionally monitors the quality level to see whether or not the quality level
303   contracted between a Web service provider and a Web service user is well kept and provided.
304   The quality contract is called the 'Quality Contract of Web services', which uses the quality model
305   of Web services when creating, loading and using a quality contract. In addition, a quality assurer
306   monitors whether or not a Web service is provided at its contractual quality level, whether or not a
307   quality contract of Web services is observed and whether or not a violation related to quality level
308   is notified/recognized between the Web service provider and the Web service user.
309


310   3.2.7 Quality Manager
311   A quality manager plays a role to carry out the management service of a Web service provider as
312   proxy. To secure the quality level requested by the provider, a quality manager monitors the
313   system from the outside and manages Web services quality. The quality management service
314   also contains Web services resource management in order that a Web service is continued with
315   reserved resources even in case system resource is insufficient. A quality manager should secure
316   a system to control plural Web services and be a group or public enterprise with public trust by
317   which a Web service provider can carry out such services.




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                  Page 11 of 43
318

319                                 <Figure 3-3> Quality Associates of Web services

320
321


322   3.3 Quality Activity of Web Services
323   Quality Activity consists of various activities to make a contract for the stability of Web Services
324   Quality among Quality Associates. The followings indicate the list of its activities.
325
326   ● Contract
327   It is cooperation among associates with the details of Quality Development, Quality Usage, and
328   Quality Management for the quality stability
329
330   ● Clarification
331   It is an activity of defining the details of Web Services Quality and the Quality Level for clear
332   understanding at the time of contract.
333
334   ● Search
335   It is a User’s activity of searching for the quality detail or the superior quality web service.
336
337
338
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                       Page 12 of 43
339   ● Delegation
340   It is a Provider’s activity of delegating the quality monitoring or the quality management to
341   maintain its quality level.
342
343   ● Development
344   It is a Developer’s activity of designing, coding, testing and integration with quality in mind at the
345   time of Web Services Development.
346
347   ● Registration
348   It is a Provider’s activity of publishing its quality detail and quality level to Quality Broker.
349
350   ● Report
351   It is a Quality Assurer’s activity of reporting to User about the usage history of quality information
352   and any violations in Web Services Quality Level based on its quality contract.
353
354   ● Notification
355   It is a Quality Assurer’s activity of notifying Provider about any violations in Web Services Quality
356   Level based on its quality contract.
357
358   ● Monitoring
359   It is a QoS Broker’s activity of monitoring Web Services Quality Level on a regular basis. (Daily,
360   Monthly, Yearly)
361
362   ● Management
363   It is a Quality Manager’s activity of managing quality to assure the Quality Level requirement of
364   Provider.
365
366   Contract is most important in Quality Activity. There are three contracts related to Web Services
367   Quality. The first is a Development Quality Contract between its Developer and Stakeholder. The
368   second is Web Services Quality Contract in User’s perspective between its Provider and User.
369   The last is Management Quality Contract which should be maintained when Owner (Stakeholder)
370   delegates Web Services management to a dedicated management facility (Provider) instead of
371   managing it directly.
372


373   3.3.1 Development Quality Contract
374   Development quality contract means a quality contract at the Web service development stage.
375   Tasks at Web services development stage include design, implementation, unit quality test and
376   integration test of services. Each task can be influenced by plenty of factors. In order to assure
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                         Page 13 of 43
377   that a Web service is developed at the required quality level, a developer should consider the
378   quality at each task and test the quality of Web service. A stakeholder should evaluate a Web
379   service that is developed by a developer and inspect it accordingly. Therefore, the development
380   quality contract of Web services should contain the detail specifications to be attained in the
381   development and the inspection checklist to be consequently executed.
382


383   3.3.2 Web Services Quality Contract
384   The Web services Quality contract should be concluded between a Web service provider and a
385   user at the time of starting the use of such Web services. This means that a Web services quality
386   contract is prepared through a discussion &/or negotiation about functions and quality of Web
387   services provided in the presence of the 3rd party. In general, a Web services quality contract
388   describes functions to be provided to a provider by Web services, quality items to be provided at
389   the time of using such services, warranty level and corrective actions in case of any violation.
390   These contracts are business-level agreement, business contract and Service Level Agreement
391   (SLA) related to XML, an electronic document format to be used for quality control that Web
392   service management platform is understandable. The latter, service-level agreement is also
393   called WS Quality Contract or more simply, WS-Contract. Upon the preparation, the SLA is
394   distributed to service providers, consumers and platform of a quality manager and used at the
395   stage of using Web services. Therefore, a Web services quality contract should contain items to
396   be considered about Web service quality from the view of using such services.
397


398   3.3.3 Management Quality Contract
399   Management Quality Contract is a contract between Web Services owner and Provider when
400   Web Services owner (Stakeholder) delegates the management and supply of Web Services to a
401   dedicated operator instead of managing it directly after the development of Web Services is
402   completed. This contract is about the essential qualities which should be supplied to User by
403   Provider for maintaining Web Services Quality. Its conformance can be evaluated through
404   monitoring by other Quality Manager or Quality Assurer.
405




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                Page 14 of 43
406   4 Business Value Quality
407   4.1 Definition
408   Business Value Quality means differentiating business value from the viewpoint of using Web
409   services, that is, at service level of Web services. Business value of Web services MAY
410   supplement with business profits or elevate service quality remarkably.


411   4.1.1 Type
412   Business Value Quality doesn’t exist independently. It has to consider all the elements in quality
413   standard, and the type and characteristic of current business. And it can be classified as shown
414   below. When choosing service, the appropriateness of its service is determined and the output
415   from its service is measured and evaluated. Quality of Service can be evaluated by these
416   methods with better recognition. The followings are detailed definitions in regard to Quality.
417
418   ● Business Suitability
419   It is a property to determine the suitability of business implementation using its service when
420   conducting a business. It is evaluated in business perspective and IT perspective.
421   - Business perspective
422   Business Suitability is evaluated after checking necessary elements (Business for its service,
423   Importance of ongoing business, Need for service) to conduct the business.
424   - IT Service Perspective
425   The evaluation is done from different angles including ease of use, efficiency, and stability.
426
427   ● Business Effect
428   It is a property to show the outcome from implementing Provider’s Web Services in business. It is
429   crucial element to calculate the business value. Due to its influence on Business Suitability,
430   Business Effect can be a reference when using services in other businesses. It also plays an
431   important role to create Web Services recognition along with offline survey.
432
433   ● Business Recognition Level
434   It is a property to indicate the level of the recognition of Web Service. It shows the level of
435   reputation and application of Web Services implemented by User in business and the service
436   category of its business can be created through the recognition level of each business area.


437   4.2 Quality Sub-factors
438   Business value quality consists of 3 quality sub-factors as follows.
439

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 15 of 43
440   4.2.1 Business Suitability
441   ● Business Suitability
442   It is a property to evaluate the suitability with the industry standard that belongs to the business
443   category and the business requirements of Web Services. Business Suitability is the
444   measurement to evaluate the business level indicated on BLA (Business Level Agreement) and
445   the suitability of business implementation between Provider and the service. Higher the suitability
446   is, it’s more likely for the business optimization of Web Services to occur. Business Suitability is
447   regarded to have three fundamental elements as follows but the expanded elements can be used
448   to evaluate the suitability.
449   - Applicable area for Services:
450   It is to describe the business category classification which should include the service from
451   Provider. And the location of its business category (manufacturing, finance, public industry, etc.)
452   can be designated
453   - Need for Services:
454   It is a part to describe the reason of the service to be used in business. And the solution for the
455   existing business problem is proposed or the reason for applying the service onto the business is
456   indicated.
457   - Importance of applicable business:
458   It is a property to indicate the importance of business in which the service of business category
459   (manufacturing, finance, public industry, etc.) is used. For example, the production part of
460   manufacturing business can be an important factor but HR or general affair are relatively less
461   important.
462   ● IT Service Suitability
463   It is a provider’s property of Provider to evaluate the ease of use of Web Services. If the feature of
464   Web Services doesn’t distinguish each other, Web Services with better ease of use is rated for
465   better suitability


466   4.2.2 Business Effect
467   ● Business Activity Contribution
468   It is a user’s property to evaluate the contribution in its business profit when using business
469   friendly service. It also can be used as a data to calculate ROI (Return On Investment) High
470   Business Activity Contribution can be interpreted as high ROI.
471
472   ● Business Activity Influence
473   It is an evaluation factor for the influence on the business when the service with low optimization
474   is used for Web Service user. High business activity influence means that it can be classified as
475   the common service regardless its business classification and for the case like this, it can be
476   defined with the classification of common service and optimized service while specifying a
477   specific level.
478   ● Customer Satisfaction Effect
479   It is a property to evaluate the satisfaction after using the Web Service. Web Service user can
480   measure it using the survey and real-time monitoring. The high customer satisfaction likely means
481   the high reputation of Provider’s Web Service.
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 16 of 43
482   ● Return On Investment Effect
483   It is a user’s property to evaluate the profit on investment with financial result. It is possible to
484   calculate through Business Activity Contribution, Business Activity Influence, and Customer
485   Satisfaction Effect.


486   4.2.3 Business Recognition Level
487   ● Reputation
488   It is a reputation of Web Services from customers. Reputation is evaluated by Quality of Service,
489   level of satisfaction, and reliability. It can be measured with various method such as survey and
490   vote, etc.


491   4.3 Quality Contracts
492   Service level business value quality-related quality contracts are as follows.
493
494   ● Quality Contract for Development
495   Of business value quality factors, the quality sub-factors such as metering/billing should be
496   contained in a BLA development quality contract. BLA is an agreement describing what kind of
497   service is provided, that is, from the view of business.
498
499   ● Quality Contract for Using Web services
500   If a consumer is willing to use a Web service, the consumer can review the cost, penalty,
501   metering and billing, which are described in WSDL. Meanwhile, a QoS broker should test every
502   quality sub-factor of business value quality on/off line and expressly indicate the quality.


503   4.4 Quality Associates
504   ● Stakeholder: is interested in every quality factor related to business value quality.
505   ● Developer: is engaged in metering/billing.
506   ● Consumer: is interested in every quality factor related to business value quality.
507   ● Provider: should make an effort to win recognition of a good business value quality.
508   ● QoS Broker: should collect and give business value quality information through online/offline
509                  questionnaires or voting to consumers in order to publicize the information to the
510                  public.
511   ● Assurer: N.A.
512   ● Manager: N.A.
513


514   4.5 Related Standard
515   N.A.

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                        Page 17 of 43
516   5 Service Level Measurement Quality
517   5.1 Definition
518   Service Level Measurement Quality is the quality that a user perceives when actually using Web
519   services. The quality generally means how fast a Web service is provided and/or how stable it is
520   provided, all of which are measurable at all times.


521   5.1.1 Type
522   Performance related quality sub-factors include Response Time, Throughput, and Maximum
523   Throughput and Stability related quality sub-factors include Availability, Reliability, and
524   Accessibility.
525


526   5.2 Quality Sub-factors
527   Service Level Measurement Quality is subdivided into performance measurement sub-factors
528   including response time, throughput and maximum throughput, and stability measurement sub-
529   factors such as availability, reliability and accessibility. The followings define the quality sub-
530   factors.


531   5.2.1 Performance
532   Of the Service Level Measurement Quality, the performance-side property is how fast a Web
533   service provider responds to any service request. The performance property can be described in
534   quality sub-factors such as response time, throughput, and threshold quality.
535
536   ● Response Time
537   It means the time taken to send a request and to receive the response. The Response Time is
538   measured at an actual Web service call and it can be calculated by applying the following
539   formula. The Response Completion Time is the time that all the data for response arrives at a
540   user, while the User Request Time is the time when the user sends a request. In general, the
541   Response Time is calculated by the mean value during a certain time.

          Response time = Response Completion Time – User Request Time
542
543
544   ● Maximum Throughput
545   It means the max number of services that a platform providing Web services can process for a
546   unit time. Throughput can be used as a performance index to evaluate a Web services provider.
547   How many it can process also means how many users it can process concurrently in a web. The
548   Maximum Throughput can be calculated with the following formula.


      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 18 of 43
549
550


551   5.2.2 Stability
552   Stability means how stable and continuously Web services can provide services. That is, the
553   quality is about the ability to provide continuous, consistent and recoverable services despite of
554   increased throughput, congestion, system failure, natural disaster and intentional attack from
555   users. The quality properties are availability, reliability and accessibility.
556
557   ● Availability
558   Availability is defined as the ratio of time period in which a Web service exists or it is ready for
559   use, that is, the Web service is maintained. Assuming that the time when a system is not
560   available is 'Down Time' and the time when a system is available is 'Up Time,’ the Availability is
561   the average Up Time. To get Availability, instead of monitoring Up Time continuously, we suggest
562   using the Down Time. Down Time could be obtained by monitoring system down events occurred
563   in operation. The following formula calculates the Availability while unit time is a time to measure
564   the time.
565
                                                        Down Time
566                               Availability  1 
                                                        Unit Time
567
568   ● Successability
569   Successability is defined as the extent to which Web services yield successful results over
570   request messages. Successability means the degree to which a service is fulfilled in a given time
571   according to an agreed contract. Successability can be calculated as the number of successful
572   response messages over the number of request messages. That is, it represents the ratio of
573   successfully returned messages after requested tasks are performed without errors.
574
                                                       number of response messages
575                               Successability 
                                                        number of request messages
576
577   ● Accessibility
578   Accessibility represents the degree that a system is normatively operated to counteract request
579   messages without delay. In some cases, a Web service system could be accessible for external
580   users to try accessing its resources even if its services are not available. We can know whether a
581   Web service system is accessible by just inspecting that the system can returns an
582   acknowledgement normally for a request message. Thus, Accessibility can be calculated as the
583   ratio of number of acknowledgements received to the number of request messages.
584                                                     number of acks received
                                  Accessability 
585                                                   number of request messages
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 19 of 43
586   5.3 Quality Contracts
587   ● Quality Contract for Development
588   The quality level in each quality factor SHOULD be described in the BLA (Business Level
589   Agreement) and the SLA (Service Level Agreement), which are made when development is
590   ordered. SLA is a contract document specifying the quality level of a Web service(s) provided, the
591   relative details and the corrective measures in case of any violation against the described quality
592   level.
593
594   ● Quality Contract for Using Web services
595   When services are used, the quality level in each quality factor SHOULD be described in BLA
596   and SLA. QoS broker, quality assurer, and manager SHOULD monitor and check whether quality
597   contracts and the specified quality are properly maintained.
598


599   5.4 Quality Associates
600   ● Consumer
601   Web services consumers wish to use high-performance and stable Web services, so they are
602   even more interested in service level measurement quality than any other qualities.
603
604   ● Stakeholder
605   A stakeholder also desires to have a Web service of service level measurement quality when
606   requesting a Web service development. Like the reasons why consumers are interested in Web
607   services, stakeholders have also intent to manufacture high quality Web services more
608   consumers can use.
609
610   ● Developer
611   A Developer should develop a Web service that meets the quality level designated by a
612   stakeholder as the same reason why the stakeholder is interested in service level measurement
613   quality. In an inspection time, the developed Web service should pass the quality level test
614   specified in a development contract.
615
616   ● Provider
617   A Provider should manage a platform to provide Web services, while maintaining its quality level
618   specified by a stakeholder. On the Provider's part, service level measurement quality is one of
619   important factors among service qualities like web hosting.
620
621   ● QoS Broker
622   Among the Quality Associates, QoS (Quality of Service) Brokers provide the most objective
623   measurement and criteria of service qualities. QoS broker can measure service level

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                 Page 20 of 43
624   measurement quality more accurately than any other quality and search a Web service suitable
625   for a user more easily.
626
627   ● Assurer
628   See QoS Broker
629
630   ● Manager
631   See QoS Broker
632


633   5.5 Related Standards
634   ● N.A




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                             Page 21 of 43
635   6 Interoperability Quality
636   6.1 Definition
637   Interoperability Quality defines the compatible/inter-operable level among Web services. Since
638   Web services that are defined on different platforms and of which standard specifications are
639   individually extended and defined, it occasionally happens that additional development for
640   interoperability among these services is not easy, although the technologies of Web services
641   have been standardized. Therefore, interoperability quality means the results of evaluating the
642   interoperability level by a specific standard, which is required for inter-operation among Web
643   services.


644   6.1.1 Type
645   Interoperability Quality includes the conformability of SOAP, WSDL, and UDDI as Quality Sub-
646   factors.


647   6.1.2 Quality Sub-factors
648   Interoperability Quality can be divided into Conformability and Interoperability.


649   6.2 Quality Sub-factors
650   ● Conformability
651   Standard Conformability is a factor to evaluate to which degree the standard technology of Web
652   services are conformed. From the view of standard conformability, the interoperability quality
653   evaluation inspects whether a Web service implemented reflects the standard specifications.
654
655   ● Interoperability
656   Interoperability is a factor to evaluate whether both conformable Web service systems are
657   interoperable according to a WS-I profile, which is the authority to define interoperability of Web
658   services and suggest profiles of Web services specifications. The profile suggests the guidelines
659   of the applicable Web services standard.
660


661   6.3 Quality Contracts
662   ● Development Quality Contract
663   Interoperability quality contract in development should contain quality factor, which is required by
664   BLA [Business Level Agreement]. The level of interoperability quality can be evaluated by the test
665   of interoperability suggested below.
666
667   ● Operation Quality Contract
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                  Page 22 of 43
668   A Web service is provided to users [consumers] through UDDI storage after being evaluated for
669   the service quality by the 3rd quality certificate authority and receiving the quality certificate.
670


671   6.4 Quality Associates
672   ● Stakeholder
673   When placing orders of Web services to several companies, a Stakeholder should consider the
674   interoperability quality of Web services developed by different companies and supply them.
675
676   ● Developer
677   A Developer should consider the interoperability with other Web Services when developing Web
678   Services
679
680   ● Provider
681   A Provider should provide Web Services that assures the interoperability quality.
682
683   ● Service Consumer
684   A Service Consumer should use a Web service to which the interoperability quality is secured.
685
686   ● QoS Broker
687   QoS Broker should keep the information on Web services interoperability quality with Web
688   services information, search the interoperability quality information of Web services when a
689   request for quality occurs and provide users with a Web service suitable for the required
690   conditions.
691
692   ● Quality Assurer
693   A Quality Assurer should assure the quality by monitoring to see that the interoperability quality is
694   provided based on the contract between Provider and User
695
696   ● Quality Manager
697   A Quality Manager should monitor and manage a system remotely for the assurance of
698   interoperability quality required by Provider.
699


700   6.5 Related Standards
701   ● WS-I Basic Profile 1.1: this is the interoperability profile for SOAP, WSDL, UDDI standards and
702   is managed by WS-I.

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 23 of 43
703   URL: http://www.ws-i.org/Profiles/BasicProfile-1.1-2004-08-24.html
704   ● WS-I Basic Security Profile Version 1.0 : this is the interoperability profile of Web service
705   security and is also managed by WS-I.
706   URL: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2004-05-12.html
707   ● WS-I Simple SOAP Binding Profile Version 1.0 : this is the interoperability profile of SOAP
708   binding and is also managed by WS-I.
709   URL: http://www.ws-i.org/Profiles/SimpleSoapBindingProfile-1.0-2004-08-24.html




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                     Page 24 of 43
710   7 Business Processing Quality
711   7.1 Definition
712   Business Processing Quality means various indices to provide optimized business when business
713   partners execute the business process for Web services. The provision of such optimal business
714   requires accurate definition, execution, automation of business process, reliable messaging,
715   transaction processing, coordination and integrated management framework.


716   7.1.1 Type
717   Quality Sub-factors of Business Processing Quality can be divided into three. The first is to
718   monitor the reliable processing and escape sequence status. The second is to assure the
719   transaction of single task using multiple business processes. The last is to check the
720   conformation of predefined process, and to design a framework for modeling and adjusting the
721   distributed business processes. Thus, to process the business processing quality, the following
722   two requirements must be satisfied first: 1) Reliable Messaging and Transaction of business
723   message, 2) Business process collaboration of process management
724   ● Reliable Messaging
725   It is ability of Web Services to check the message transmitted through networks on Internet where
726   unreliable messages occur. It refers to the retransmission in case of lost messages with unique
727   identifier and sequence number assigned by various OS and middleware systems.
728
729   ● Transactionality
730   It is ability to process multiple messages among participants into single logical entity while the
731   multiple message sets are exchanged among many participants in complex business scenarios.
732
733   ● Business Process Collaborabillity
734   It is ability to process Web Services workflow. It refers to the business collaborability to combine,
735   design and implement Web Services and business process for the desired process outcome. In
736   general, the business collaborability is accompanied by many business activities. The changes
737   and order of these activities need to be defined according to the standard and the business
738   process would be able to be executed by such a defined process.


739   7.2 Quality Sub-factors
740   Quality sub-factors of business processing quality can be divided into two; one is to organize a
741   framework for modeling and adjusting diversified and distributed business process and the other
742   is to monitor observation of predefined process procedure, reliable processing and exceptional
743   process status. Therefore, for satisfying the business processing quality, there are two important
744   factors: 1) the reliability of business messages, 2) elaborate transaction and process
745   management on the message context properties. The following shows the definition of each
746   component.
747

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 25 of 43
748   7.2.1 Reliable Messaging
749   Reliable messaging represents the property of whether the most reliable message is supported
750   for business processing. For the reliable messaging, a message that is duplicated or fails
751   transmission should be retransmitted to secure business processing quality. In general, reliable
752   messaging should guarantee the properties of AtMostOnce, AtLeastOnce, ExactlyOnce and
753   InOrder. OASIS presented WS-Reliability and WS-ReliableMessaging specifications for the
754   properties. The followings list the criteria of reliable messaging.
755
756   ● AtMostOnce: a transmitted message should be delivered once at most.
757   ● AtLeastOnce: a transmitted message should be delivered once at least.
758   ● ExactlyOnce: a transmitted message should be delivered exactly once.
759   ● InOrder: to be transmitted, messages should be delivered in transmitted order.
760


761   7.2.2 Message Context
762   A business process could include execution of distributed Web services. For the coordination and
763   transaction processing among these distributed services, a system requires the history
764   information shared by participating transactions from the start time to the end time. A message
765   context contains the information shared by all the resources for a participating transaction, which
766   is created when the transaction starts and deleted when it ends.
767


768   7.2.3 Transaction
769   Transaction is a set of tasks that should be processed as a group at once. In general, it should
770   satisfy the following 4 properties.
771
772     - Atomicity: all operations occur if successful while no operations work if failure.
773     - Consistency: application executes effective status conversion upon the completion.
774     - Isolated: operation results are not shared outside a transaction until it completes successfully.
775     - Durability: once a transaction has been successfully completed, a failure can be recovered.
776
777   A Web service transaction could be categorized as ‘atomic transaction’ recognized as general
778   meaning and ‘business activity.’ Business activity has more complicated interests and a longer
779   transaction period than the atomic transactions. The former is realized frequently by using 2PC(2-
780   Phase Commit), while the later uses compensation for failures. Transaction processing in Web
781   services environment may be implemented by using WS-Coordination/WS-Transaction
782   specification. WS-Coordination contains the protocol for transaction coordination and transaction
783   processing scenario and WS-Transaction includes the definition of two type of transaction and
784   these scenarios.
785

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 26 of 43
786   ● Short-Term Atomic Transaction
787   Atomic transaction, as the basic transaction, has a narrow transaction range and a short
788   transaction processing period. Until a transaction is operated and complete, it completes
789   cooperation with any other participants and exchanges messages with them, during which
790   transaction information is shared through a coordinator and monitored subsequently. Such a
791   transaction is finalized through 2PC.
792
793   ● Long-Term Business Activity
794   The business activity is a long term transaction and covers transactions that may not be
795   processed by atomic transactions. Business activity may not always meet the ACID property
796   which is the basic requirement of a transaction. 2PC blocks the other user’s access to data used
797   in an atomic transaction before commit. On the contrary, business activity cannot restrict other
798   user’s access in its long execution time. So, the compensation process, which recovers partially
799   process result to the previous step in a failure, is necessary mechanism in the business activity.
800
801   ● Centralized Business Process Management
802   Centralized business process management creates, executes and monitors a new business
803   process as a part of work-flow by combining several Web services, which are provided by many
804   Web service providers. And it should provide a convenient automation level to organize new Web
805   service registration, service creation, role definition (regulator, participants), calling protocol
806   definition and execution environment.
807
808   ● Decentralized Business Process Management
809   In the decentralized business process management, managing business processes distributed as
810   fragments in Web service environment is not centralized but distributed in their actual regions of
811   each process for the management.


812   7.3 Quality Contracts
813   ● Quality Contract for Development
814   A business process quality contract in the development should describe test items in BLA
815   (Business Level Agreement) by quality factors while the business processing quality level is
816   evaluated by test by each factor.
817
818   ● Quality Contract for Using Web services
819   A Web service is provided to users [consumers] after being evaluated for the service quality by
820   the 3rd quality certificate authority and receiving the quality certificate.
821


822   7.4 Quality Associates
823   For the business processing quality, each quality associate is interested in the followings.
824
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 27 of 43
825   ● Developer
826   A developer should assure Reliable Messaging and Transactionality considering the business
827   collaborabililty with other Web Services at the time of development. And a developer also needs
828   to design, define and develop a workflow precisely for the business processing.
829
830   ● Service Consumer
831   A consumer is a user who actually uses Web service business processing service. A consumer
832   should select a high quality service referring to business processing quality certificates.
833
834   ● Service Provider
835   For service providers, the business process quality is one of important factors for the business
836   competitiveness. A provider should do their best to insure that each test item for the contractual
837   business processing quality receives higher implementation. It is also focused to develop a
838   service, which provides higher quality through the quality test.
839
840   ● QoS broker
841   A QoS broker inspects business processing quality in order to confirm the quality level when a
842   provider registers a Web service quality certificate. With the business processing quality test
843   results, the quality level is determined according to the test results executed by a broker in case a
844   consumer asks a QoS broker to search a Web service.
845
846   ● Stakeholder
847   A stakeholder is a main body to commit a service to a business partner and an owner who has
848   the authority to order services. A stakeholder delivers the requirements of the Web services
849   business processing quality when requesting a service development. He also inspects the quality
850   whether the quality requirements are kept according to the described quality level.
851
852   ● Quality Assurer
853   A quality assurer monitors Business Process Quality level between the provider and user and
854   performs a quality assurance activity such as issuing Web Services Quality certificate.
855
856   ● Quality Manager
857   A consumer is a user who actually uses Web service business processing service. A consumer
858   should select a high quality service referring to business processing quality certificates.
859


860   7.5 Related Standards
861   ● OASIS WS-Reliable Messaging: defines messaging protocols of checking, tracing and
862   managing messages to insure that messages to be transmitted among business partners are
863   reliable.
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 28 of 43
864     URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsrm
865   ● OASIS BPEL4WS(Business Process Execution Language For Web service): defines a
866   sequence that several business processes are executed in Web service environment.
867     URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel
868   ● IBM WS-AtomicTransaction: defines Atomic Transaction for processing short-term transaction
869     URL: http://www-128.ibm.com/developerworks/library/specification/ws-tx/#atom/
870   ● IBM WS-BusinessActivity: defines Business Activity for processing long-term transaction
871     URL: http://www-128.ibm.com/developerworks/library/specification/ws-tx/#ba/
872   ● IBM WS-Coordination: provides Web services-based approach to improve the performance of
873   long term business transactions, which are automated in an expandable and interoperable
874   method.
875     URL: http://www-106.ibm.com/developerworks/library/specification/ws-tx/#coor
876   ● OASIS WS-CAF(Composite Application Framework): is the standard to support a service
877   necessary for integrating business processes of Web services.
878     URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-caf
879   ● W3C WS-CDL (Web services Choreography Description Language): describes a coordination
880   of XML-based Web services and specifies distributed business process management.
881     URL: http://www.w3.org/TR/2004/WD-ws-cdl-10-20040427/




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                               Page 29 of 43
882   8 Manageability Quality
883   8.1 Definition
884   Manageability quality is the quality in the viewpoint of a manager or Web services tool developer.
885   That is, it means the quality to be managed by using object properties such as the relationship
886   among objects, identification, status and structure information, operation and events to manage
887   the Web services system.


888   8.1.1 Management Functions
889   The Manageability quality could be maintained by three functions of a management system;
890            Introspection: to inspect system and system's internal information
891            Control: to control writes to system and system's internal information
892            Notification: to notify, if any, changes in internal information.
893   ● Introspection: to get information on the classes of Web services, resources, and their status.
894   The information also contains Web services tracking information, that is, through which route a
895   Web service is called.
896
897   ● Control: to manage Web services and resources including the information obtained by
898   introspection and the manageability of Web services objects and resources. While Introspection
899   merely gains information, this function obtains and manages such information.
900
901   ● Notification: to notify changes in Web services or resources, if any, to an external quality
902   manager or anyone who wishes to know it.
903


904   8.1.2 Manageable Services
905   ● Web service Management: It's the management of Web service itself. A service should have
906   standard management interface, to be a manageable Web service.
907
908   ● Web service Platform Management: it's the management of platform on which a Web service is
909   installed and provided. It is available as long as such a platform is with the standard management
910   interface.
911


912   8.1.3 Management Level
913   ● Manageable Level: a Web service of manageable level is a service that provides management
914   interfaces.
      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 30 of 43
915
916   ● Managed Level: a Web service of managed level is a Web service that is manageable and
917   currently managed by the management interface
918


919   8.2 Quality Sub-factors
920   It defines the quality sub-factors, that is, 6 manageable levels and 2 managed levels by
921   combining 3 functions and 2 manageable services described in 8.1.
922


923   8.2.1 Manageable Level
924   ● Introspectability of Web services: introspectable Web service
925   ● Control-ability of Web services: controllable Web service
926   ● Notifiability of Web services: notifiable Web service
927   ● Introspectability of Web service platform: introspectable Web service platform
928   ● Control-ability of Web service platform: controllable Web service platform
929   ● Notifiability of Web service platform: notifiable Web service platform
930


931   8.2.2 Managed Levels
932   ● Introspectability of managed Web service: a Web service that is manageable and is managed
933     by a manager for introspectability.
934   ● Controllability of managed Web service: a Web service that is manageable and is managed by
935     a manager for controllability
936   ● Notifiability of managed Web service: a Web service that is manageable and is managed by a
937     manager for notifiability
938   ● Introspectability of managed Web service platform: a Web service platform that is manageable
939     and is managed by a manager for introspectability
940   ● Controllability of managed Web service platform: a Web service platform that is manageable
941     and is managed by a manager for controllability
942   ● Notifiability of managed Web service platform: a Web service platform that is manageable and
943     is managed by a manager for notifiability
944
945   <Table 6-1> shows the above-mentioned quality sub-factors in a table.
946
947



      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                 Page 31 of 43
948   <Table 6-1> Quality Sub-factors of Manageability

          Level           Object            Introspectability           Controllability            Notifiability

      Manageable       Web            Introspectability of a Web   Controllability of a Web   Notifiability of a Web
        level           services         service                     service                    services

                       Web            Introspectability of a Web   Controllability of a Web   Notifiability of a Web
                        services         service platform            service platform           services platform
                        platform

      Managed          Web            Introspectability of a       Controllability of a       Notifiability of a
        level           services         managed Web service         managed Web                managed Web
                                                                     service                    service

                       Web            Introspectability of a       Controllability of a       Notifiability of a
                        services         managed Web service         managed Web                managed Web
                        platform         platform                    service platform           service platform

949


950   8.3 Quality Contracts
951    ● Development Quality Contract

952   Manageability is included as one of requirements when a Web service is ordered to a developer.
953   That is, manageability in development is contained as functional requirements in a development
954   contract.
955

956    ● Quality Contract of Using Web services

957   The manageability quality exposes a management function as a service type to be called.
958   Therefore, the manageability quality is defined in WSDL (Web services Description Language)
959   extended for manageability or so that a service is specified in WSDL. That's because the
960   manageability should be exposed as a form of business Web service. Quality contract is also
961   contained in BLA.
962


963   8.4 Quality Associates
964     ● Consumer

965   No interest
966

967     ● Stakeholder

968   A Stakeholder requests a developer to develop manageable Web services for obtaining the
969   manageability quality described in a Web service development contract. In addition, a
970   Stakeholder uses the manageability in the inspection procedure whether a developed Web
971   service is manageable.
972

973    ● Developer

      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                           Page 32 of 43
974   A Developer implements Web services in the form that the manageability requested by a
975   Stakeholder is to be contained in the Web services functions and guarantees the manageability
976   quality in the inspection procedure. On a Developer's side, the manageability is accepted as one
977   of Web services function requirements, independent from the above-stated service level
978   measurement quality.
979

980     ● Provider

981   A Provider SHOULD offer the manageability of a platform as well as the manageability of Web
982   services. The platform manageability also contains a function to control the execution
983   environment of the whole Web services.
984

985     ● QoS Broker

986   No interest
987

988     ● Assurer

989   No interest
990

991     ● Manager

992   A Quality Manager uses management function of Web services to provide manageability quality.
993   On a manager's side, the manageability quality is very important and the management service
994   can't be executed unless it provides the manageability quality.
995
996


997   8.5 Related Standard
998    ● OASIS WSDM: standard of 'Management Using Web service' and 'Management Of Web
999   service'. URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsdm




      wsdm-muws-part2-1.0
      Copyright © OASIS Open 2003-2005. All Rights Reserved.                                Page 33 of 43
1000   9 Security Quality
1001   9.1 Definition
1002   Web services security quality is the ability to determinate the legality of access to the system and
1003   service, to cut off any illegal approach, fabrication and authority exercise, to control any legal
1004   access and to provide integrated security service for the use of stable, reliable and appropriate
1005   authority in order to reduce or eliminate all potential threats, which may occur while using Web
1006   services. In the Web services environment, the method for applying security service MAY be
1007   redefined in that for existing security standards because of access method and service interface
1008   shared by WSDL, SOAP message communication through XML, and the indigenous features
1009   implemented on various platforms.


1010   9.1.1 Qualities of Security Services
1011   The security service qualities for Web services MAY be classified as follows.
1012

1013     ● Data Confidentiality

1014   It is the quality used to protect data against unauthorized disclosure. It is whether the information
1015   stored on a system is protected against unintended or unauthorized access. Since systems are
1016   sometimes used to manage sensitive information, Data Confidentiality is often a measure of the
1017   ability of the system to protect its data. Accordingly, this is an integral component of Security.

1018

1019     ● Data Integrity

1020   It is the quality used to ensure that data has not been altered or destroyed in an unauthorized
1021   manner. Data integrity is verified by using the features of hash function but in case electronic
1022   signature is used, it may be also verified by using a property to verify data integrity contained in
1023   the signature.
1024

1025     ● User Authentication

1026   As a procedure in which assurance of the claimed identity of an entity is provided, a common
1027   authentication uses a specific knowledge that a requester can understand. In Web services
1028   environment, SOAP messages pass through various security domains, so it is required to provide
1029   single sign-on function using a security token.
1030

1031    ● Access Control

1032   As a security quality to restrict unauthorized user's access, access MUST be controlled by using
1033   Web services security token, since a SOAP message passes through various security platforms.
1034   eXtensible Access Control Markup Language (XACML), an OASIS specification for the Access
1035   Control, provides fine grained control of authorized activities, the effect of characteristics of the
1036   access requestor, the protocol over which the request is made, authorization based on classes of
1037   activities, and content introspection.
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 34 of 43
1038

1039    ● Non-Repudiation

1040   A quality that provides proof of the integrity and origin of data, both in an non-forgeable
1041   relationship, which can be verified by any third party at any time, or, in an authentication that can
1042   be asserted to be genuine with high assurance. A property achieved through cryptographic
1043   methods which prevents an individual or entity from denying having performed a particular action
1044   related to data.
1045

1046     ● Accessibility

1047   In the Web services environment, accessibility depends on the ability to detect and prevent any
1048   attack of DoS. The basis of accessibility is that every Web service user should have access to the
1049   information and experiences available online. In the broad sense, accessibility encompasses the
1050   capability to identify and obtain information, i.e., how easy is it to find needed information and
1051   retrieve it when you need it.
1052

1053     ● Audit Trail

1054   An audit trail leaves a log of attempted attacks to a specific service in order to utilize it as the data
1055   about vulnerability of Web services.
1056

1057     ● Privacy

1058   Privacy is the quality of a person to control the availability of information about and exposure of
1059   him- or herself. It is related to being able to function in society anonymously (including
1060   pseudonymous or blind credential identification). On both sides of Web services consumers and
1061   providers, it is the service for protecting disclosure of private information.
1062


1063   9.1.2 Security Service Level
1064   Web services security mechanism can be layered in two levels as follows.
1065
1066       Transport Level Security - Non-Persistent Level Security
1067   Transport level security means the security within a sub-network layer of SOAP, Web services
1068   protocol. This uses SSL and TLS security mechanisms, which have been used on the existing
1069   web environment, and HTTP protocol. Since these types of transport level security do not support
1070   end-to-end security context, partial encryption and partial electronic signature, message level
1071   security is required to reflect those features. Especially, since transport level does not provide
1072   end-to-end security context, transport security is non-persistent level security in which any
1073   context information is lost once it has transmitted from a point.
1074
1075     ● Message Level Security - Persistent Level Security
1076   Message level security provides security services such as data confidentiality, integrity,
1077   authentication, non-repudiation, and access control on the basis of SOAP messages. Since the
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                       Page 35 of 43
1078   message level security provides end-to-end security context, it is persistent level security in which
1079   context information is maintained even though a SOAP message itself passes through various
1080   security domains.
1081


1082   9.2 Quality Sub-factors

1083   9.2.1 Transport Level
1084   In all, 16 quality sub-factors are identified by combining 8 security service qualities and 2 security
1085   service levels, defined in 9.1. However, because non-repudiation of transport level and privacy
1086   protection of transport level are not practical, we only specify newly 15 quality sub-factors by
1087   adding Single-Sign-On (SSO) service quality getting important in SOA environment of Web
1088   services.
1089
1090       Transport Level Data Confidentiality
1091   A secure network protocol, such as TLS [RFC2246] or IPSEC [RFC2402], provides transient
1092   confidentiality of a message as it is transferred between two adjacent Web services nodes.

1093
1094       Transport Level Data Integrity
1095   A secure network protocol such as TLS [RFC2246] or IPSEC [RFC2402] MAY be configured to
1096   provide for digests and comparisons of the packets transmitted via the network connection.

1097
1098       Transport Level User Authentication
1099   The authentication provided by the transmission channel of a message transmission layer may be
1100   unidirectional or bidirectional. For instance, TLS [RFC2246] or IPSEC [RFC2402] provides an
1101   authentication method to a sender so that a destination under TCP/IP may be authenticated. It
1102   can be implemented by using electronic signature method and a certificate issued by certificate
1103   authority may be also used.
1104
1105       Transport Level Access Control
1106   Transport Level Access Control is used to control a user's access to resources in a transmission
1107   channel and can be organized by using TLS or IPSEC protocol.
1108
1109       Transport Level Accessibility
1110   This prevents resources from being unavailable due to a DoS (Denial of Services) attack. This
1111   can be implemented through transmission-level packet monitoring by firewalls, IDS, IPS, etc.
1112
1113       Transport Level Audit Trail


       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                     Page 36 of 43
1114   It creates and removes a session at the transport level, or leaves and audits a log after data
1115   transmission. Here, logging policy, that is, an appropriate pre-definition of contents to be utilized
1116   in an audit procedure is required.


1117   9.2.2 Message Level
1118       Message Level Data Confidentiality
1119   For the confidentiality for SOAP messages, XML-Encryption adopted as a standard in the W3C or
1120   WS-Security (OASIS Web services security specification) or other encryption procedures (for
1121   instance, S/MIME, PGP/MIME) may be used. Since XML-Encryption permits parts of the XML
1122   messages to be encrypted (or decrypted), it shows generally better performance than that of the
1123   encryption method at transport level when partial encryption is applied to the message.
1124
1125       Message Level Data Integrity
1126   This is for the data integrity at SOAP message level and can be realized by using XML-
1127   DSIG (XML Digital Signature) or WS-Security. XKMS (XML Key Management Specification) is a n
1128   ewer specification that significantly extends the PKI (Public Key Infrastructure) model by adopting
1129   XML to provide new levels of easy and interoperable key management service when XML-DSIG
1130   or WS-Security is applied.
1131
1132       Message Level User Authentication
1133   An electronic signature for SOAP head or body or payloads of a SOAP message can be
1134   generated and attached to the SOAP message using XML-DSIG standard adopted by W3C.
1135   Unlike the existing signature methods, the XML-DSIG can selectively perform signing of specific
1136   parts of an XML document and the signed part may be added to a document as long as the
1137   signature's effectiveness is guaranteed. By the XML-DSIG, several security services such as
1138   authentication, data integrity and non-repudiation can be also provided together. For user
1139   authentication, SAML (Security Assertion Markup Language) is also available. SAML is a
1140   framework for exchanging authentication and authorization information. Security typically involves
1141   checking the credentials presented by a party for authentication and authorization. SAML
1142   standardizes the representation of these credentials in an XML format called assertions,
1143   enhancing the interoperability between disparate applications.
1144
1145       Message Level Access Control
1146   Message Level Access Control enables the access levels to resources to be controlled by using
1147   the information contained in a SOAP message. It could be implemented by applying standards
1148   such as SAML and XACML. It may be also delivered with a message including the access
1149   authority defined by XACML in SAML, by which any user's access to resources may be
1150   controlled.
1151
1152       Message Level Non-Repudiation
1153   Message level non-repudiation can be realized by applying XML-DSIG and WS-Security
1154   implemented on PKI environment.
1155
1156       Message Level Accessibility
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                     Page 37 of 43
1157   This ensures accessibility to Web services against DoS attack to XML message. For
1158   implementing Message Level Accessibility, a SOAP Firewall could be used, which reliably
1159   protects against all the specific risks associated with the exposure of Web services across the
1160   company's firewall and the exchange of XML messages over external networks. It hides Web
1161   services behind virtual service endpoints and inspects all SOAP messages, blocking messages
1162   with incorrect, malformed, or malicious content.
1163
1164       Message Level Audit Trail
1165   This leaves and audits logs of each request/response message to call a Web service. Like
1166   transport level audit trail, the policy making to specify log contents for audit and trail should be
1167   preceded.
1168
1169       Message Level Privacy Protection
1170   As an end-user's privacy protection mechanism, there are specifications such as WS-Security,
1171   XACML and SAML for the data confidentiality and access control for a user's private information.
1172   WS-Policy, WS-Trust and WS-Privacy on the Web service security road map deliver privacy
1173   policies, reliance mechanism and privacy claims. WS-Policy, WS-Trust could be used for Privacy
1174   Protection but not only for it, and they are classified in this section because they are used in WS-
1175   Privacy. Once any privacy policy has been defined using WS-Privacy to WS-Policy context under
1176   WS-Security structure, a service to receive the message trusts and executes the defined policy.
1177
1178       Single-Sign-On
1179   A Single-Sign-On authenticates a user like the above Non-Persistent Authentication but it is
1180   different in that a single-sign-on is required because SOAP message passes through various
1181   security platforms. Single-Sign-On is achievable by using a security token issued by a reliable
1182   authority. It may be structured as a standard to implement portable trust such as SAML and be
1183   implemented by using solutions such as MS Passport, Liberty Alliance and etc.


1184   9.2.3 Security Factors & Related Technology Mapping
1185   The following <Table 7-1> shows the relationship between Web services security factors and the
1186   related technologies, which should be applied in order to meet such security factors.
1187

1188   <Table 7-1> Related Technology by Web service Security Factors

       Security Factors                           Related Technology

       Transport level data confidentiality       TLS, SSL, IPSec

       Transport level data integrity             TLS, SSL, IPSec

       Transport level user authentication        TLS, SSL, IPSec

       Transport level user access control        TLS, SSL, IPSec

       Transport level accessibility              Firewall, IDS, IPS

       Transport level audit trail                Logging, audit trail policy

       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                      Page 38 of 43
       Message level data confidentiality         XML-Encryption, WS-Security, XKMS

       Message level data integrity               XML-DSIG, WS-Security, XKMS

       Message level user authentication          XML-DSIG, WS-Security, XKMS, SAML

       Message level non-repudiation              XML-DSIG, WS-Security, XKMS

       Message level audio trail                  Logging, audit trail policy

       Message level access control               SAML, XACML

       Message level accessibility                SOAP Firewall

       Single-sign-on                             SAML, Liberty Alliance, .NET Passport, WS-Federation

       Message level privacy protection           WS-Policy, WS-Trust, WS-Privacy

1189


1190   9.2.4 Security Profile
1191   Web services security may use several quality sub-factors, depending on the characteristics of
1192   application services. The values of the sub-factors are categorized in the 'Web Services Security
1193   Profile’ (WS-SProfile) as a group of quality sub-factors that are frequently used together among
1194   these factors. The profile is used to set a security level with the other service partner and
1195   specified in a BLA (Business Level Agreement). Considering the number of security quality sub-
1196   factors, there could be a number of Web services security profiles. However, this specification
1197   defines 6 profiles that are presumed to be frequently used at present. More profiles MAY be
1198   added later if required.
1199

1200     ● WS-SProfile 0

1201   WS-SProfile 0 provides services such as authentication, message integrity, message
1202   confidentiality and access control using transport level security mechanism and secures
1203   accessibility against transport level DOS attack and etc.
1204
1205   The WS-SProfile 0 security protocols are TLS, IPSec and etc. TLS provides services such as
1206   user authentication, message integrity, confidentiality and an access control service with the
1207   functions of record protocol, handshake protocol, public key-based certificate creation and
1208   process, authentication mode support and etc between two applications. IPSec is, on the
1209   contrary, an open structure framework to provide security protocol based on IP layer in order to
1210   make up for secure communication between both far-ends and provides the security functions to
1211   support the weakness of IP. IPSec's primary security functions are authentication protocol(AH),
1212   encryption protocol(ESP), security linkage and policy database(SAD, SPD) and key management
1213   mechanisms, through which it can provide message integrity, message confidentiality and access
1214   control service.
1215

1216     ● WS-SProfile 1

1217   WS-SProfile 1 provides authentication message integrity, non-repudiation, and confidentiality by
1218   introducing electronic signature and encryption at message level. In some cases, security

       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 39 of 43
1219   services such as message confidentiality and access control may use security mechanisms
1220   provided at the transport level but it is not essential.
1221
1222   The most representative standard of the WS-SProfile 1, WS-Security is based on SOAP, a Web
1223   services message exchange protocol, and adapted as the representative message level security
1224   technology to provide authentication, integrity, non-repudiation and confidentiality by OASIS in
1225   2004.
1226   XML-Signature and XML-Encryption of W3C have been extended and applied to WS-Security.
1227   WS-Security provides practical authentication, message integrity, non-repudiation and
1228   confidentiality at message level including time-stamp related functions to prevent replay attack,
1229   and it secures 'end-to-end transmission' of SOAP messages. WS-Security also supports various
1230   security tokens to exchange security information.
1231

1232     ● WS-SProfile 2

1233   WS-SProfile 2 provides access control service using message level access control mechanism,
1234   secures access against XML DoS attack using a SOAP Firewall and contains WS-SProfile 1.
1235
1236   Unlike the existing firewall, a SOAP Firewall filters XML type SOAP messages, on which access
1237   control service is provided. Therefore, a SOAP Firewall SHOULD be able to decode and
1238   understand XML body contents of SOAP messages that are sent or received.
1239

1240     ● WS-SProfile 3

1241   WS-SProfile 3 provides Single-Sign-On mechanism using the security token that contains the
1242   WS-SProfile 2 security factor.
1243
1244   The mechanism to provide Single-Sign-On means the auxiliary technology to exchange security
1245   information: user authentication, approval and property information. On Single-Sign-On camp,
1246   there are SAML, Liberty Alliance, .Net Passport, WS-Federation and etc. SAML and Liberty
1247   Alliance have worked for the technology to exchange XML-based authentication information,
1248   Assertion, while .Net Passport provides Single-Sign-On function through the centralized
1249   authentication system. WS-Federation controls federated ID by combining with ID (identity) to
1250   represent individual identity, providing the Single-Sign-On function.
1251

1252     ● WS-SProfile 4

1253   WS-SProfile 4 contains the WS-SProfile 3 security factors, and provides a privacy protection
1254   mechanism.
1255
1256   Thus far, the representative privacy protection mechanism is WS-Privacy, which describes a
1257   model for a service provider and a consumer to dictate each privacy execution context. In
1258   general, it functions as, based on WS-Security technology, the foundation to construct a safe
1259   Web services interoperable with new partner (department) with WS-Policy technology and WS-
1260   Trust technology. For reference, WS-Policy is a Web service end point policy technology to
1261   express and deliver security, credit, transaction, privacy protection, while WS-Trust is a new
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                 Page 40 of 43
1262   model that provides an interface, available for inspecting the issuance, exchange and
1263   effectiveness of security token.
1264
1265   The following <Table 7-2> shows security factors included in Web service security profiles. (Op)
1266   means the availability of each security profile.
1267

1268   <Table 7-2> Security factor by security profiles

       Security Factors                             SP 0        SP 1    SP 2    SP 3    SP 4

       Transport level data confidentiality         ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Transport level data integrity               ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Transport level user authentication          ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Transport level access control               ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Transport level accessibility                ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Transport level audit trail                  ✔           ✔(Op)   ✔(Op)   ✔(Op)   ✔(Op)

       Message level data confidentiality                       ✔       ✔       ✔       ✔

       Message level data integrity                             ✔       ✔       ✔       ✔

       Message level user authentication                        ✔       ✔       ✔       ✔

       Message level non-repudiation                            ✔       ✔       ✔       ✔

       Message level audit trail                                ✔       ✔       ✔       ✔

       Message level access control                                     ✔       ✔       ✔

       Message level accessibility                                      ✔       ✔       ✔

       Single-sign-on                                                           ✔       ✔

       Message level privacy protection                                                 ✔

1269


1270   9.3 Quality Contracts
1271     ● Development Quality Contract

1272   Security quality is described as a profile in BLA for a security level to be provided when a Web
1273   service is implemented. In addition, it inspects whether a desirable level security function
1274   operates by tests when a Web service is actually implemented.
1275
1276

       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                   Page 41 of 43
1277   ● "Web services Use" Quality Contract
1278   When an implemented service is registered to UDDI, what level of security is provided is clarified
1279   and whether the security function actually operates should be confirmed by test cases. SLA
1280   specifications related to the security quality should specify a method to check whether the
1281   specified security level quality is provided, compensation policy in case such a quality fails to be
1282   provided and post-management actions in a contract.
1283


1284   9.4 Quality Associates
1285   Major concerns of each associate relating to security quality are summarized as follows.
1286

1287     ● Stakeholder

1288   A stakeholder analyzes threats related to Web services, determines the required security services
1289   to reduce or protect such threats and selects security profile types according to these
1290   determinations. The security level is set by the selected security profile and specified in the BLA.
1291   In addition, a BLA should contain the range of achievable quality level and the measurement
1292   methods. The primary concerns of a Web service stakeholder are determining which security
1293   quality level to reduce, to prevent threats and to follow the methods as specified in the BLA.
1294

1295     ● Developer

1296   A service developer's job is to determine which mechanism is to be used to achieve the security
1297   level quality specified in the BLA. Then, a developer is concerned about how to consider the
1298   security when developing a service and how to plan tests in order to confirm whether a developed
1299   Web service provides a desirable quality level. After all, a service developer is mainly concerned
1300   about creating a Web service to secure the security level quality specified in a BLA.
1301
1302   ● Provider
1303   A provider is interested if the security quality level specified in BLA can satisfy a consumer
1304

1305    ● Consumer

1306   A service consumer should comprehend the security level information that is practically required
1307   considering the defined security policy and search a Web service to provide the security level
1308   information. A consumer also reviews the security policy specified in a searched Web service,
1309   acquires an appropriate security token after checking what kind of security token or security claim
1310   is required and calls a Web service including the above-mentioned security token suitable for a
1311   Web service provider's security policy. Meanwhile, a consumer, as a service requester, may be
1312   notified of the results of whether a specified security quality is provided.
1313
1314   ● QoS Broker
1315   A QoS Broker performs the security quality test to check the authentication and the quality level
1316   inspected by the provider at the time of registration. When a consumer requests certain level of
1317   security, the desired Web Services security service is recommended based on the test result.
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                                    Page 42 of 43
1318
1319   ● Quality Assurer
1320   A quality assurer peforms the quality assurances including Web Services security authentication
1321   while monitoring the security quality level between the provider and the user.
1322

1323    ● Quality Manager

1324   A Web service quality manager is concerned about the management of monitoring and analyzing
1325   whether or not the security quality specified in the SLA is provided. In addition, a manager is
1326   interested in a system that can analyze the reasons why a security quality is not provided and
1327   modify/correct it.
1328


1329   9.5 Related Standards
1330    ● W3C XML Encryption: XML Encryption Standard. URL: http://www.w3c.org/Encryption/2001

1331    ● W3C XML Digital Signature: XML Digital Signature Standard

1332     URL: http://www.w3c.org/Signature

1333    ● OASIS SAML: Standard for interoperation among various security service systems

1334     URL: http://www.oasis-open.org/home/index.php

1335    ● OASIS XACML: XML-based open standard, SAML is the standard to express security policy

1336     URL: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

1337    ● OASIS WS-Security Specification: common mechanism standard when security token and
1338       message are combined.
1339     URL: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-
1340          1.0.pdf

1341    ● W3C XKMS (XML Key Management Specification): Key management service standard which
1342   makes easier to integrate PKI and XML application
1343     URL: http://www.w3c.org/2001/XKMS/

1344    ● MS, VeriSign, IBM WS-SecurityPolicy (Web Services Security Policy Language): Standard to
1345   provide the security policy applied on WS-Security
1346     URL: ftp://www6.software.ibm.com/software/developer/library/ws-secpol.pdf

1347     ● Ms, VeriSign, IBM WS-Trust: Standard for issuing and exchanging of security token, and
1348   trust relationship configuration within various trusted domain
1349     URL: ftp://www6.software.ibm.com/software/developer/library/ws-trust.pdf

1350    ● Ms, VeriSign, IBM WS-Federation (Web Services Federation Language): The definition of
1351   mechanism that makes possible to mediate the user information, property, authentication of Web
1352   Services applications which belongs to heterogeneous trusted domain.
1353     URL: ftp://www6.software.ibm.com/software/developer/library/ws-fed.pdf
       wsdm-muws-part2-1.0
       Copyright © OASIS Open 2003-2005. All Rights Reserved.                               Page 43 of 43

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:39
posted:12/5/2010
language:English
pages:43