Upload
nickolas-greene
View
213
Download
0
Embed Size (px)
Citation preview
Formal Methods for Service Composition
Maurice H. ter Beek (ISTI–CNR, Pisa, Italy)
Saturday, December 1
SEEFM 2007
joint work with: Antonio Bucchiarone (IMT Institute for Advanced Studies, Lucca, Italy
and Nokia Siemens Networks, Lisbon, Portugal)
Stefania Gnesi (ISTI–CNR, Pisa, Italy)
SEEFM’07 - 2 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Outline
• Background
• Service composition approaches• Syntactic service composition• Semantic service composition
• Service composition characteristics• Connectivity, correctness and QoS
• Compare standardization approaches w.r.t. characteristics
• Formal methods for service composition• Automata, Petri nets and process algebras
• Compare formal methods w.r.t. characteristics
• Conclusions
SEEFM’07 - 3 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Background
• Service-Oriented Computing (SOC)• An emerging cross-disciplinary paradigm for distributed
computing • Changes the way in which software applications are designed,
architected (SOA), delivered and consumed
• Web Services (WSs)• Autonomous, platform-independent computational elements,
possibly managed by different organizations• Described, published, discovered, orchestrated and programmed
to build networks of collaborating applications, distributed both within and across organizational boundaries
We survey and compare service composition approaches (both industrial and academic)
SEEFM’07 - 4 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Syntactic Service Composition Approaches
• Service Orchestration (like BPEL4WS)
• Combines available services by adding a central coordinator• This orchestrator is responsible for invoking + combining
services
• Service Choreography (like WS-CDL)
• No central coordinator• Complex tasks defined by conversations of participating services• Composition of peer-to-peer interactions among the collaborating
services
SEEFM’07 - 5 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF BPEL vs. WS-CDL
• Both XML-based
• BPEL: coordination/composition of services (WSDL-based)• Processes model the flow of services by connecting activities that
communicate with external service providers
• WS-CDL: choreography description of services • Interactions describe the information exchange by specifying
participants, information and channel• Exception handling and compensations supported through
exception and finalizer work units
Contrary to BPEL, WS-CDL describes a global view of the behavior of the message exchanges of all services (rather than behavior defined from viewpoint of one service)
SEEFM’07 - 6 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Semantic Service Composition Approaches
• Aim: the automation of service discovery, invocation, composition, interoperation and execution monitoring
• Describe services by explicit, machine-understandable semantics
• Often rely on ontologies to formalize the domain concepts shared among services (like OWL-S and WSMO)
• The Internet is seen as a globally linked database in which web pages are marked with semantic annotations
SEEFM’07 - 7 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF OWL-S vs. WSMO
• Both ontology-based
• OWL-S• Defines a service ontology with four main elements: service
concept, service profile, service model and service grounding• No clear distinction between choreography and orchestration
• WSMO• Defines a model to describe semantic web services with four
main elements: ontologies, WSs, goals and mediators• Conceptual design in WSMF, annotations in WSML, execution
environment WSMX for dynamic discovery/selection/invocation
OWL-S more mature in certain aspects (choreography), while WSMO provides a more complete conceptual model
SEEFM’07 - 8 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Service Composition Characteristics I
Connectivity:
• Reliability• The ability to deliver responses continuously in time• The ability to correctly deliver messages between two
endpoints
• Accessibility• The percentage of responses per service request
• Exception handling/Compensations• What happens in case of an error and how to undo the already
completed activities• The ability to manage compensations of service invocations
(in case of a failure)
SEEFM’07 - 9 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Service Composition Characteristics II
Correctness:
• Safety/Liveness
• The assertion that some bad event never happens in the course of a computation
• The assertion that some event does eventually happen in the course of a computation
• Security/Trust• The ability of a service (composition) to provide proper
authentication, authorization, confidentiality and data encryption• The assurance that a service (composition) will perform as
expected despite possible environmental disruptions, human and operators errors, hostile attacks and design and implementation errors
SEEFM’07 - 10 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Service Composition Characteristics III
Quality of Service (QoS):
• Accuracy• The error rate of a service, measured as the number of errors
generated by a service in a certain time interval
• Availability• The probability that a service is available at any given time,
measured as the percentage of time a service is available over an extended time period
• Performance• Measured as the success rate of service requests:
– Maximum time needed to complete a request (response time)– Number of completed requests over a period of time (throughput)– Time needed by a service to process a request (latency)
SEEFM’07 - 11 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFFComparing Standardization
Approaches
Neither of these approaches offer any direct support for the verification of service compositions at design time
This is where formal methods come into play !
SEEFM’07 - 12 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Formal Methods for Service Composition I
• Automata
• Well-known model underlying formal specifications• I/O automata, timed automata, team automata, etc.• Their formal basis allows for automatic tool support
• Exemplary approaches (see paper for references)
• Frameworks to analyze and verify properties of service compositions of BPEL processes
• Translations from BPEL to Promela (finite automata) to use the SPIN model checker to verify LTL properties
• Translations from WS-CDL to timed automata to use the UPPAAL model checker to verify (timed) CTL properties
SEEFM’07 - 13 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Formal Methods for Service Composition II
• Petri nets
• Well-known framework for modeling concurrent systems• Their ease of conceptual modeling (graphical notation) has
made Petri nets the model of choice in many applications• Their formal basis allows for automatic tool support
• Exemplary approaches (see paper for references)
• Mapping of all BPEL control-flow constructs into labeled Petri nets (including the dead-path-elimination technique)
• Open-source tools BPEL2PNML and WofBPEL automatically transform BPEL processes in Petri nets and analyze them (including reachability analysis)
SEEFM’07 - 14 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Formal Methods for Service Composition III
• Process Algebras
• Precise and well-studied set of formalisms• CCS, π-calculus (which inspired BPEL to a certain extent),
LOTOS, etc.• Their formal basis allows automatic verification of behavioral
properties• Rich theory on bisimulation analysis for equivalence testing
(to verify substitutivity + redundancy in service compositions)
• Exemplary approaches (see paper for references)
• Specify and compose services in CCS to use Concurrency Workbench to validate correctness properties
• Translations from BPEL to LOTOS to use CADP model-checking toolbox to verify temporal properties
SEEFM’07 - 15 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Comparing Approaches in Formal Methods
Paper provides a reference for service composition designers and developers willing to use formal methods and tools
SEEFM’07 - 16 December 1, 2007December 1, 2007Maurice ter Beek (ISTI-CNR)FFFF
FFFF Conclusions
• Most standardization approaches to service composition lack:• Support to verify the (behavioral) correctness of service compositions• Support to perform quantitative analysis of QoS aspects
• Formal Methods and tools allow one to simulate and verify the behavior of one’s model at design time
• Thus enable the detection and correction of errors as early as possible and in any case before implementation !
The use of formal methods can increase the confidence in the correctness of one’s (service composition) design