Your SlideShare is downloading. ×
Gw3312111217
Gw3312111217
Gw3312111217
Gw3312111217
Gw3312111217
Gw3312111217
Gw3312111217
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Gw3312111217

39

Published on

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of …

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
39
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171211 | P a g eSurvey of Security in Service Oriented ArchitectureNilambari Joshi*, Paras Patel**, Dr. B.B. Meshram****(Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute,Matunga, Mumbai - 400019)**(Department of Computer Engineering and Information Technology, Veermata Jijabai TechnologicalInstitute, Matunga, Mumbai - 400019)*** (Head of Department, Department of Computer Engineering and Information Technology, Veermata JijabaiTechnological Institute, Matunga, Mumbai – 400019)ABSTRACTService Oriented Architecture (SOA) isa driving force behind all present and evolvingtechniques of data exchange and resourcesharing over the network. This helps in adaptingto the changing market needs efficiently andeffectively. Inherent characteristics of SOAframework have nurtured agility and flexibilityin distributed computing environment but alsohave posed high security challenges. This isespecially because of the anonymity of the enduser of a service and data exchange overunsecured network. This paper discusses risksposed by SOA related to important aspects ofsecurity Authentication, Authorization,Confidentiality, Data Integrity and Non-repudiation. It also presents mechanisms whichare being used by service providers to deal withthese security concerns.Keywords – Kerberos, Public Key Cryptography,Public Key Infrastructure (PKI), Security, ServiceOriented Architecture (SOA),I. INTRODUCTION1.1 Service Oriented ArchitectureService-oriented architecture (SOA) isnow a days well established framework thataddresses the requirements of distributedcomputing by loosely coupled, standards-based,and protocol independent communication amonginvolved software resources. In SOA, softwareresources are packaged as “services”, which arewell defined, self-contained modules that providestandard business functionality and are independentof the state or context of other services. Servicesare described in a standard definition language,have a published interface, and communicate witheach other requesting execution of their operationsin order to collectively support a common businesstask or process [2].Service Oriented Architecture is amethodology for achieving applicationinteroperability and reuse of IT assets that feature astrong architectural focus on ideal level ofabstraction, a deployment infrastructure andreusable library of services. (W3C definition) [9]. Italso incorporates support for organizing andutilizing resources that are under control ofdifferent administrations.It is need of time for enterprises to quicklyrespond to business changes with efficiency andleverage existing investments in applications andapplication infrastructure to address newer businessrequirements. The solution proposed and activelybeing used to cater these requirements is ServiceOriented Architecture, which allows enterprises toplug in new services or upgrade existing services ina granular fashion to address the new businessrequirements. It provides the option to make theservices consumable across different channels, andexposes the existing enterprise and legacyapplications as services, which is basic buildingblock of Service Oriented Architecture.1.2 SOA CharacteristicsService Oriented Architecture emphasize onreusability of existing resources by means offollowing characteristics1. Discoverable - A service consumer that needsa service discovers what service to use basedon a set of criteria at runtime. The serviceconsumer asks a registry for a service thatfulfils its need.2. Loosely coupled – SOA binding minimizesdependencies between services and thusachieves loose coupling through discovery andcontract.3. Autonomous – The service controls thebusiness logic they encapsulate. The serviceonly exposes interface of underlyingfunctionality and can change implementationwithout any change required at consumer’sside.4. Stateless - Statelessness refers to services thatdo not keep track of transaction or sessioninformation.5. Composable - Service composition isassembling service capabilities that consist ofsmaller units of logic to solve larger problems.It facilitates the assembly of compositeservices.6. Interoperable - The ability of systems usingdifferent platforms and languages tocommunicate with each other. Each service
  • 2. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171212 | P a g eprovides an interface that can be invoked from aclient which can run on any operating systemand can be implemented in any language. Theonly requirement is it should abide to the dataformat and protocol as suggested in the serviceinterface.II. SOA SECURITY CHALLENGESCharacteristics and design principles of SOA makesystems more susceptible to security threatsbecause of the following reasons.1. Service interface is exposed publicly to wholeworld. The owner has least control over whocan consume the service.2. Data is exposed to wide range of users. Dataprotection during transit and in storage isimportant to ensure data integrity and privacy.3. Data travels through heterogeneousenvironments, having different policies,technologies, network protocols etc. thereforeit is difficult to integrate and synergizedifferent security measures deployed.4. Connectivity in SOA is not point to point. It ishop by hop. This limits use of SSL for dataprotection while on network.5. This system is still vulnerable to a replayattack which simply replays a valid signedmessage, and gains unauthorized access.2.1 Framework Induced Security ConcernsFollowing generic security concerns are applicableto SOA, but with a bigger impact due to SOAcharacteristics.1. Authentication - Since services are exposedpublicly, it is difficult to know beforehand whothe users of the service are. The servicesinvoked might be across differentorganizational domain. It is required to havecommon trusted authentication mechanismacross services to ensure identity of the ultimateuser using them.2. Authorization - It is important to verifycapability and rights of user to take an action orget some information. Traditional approach ofrole based authorization might not be sufficientin SOA, since same user can invoke the servicein different context with different capabilities.Also there should be way to communicate usercapability information across services, whichare integrated as a part composite service.3. Confidentiality - Since data is shared acrossdifferent services and across different domains,there are high chances of data being exposed tounintended recipients unless strict measures toprotect data are imposed.4. Integrity - There is high possibility of databeing tampered during transit over the network.There might be different mechanisms of dataprotection deployed for different services,which are part of same transaction. Thereshould be mechanism to communicate andagree upon security measures to be incorporatedacross services to ensure data integrity.5. Non-repudiation – Whenever data is sharedacross services, there should be way to ensurethat it is from authenticated source.2.2 Technology related Security ConcernsSOA security is also affected by certaintechnological aspects .XML being the most widelyused mechanism for service invocation andmessage transfer, XML related security issues needto be handled. Following security concerns arefrequently observed in SOA paradigm.1. SQL Injection - SQL Injection attacks involvethe insertion of SQL fragments into XML datato return inappropriate data, or to produce anerror which reveals database accessinformation.2. XML External Entry – Document TypeDefinition (DTD) functionality that is availablein XML is used to define syntax of documentelements. It also allows outside data to beembedded into an XML document. Byspecifying a local file, some XML enginescould be made to access unauthorizedinformation from the local file system.3. XML Denial of Service – This attack takesadvantage of, the ability to pull in entitieswhich are defined in a DTD. Pulling the entitiesrecursively causes memory to exhaust and thusdeny service to further requests.4. Capture Relay Attacks – A service in SOA isprotected by a policy which ensures that servicerequests are digitally signed. This system is stillvulnerable to a replay attack which simplyreplays a valid signed message, thus gainingunauthorized access.III. SOA SECURITY MECHANISMSSecurity measures are designed andapplied to address different security aspects asmentioned in section 2.1. Most widely used andcomprehensive mechanisms to deal with SOAsecurity can be considered as Public KeyInfrastructure (PKI) and Kerberos.3.1 Public Key Infrastructure (PKI) provides theframework of services, technology, protocols, andstandards that enable you to deploy and manage astrong and scalable information security system [6].It is based on public key cryptography forencryption. The PKI creates digital certificateswhich map public keys to entities, securely storesthese certificates in a central repository, andrevokes them if needed.The most popular uses X.509 identitycertificates. In this PKI, a highly trusted CA issuesX.509-based certificates where a unique identity
  • 3. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171213 | P a g ename and the public key of an entity are boundthrough the digital signature of that CA [1].Fig.1 PKI Workflow3.1.1 PKI Workflow [1] [6] [9]As shown in Fig.1 the main steps involved in PKIworkflow are as below -Step 1 – The user provides credentials to theCertification Authority (CA) and Requests for thecertificate.Step 2 – CA contacts Registration Authority (RA)to validate the user credentials. If user is authentic,RA gives go ahead to CA to issue certificate.Step 3 – CA issues certificate which includes user’spublic key and certificate expiration date.Step 4 – User Presents the Certificate to serviceprovider while requesting a serviceStep 5 – Service Provider verifies the certificateand if certificate is valid, the communication starts3.1.2 Security Considerations addressed by PKI.PKI addresses most of the security challengesposed by SOA framework.1. Authentication – Certification Authority (CA)acts as a trusted third party to ensureauthenticity of service requester. Both theentities involved in data exchange trust CA asintermediary. Thus without exchangingcredentials directly with the service provider,service requester can be authenticated.2. Confidentiality – Each entity involved in Dataexchange maintains a pair of Public and privatekey pair. Whenever data is sent over thenetwork, it is encrypted using public key of thereceiver. At the receiver end, it is decryptedusing receiver’s private key. Any unintendedperson cannot decrypt the message withoutknowing actual receiver’s private key.3. Integrity – Data integrity can be achieved bytwo ways. Either by using Digital signature orby using Message Authentication Code (MAC).Any data tampering results in non-verificationof the digital signature.4. Non-Repudiation – The entitys signing privatekey is used to bind the entity to a particularpiece of data this can be used as non-repudiableevidence to prove to a third party that this entitydid originate this data.3.1.3 PKI Limitations –1. PKI doesn’t deal with Authorization of user toperform a particular action or invoke a service.2. PKI is a resource consuming technique in termsof CPU and Memory so it cannot be easilyintegrated with low power web enabled devicesmobile phones.3. It can be tedious process to obtain X.509certificates from a trusted CA, especially if alocal RA does not exist.4. Each site involved trusts its users, CAs, andother sites. If the trust between any of these isbroken, then the impact can potentially besevere.3.2 Kerberos - Kerberos is an authenticationprotocol which works on the basis of "tickets" orsession keys to allow nodes communicating over anon-secure network to prove their identity to oneanother in a secure manner. Kerberos usessymmetric key cryptography. Cross-realmauthentication is a useful and component ofKerberos aimed at enabling secure access toservices across organizational boundaries.3.2.1 Kerberos Protocol Workflow [1] [4] [5] –As shown in Fig.2 the main steps involved inKerberos workflow are as belowFig.2 Kerberos Workflow1. User sends credentials to AuthenticationService, and requests for Ticket Granting Ticket(Session key to be used with ticket grantingservice encrypted with TGS secrete key).2. AS verifies user with reference to the datamaintained at its end. After verification, itgenerates encryption key, and a timestamp(same as that in the user session) and expirationtime usually 8 hrs. AS sends session key to beused between user and TGS encrypted withuser’s secrete key and TGT encrypted withTGS secrete key and sends it to the user.{{Ttgs,Ksession}Ktgs,Ksession}Kuser3. User sends this TGT and service ID to TicketGranting Service.
  • 4. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171214 | P a g e). {TGT,{request,client-IP,time}Ksession} (whereTGT = {Ttgs,Ksession}Ktgs)4. TGS decrypts TGT and recovers session key tobe used with the client for futurecommunication.5. TGS generates session key (Client-ServiceKey) to be used by client for furthercommunication with the service. It encrypts itwith Service’ secrete key and sends back to theclient. {{Tservice,Kservice-session}Kservice,Kservice-session}Ksession6. Client sends the encrypted Service ticket(obtained from TGS) to the service and requestsan operation.({Tservice,Kservice-session}Kservice7. Service decrypts the ticket and obtains sessionkey. This key is further used for communicationwith the client till its timestamp expires3.2.3 Security Considerations addressed byKerberos1. Authentication – In Kerberos clientauthentication is done initially by authenticationservice. During first communication of clientwith TGS and application service, both theseentities decrypt the ticket (TGT and serviceticket respectively) with their secrete key withAS. Successful decryption ensureauthentication of the client.2. Confidentiality – Data can be exchangedconfidentially by using secrete key encryption.The secrete keys are generated for every client–server session and are time bound.3. Integrity – Kerberos enforce session based keysfor client-server communication which are timebound. So if any user intercepts the messagewhile in transit, and try to decrypt it to getsession key, it is almost impossible to use thatkey and send a forged message to the serverwithin session key expiration duration.3.2.4 Kerberos Limitations –1. Existing services need modifications tohandle Kerberos protocol.2. Key Distribution center can be a single pointof failure. If it is affected, the entire Kerberossystem is at risk.3. Kerberos cannot be used when interactingwith a non-kerberosed system.3.3 Authorization MechanismsService Oriented architecture facilitates servicesbeing shared across different administrativedomains. Services sharing necessitatesauthorization mechanisms which determine who isauthorized to access these resources and in whichways, and who is not authorized. Authorization isusually under the control of the service provider. Ageneric authorization framework, as shown in Fig.3defined by the ISO Access Control FrameworkX.812 standard for cross domain serviceinvocation.Fig. 3 Generic Authorization FrameworkTwo key components to support authorized accessto the target are - Policy Enforcement Point (PEP) - ThePEP ensures that all requests to access thetarget service go through the PDP. Policy Decision Point (PDP) - PDP makesthe authorization decision based on a setof rules or policies. In SOA paradigmpolicy languages are xml based.By default unless a PDP explicitly determines arequest to be valid and access should be granted, itis set to deny access.Some of the commonly used authorizationtechniques are mentioned below -1. Community Authorization Service (CAS) - Themain idea of CAS is that a resource ownerdelegates the allocation of authorization rightsto a community administrator and lets thecommunity administrator determine who canuse this allocation. The main component used inCAS server, which decides whether a user hassufficient privileges and give the user the rightsto perform the requested actions depending ontheir role in the community, which isestablished through Role Based Access Control(RBAC).2. PrivilEge and Role Management InfrastructureStandard (PERMIS) - It is an advancedauthorization infrastructure based on the X.509Privilege Management Infrastructure (PMI). InPMI, an authority issues X.509 attributecertificates (ACs) to users and an AC is used asa credential to store a binding between a user’sdistinguished name and the user’s privileges. InPERMIS access control decisions are madebased upon users’ attributes, not just upon theirorganizational roles as in conventional RoleBased Access Systems.3.4 Trust Management SystemsIn a large distributed environment communicationover internet, creating a single local database of all
  • 5. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171215 | P a g epotential requesters to a service is not a wisesolution. Furthermore a potential user can notalways be predictable and domain administratormight not have proper information about the user.In addition to that authorization cannot be purelybased on, since security in modern distributedsystems utilizes more sophisticated features likedelegation, separation of duties etc. Theseproblems can be addressed by the use of trustmanagement systems.Trust management automates the process ofdetermining whether access should be allowed, onthe basis of policy, rights, and authorizationsemantics.3.6Data Confidentiality and Integrity MeasuresData protection is an important aspect of SOAsecurity paradigm.SOA message transfer is from service to service(rather than source to destination) it is significant toprovide data protection to incremental messagecontent.XML being a language of message exchange inSOA, traditional data protection mechanisms likeencryption and digital signature are extended towork with XML data.Protection is at individual data item level ratherthan at message level or document level3.6.1 XML EncryptionWith XML encryption one cam encrypt part ofdocument or complete. We can encrypt one or allof the following portions of an XML document:1. The entire XML document2. An element and all its sub-elements3. The content portion of an XML document4. A reference to a resource outside of anXML documentThe steps involved in XML encryption are asfollows:1. Select the XML to be encrypted (all orpart of an XML document).2. Convert the data to be encrypted in acanonical form (optional).3. Encrypt the result using public keyencryption.4. Send the encrypted XML document to theintended recipient.3.6.2 XML Digital SignatureUsually digital signature is calculated overthe complete message. It cannot be calculated onpart of a message. This is because message digestwhich is used in digital signature is calculated onwhole message. But in practice users may want tosign only specific portions of a message. Forexample, in a purchase order, the purchase managermay want to authorize only the quantity portion,whereas the accounting officer may want toauthorize only the rate portion, this is mainlybecause they are responsible to share, update ordecide upon different information.In such cases XML digital signatures can be used.This technology treats a message or a document asconsisting of many elements, and facilitates for thesigning of one or more such elements.3.7Security design principlesWhile designing an application which is SOAbased, more attention should be given to make itsecured since it can be consumed by entities not insame administrative domain as that of the serviceprovider. To ensure information security in SOAbased application certain key aspects need to beconsidered as below. [12] There should be generic service contract toexpose service interface so that it can beconsumed and followed by different serviceconsumers irrespective of administrativedomain. Security mechanisms should be policy basedand platform independent so that they can beeasily implemented. There is always tradeoff between looselycoupling and security of a service. The extent ofloose coupling should be optimized so that itwill allow only necessary and sufficientmetadata in the service contract and at the sametime provide enough security. Define and clarify information securityrequirements which can be reused for differentcontexts. Build a trust component.IV. PROPOSED SOLUTIONFig. 4 Proposed SystemTaking into consideration different aspectsof security with reference to SOA as discussed inthe earlier sections, the system proposed as shownin Fig.4 is a comprehensive approach for securedservice oriented framework. To ensure completesecurity in the system, it is required to deploy allelements of security viz. Authentication,Authorisation, Confidentiality, Integrity and Non-Repudiation. Also it is required to ensure seamlesstalk between different administrative domains.
  • 6. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171216 | P a g eMain Components of the system are as below –1. Service Requester-It is a client who wants tocall a service. In most cases it is client sideweb browser.2. Perimeter Service Router – The perimeterservice router provides an external interface onthe perimeter network for internal Webservices. It accepts messages from externalapplications and routes them to the appropriateWeb service on the private network. Thusacting as an intermediary for the internal webservices it can monitor traffic and allows onlylegitimate traffic to enter into the privatenetwork and use its resources.3. Web Application Server – Web ApplicationServer host services under one organisationdomain. The service can be a simple service orit can be collection of different servicesinteracting with each other through serviceorchestration. Web Application server takescare of clubbing, interaction and integration ofdifferent web services within and across theorganisations.4. Web Server – Web server hosts simpleservices within one organisation boundary.5. Policy Server – Policy Server takes care ofpolicy enforcement, decision making,authorisation decisions etc. It consists ofPolicy Enforcement Point, Policy DecisionPoint. It interacts with trusted third party forcertificate verification and validation6. Trusted Third Party – It is third Party entitytrusted by different administrative domainswho are participating in some serviceinvocation. It verifies, validates serviceproviders and issues certificates.Security Mechanisms1. Different Security mechanisms can beimplemented at different levels ofcommunication.2. Data Confidentiality and Integrity needs to beensured over the network during serviceinvocation and response. XML DigSign,XMLEncryption techniques can be used toachieve this. This will ensure message levelsecurity.3. While invoking services authenticity andauthorisation of client is important. This is toensure information access to legitimate useronly. PKI and Kerberos can be deployed toensure the same. This involves trusted thirdparty to issue and then to verify certificates.4. It also ensures seamless integration of servicesacross different organisational domains.5. Authorisation policies, parameters should becommunicated correctly and securely alsoappropriate decision needs to becommunicated. XML based communicationwith (Security Assertion Markup Language)SAML and (eXtensible Access ControlMarkup Language ) XACML can be used toachieve this.V. CONCLUSION AND FUTURE SCOPEFollowing points need to be considered whiledesigning security framework for service orientedarchitecture1. Increasing demand of resource sharingacross organizations.2. Data exposure to wide range of known,unknown users.3. Least control over services due to crossdomain interactions.Thumb rules to be observed are1. Create Security awareness among allstakeholders at all levels.2. Prepare, Monitor and Enforce SecurityPolicies.3. Security should be considered at differentlevels of application development, rightfrom requirement analysis till deployment,with a vision of prospective threats.Security can be enhanced with by taking propermeasures at operating system level, network level,Application Level and Data storage level.With the extension of SOA towards the cloudenvironment, systems are becoming moresusceptible to security threats. Current securitymeasures are addressing the security part to agreater extent. But new emerging business modelsand exponential enhancement on technology side tocope up with this changing paradigm are posingmore challenges. In addition to the security aspectsconsidered in this paper, challenges related tomulti-tenancy, accounting, billing, policyintegration have to be addressed meticulously.REFERRENCES[1] “A Review of Grid Authentication andAuthorization Technologies and Supportfor Federated Access Control, WEI JIE,Thames Valley University et al.- ACMComputing Surveys, Vol. 43, No. 2,Article 12, January 2011.[2] ”Service oriented architectures:approaches, technologies and researchissues”, Mike P. Papazoglou · Willem-Janvan den Heuvel - The VLDB Journal(2007) 16:389–415 DOI 10.1007/s00778-007-0044-3.[3] ”Computationally Efficient PKI-BasedSingleSign-On Protocol PKASSO forMobile Devices”, Ki-Woong Park, et al. -IEEE TRANSACTIONS ONCOMPUTERS, VOL. 57, NO. 6, JUNE2008.[4] “How Kerberos Authenticationworks”,http://learn-
  • 7. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of EngineeringResearch and Applications (IJERA) ISSN: 2248-9622 www.ijera.comVol. 3, Issue 3, May-Jun 2013, pp.1211-12171217 | P a g enetworking.com/network-security/how-kerberos-authentication-works.[5] ”Kerberos Explained”,http://technet.microsoft.com/en-us/library/bb742516.aspx[6] “Basic Components of a Public KeyInfrastructure”,http://technet.microsoft.com/en-us/library/cc962020.aspx[7] “Kerberos: An Authentication Service forComputer Networks” ,http://gost.isi.edu/publications/kerberos-neuman-tso.html[8] ”Core PKI Services: Authentication,Integrity, and Confidentiality ”http://technet.microsoft.com/en-us/library/cc700808.aspx[9] ”Introduction to Digital Certificates”,http://www.verisign.com.au/repository/tutorial/digital/intro1.shtml#step1[10] ”Formalizing Service OrientedArchitectures”, Khalil A. Abuosba andAsim A. El-Sheikh, - P u b l i s h e d by th e I E E E Comp u t e r S o c i e t y July /August 2008[12] “Towards An Information SecurityFramework For Service-orientedArchitecture”, Jacqui Chetty, MarijkeCoetzee – published in InformationSecurity for South Africa (ISSA), 2010.[13] A Secure Information Flow Architecturefor Web Service Platforms, Jinpeng Wei,Lenin Singaravelu, and Calton Pu,- IEEETRANSACTIONS ON SERVICESCOMPUTING, VOL. 1, NO. 2, APRIL-JUNE 2008

×