In a Service-Oriented Architecture (SOA), a system is viewed as a collection of independent units (services) that interact with one another through message exchanges. Established languages such as the Web Services Description Language and the Business Process Execution Language allow developers to capture the interactions in which an individual service can engage, both from a structural and from a behavioral perspective. However, in large serviceoriented systems, stakeholders may require a global picture of the way services interact with each other, rather than multiple small pictures focusing on individual services. Such “global models ” are especially useful when a set of services interact in such a way that none of them sees all messages being exchanged, yet interactions taking place between some services affect the way other services interact. An issue that arises when dealing with global models of service interactions is that these models may capture behavioral constraints that can not be enforced locally. In other words, some global models may not be translatable into a collection of local models such that the sum of the local models equals the original global model. Starting from a previously proposed language for global modeling of service interactions, this paper defines an algorithm for determining if a global model is locally enforceable and an algorithm for generating local models from global ones. 1

Abstract. Choreographies offer means to capture global interactions between business processes of different partners. BPEL4Chor has been introduced to describe these interactions using BPEL. Currently, there are no formal methods available to verify BPEL4Chor choreographies. In this paper, we present how BPEL4Chor choreographies can be verified using Petri nets. A case study undermines that our verification techniques scale. Additionally, we show how the verification techniques can be used to generate a stub process for a partner taking part in a choreography. This is especially useful when the behavior of one participant is intended to follow the corresponding requirements of the other participants. Thus, the missing participant behavior can be generated and the error-prone design of that participant can be skipped.

Abstract. An important issue, in open environments like the web, is guaranteeing the interoperability of a set of services. When the interaction scheme that the services should follow is given (e.g. as a choreography or as an interaction protocol), it becomes possible to verify, before the interaction takes place, if the interactive behavior of a service (e.g. a BPEL process specification) respects it. This verification is known as “conformance test”. Recently some attempts have been done for defining conformance tests w.r.t. a protocol but these approaches fail in capturing the very nature of interoperability, turning out to be too restrictive. In this work we give a representation of protocol, based on message exchange and on finite state automata, and we focus on those properties that are essential to the verification of the interoperability of a set of services. In particular, we define a conformance test that can guarantee, a priori, the interoperability of a set of services by verifying properties of the single service against the protocol. This is particularly relevant in open environments, where services are identified and composed on demand and dynamically, and the system as a whole cannot be analyzed. 1

Abstract. Recent approaches to service-oriented systems engineering start by capturing the interactions between services from the perspective of a global observer, leading to so-called service choreographies. The rationale is that such choreographies allow stakeholders to agree on the overall structure and behaviour of the system prior to developing new services or adapting existing ones. However, existing languages for choreography modelling, such as WS-CDL, are implementation-focused. Also, these proposals treat choreographies as monolithic models, with no support for multiple viewpoints. This paper proposes a multi-staged and multi-viewpoint approach to choreography modelling. For the initial stages, the approach promotes the partitioning of choreography models and the design of role-based views; while for subsequent stages, milestone and scenario models are used as an entry point into detailed interaction models. The paper presents analysis techniques to manage the consistency between viewpoints. The proposal is illustrated using a sales and logistics model. 1

Abstract. Recent research in the area of business process management (BPM) introduced the application of a process algebra—the π-calculus— for the formal description of business processes and interactions among them. Especially in the area of service-oriented architectures, the key architecture for today’s BPM systems, the π-calculus—as well as other process algebras—have shown their benefits in representing dynamic topologies. What is missing, however, are investigations regarding the correctness, i.e. soundness, of process algebraic formalizations of business processes. Due to the fact that most existing soundness properties are given for Petri nets, these cannot be applied. This paper closes the gap by giving characterizations of invariants on the behavior of business processes in terms of bisimulation equivalence. Since bisimulation equivalence is a well known concept in the world of process algebras, the characterizations can directly be applied to π-calculus formalizations of business processes. In particular, we investigate the characterization of five major soundness properties, i.e. easy, lazy, weak, relaxed, and classical soundness. 1

Abstract. The Web Service Choreography Description Language (WS-CDL) has been put forward as language for capturing sets of web service interactions and their control and data dependencies, seen from a global perspective. However the suitability of WS-CDL for this purpose has not been assessed in a systematic manner. This paper presents such an assessment by adopting a two-pronged approach. First, the paper studies the relation between WS-CDL and π-calculus, a well-known formalism for specifying communicating systems with dynamic topologies. Second, WS-CDL is assessed in terms of its support for two collections of patterns: the Workflow Patterns which capture recurrent control-flow dependencies in business processes, and the Service Interaction Patterns which capture recurrent compositions of interactions between services. 1

Service oriented computing, an emerging paradigm for architecting and implementing business collaborations within and across organizational boundaries, is currently of interest to both software vendors and scientists. While the technologies for implementing and interconnecting basic services are reaching a good level of maturity, modeling service interaction from a global viewpoint, i.e., representing service choreographies, is still an open challenge. The main problem is that, although declarativeness has been identified as a key feature, several proposed approaches specify choreographies by focusing on procedural aspects, leading to over-constrained and over-specified models. To overcome these limits, we propose to adopt DecSerFlow, a truly declarative language, to model choreographies. Thanks to its declarative nature, DecSerFlow semantics can be given in terms of logic-based languages. In particular, we present how DecSerFlow can be mapped onto Linear Temporal Logic and onto Abductive Logic Programming. We show how the mappings onto both formalisms can be concretely exploited to address the enactment of DecSerFlow models, to enrich its expressiveness and to perform a variety of different verification tasks. We illustrate the advantages of using a declarative language in conjunction with logic-based semantics by applying

Quality related aspects relevant for service-based applications cover a broad field of research, including work on quality modeling, QoS and SLA negotiation, as well as constructive and analytical quality assurance (like testing, monitoring and static analysis). This deliverable provides a survey of this broad field of “service quality ” and identifies the key areas where research contributions are currently available. Based on this survey of the state of the art, important and emerging research challenges are identified that could be pursued in the future in order to close several of the gaps which emerge from the current state of the art on “service quality”. Copyright © 2008 by the S-Cube consortium – All rights reserved.

Abstract—An increasing number of popular SOAP web services exhibit a stateful behavior, where a successful interaction is determined as much by the correct format of messages as by the sequence in which they are exchanged with a client. The set of such constraints forms a “message contract ” that needs to be enforced on both sides of the transaction; it often includes constraints referring to actual data elements inside messages. We present an algorithm for the runtime monitoring of such message contracts with data parameterization. Their properties are expressed in LTL-FO þ, an extension of Linear Temporal Logic that allows first-order quantification over the data inside a trace of XML messages. An implementation of this algorithm can transparently enforce an LTL-FO þ specification using a small and invisible Java applet. Violations of the specification are reported on-the-fly and prevent erroneous or out-of-sequence XML messages from being exchanged. Experiments on commercial web services from Amazon.com and Google indicate that LTL-FO þ is an appropriate language for expressing their message contracts, and that its processing overhead on sample traces is acceptable both for client-side and server-side enforcement architectures. Index Terms—Web services, runtime monitoring, temporal logic. Ç 1