Abstract: In this paper we present Colombo, a framework in which web services are characterized in terms of (i) the atomic processes (i.e., operations) they can perform; (ii) their impact on the “real world ” (modeled as a relational database); (iii) their transition-based behavior; and (iv) the messages they can send and receive (from/to other web services and “human ” clients). As such, Colombo combines key elements from the standards and research literature on (semantic) web services. Using Colombo, we study the problem of automatic service composition (synthesis) and devise a sound, complete and terminating algorithm for building a composite service. Specifically, the paper develops (i) a technique for handling the data, which ranges over an infinite domain, in a finite, symbolic way, and (ii) a technique to automatically synthesize composite web services, based on Propositional Dynamic Logic. 1

Abstract. Access-control policies have grown from simple matrices to non-trivial specifications written in sophisticated languages. The increasing complexity of these policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these policies evaluate. We define a framework to represent the behavior of accesscontrol policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies. We also define a notion of policy equivalence that is especially useful for modular reasoning. 1

Abstract not found

While Web applications evolve towards ubiquitous, enterprise-wide or multi- enterprise information systems, they face new requirements, such as the capability of managing complex processes spanning multiple users and organizations, by interconnecting software provided by different organizations. Significant efforts are currently being invested in application integration, to support the composition of business processes of different companies, so as to create complex, multi-party business scenarios. In this setting, Web applications, which were originally conceived to allow the user-to-system dialogue, are extended with Web services, which enable system-to-system interaction, and with process control primitives, which permit the implementation of the required business constraints. This paper presents new Web engineering methods for the high-level specification of applications featuring business processes and remote services invocation. Process- and service-enabled Web applications benefit from the high-level modeling and automatic code generation techniques that have been fruitfully applied to conventional Web applications, broadening the class of Web applications that take advantage of these powerful software engineering techniques. All the concepts presented in this paper are fully implemented within a CASE tool.

The web services paradigm promises to enable rich, flexible, and dynamic interoperation of highly distributed and heterogeneous web-hosted services. Substantial progress has already been made towards this goal (e.g., emerging standards such as SOAP, WSDL,

Abstract. It is now well-admitted that formal methods are helpful for many issues raised in the Web service area. In this paper we present a framework for the design and verification of WSs using process algebras and their tools. We define a two-way mapping between abstract specifications written using these calculi and executable Web services written in BPEL4WS. Several choices are available: design and correct errors in BPEL4WS, using process algebra verification tools, or design and correct in process algebra and automatically obtaining the corresponding BPEL4WS code. The approaches can be combined. Process algebra are not useful only for temporal logic verification: we remark the use of simulation/bisimulation both for verification and for the hierarchical refinement design method. It is worth noting that our approach allows the use of any process algebra depending on the needs of the user at different levels (expressiveness, existence of reasoning tools, user expertise). 1

Web service discovery is a key problem as the number of services is expected to increase dramatically. Service discovery at the present time is based primarily on keywords, or interfaces of web services through the use of ontology. We argue that “behavior signatures ” as operational level description should play an important role in the service discovery process. In this paper, we propose a new behavior model for web services using automata and logic formalisms. Roughly, the model associates messages with activities and adopts the IOPR model in OWL-S to describe activities. A new query language is developed to express temporal and semantic properties on service behaviors. Query evaluation algorithms are developed; in particular, an optimization approach using RE-tree and heuristics is shown to improve the performance. Specifically, experimental results show that the use of RE-tree reduces query evaluation time by an order of magnitude and with heuristics it enhances the performance by two orders of magnitude. This is clearly an encouraging starting point. 1

Abstract. A web service is modeled here as a finite state machine. A composition problem for web services is to decide if a given web service can be constructed from a given set of web services; where the construction is understood as a simulation of the specification by a fully asynchronous product of the given services. We show an EXPTIME-lower bound for this problem, thus matching the known upper bound. Our result also applies to richer models of web services, such as the Roman model.

In recent research, we have proposed a framework for highlevel specification of interactive, data-driven Web applications and established theoretical foundations for their verification [4], as well as implemented a verifier called wave [3]. We propose to demonstrate a system which centers on wave and consists of various modules dealing with aspects ranging from specification of Web applications to explanation of verification results. Our demonstration will focus on features of the specification language and the verification input, output and performance. 1.

Abstract. As the Web becomes a platform for implementing complex B2C and B2B applications, there is a need to extend Web conceptual modeling to process-centric applications. In this context, new problems about process safety and verification arise. Recent work has investigated high-level specification and verification of Web applications. This relies on a formal data-driven model of the application, which can access an underlying database as well as state information updated as the interaction progresses, and a set of user inputs. Properties verified concern the sequences of events, inputs, states, and actions resulting from the interaction. For the purpose of automatic verification, properties are expressed in linear-time or branching-time temporal logics. However, temporal logics properties are difficult to specify and understand by users, which can be a significant obstacle to the practical use of verification tools. In the present paper, we propose two alternative visual notations for specifying temporal properties. One alternative is to restrict the sequences of events using existing workflow specifications, such as BPMN, describing the execution flow of tasks within the application. However, such workflow formalisms have limited ability to express temporal properties. Another alternative is to develop a visual approach for explicitly specifying temporal operators, thus recovering their full expressiveness. 1