A Framework for Secure Management of Web Services (SMaWS) in Enterprise Application Integration
This dissertation addresses challenges currently faced by enterprises that have embraced the new technology called Web Service in order to reduce the cost of enterprise application integration (EAI) as well as improve operational efficiency of their mission-critical business processes. The nature of Web Service introduces new challenges such as dependency among applications, and a failure in one application can lead to a failure in other dependent applications. Such challenges have led to a growing need for enterprises to confront Web Service monitoring and management issues as a priority. As a solution, this dissertation proposes a SMaWS (Secure Management of Web Services) infrastructure for secure monitoring and management of Web Services. Its goals are to provide deeper visibility into Web Service runtime activities as compared to currently Web Service management tools; access to information about the Quality of Service (QoS) of these Web Services; and a unified monitoring environment for Web Services deployed across enterprise business units. This enables an earlier detection of poor performance problem in each interdependent Web Service, which would lead to a faster diagnose and fixing of possible performance issue, and thus maximize availability. This dissertation describes the requirements analysis for monitoring and management of Web Services across an enterprise environment. It describes the architecture and design of the SMaWS infrastructure proposed for secure monitoring and management of Web Service. The proposed SMaWS framework enables the instrumentation of existing and newly developed Web Service applications, and extracts Web Service performance statistics. It determines Web Service identity, reliability, availability, security, usage, and license used by Web Service consumers to access a given service. This dissertation describes the SMaWS Repository and Security concepts that are proposed to address the challenges faced by most distributed architectures to enable the client applications determine the location of the server (“bootstrapping problem”), and at the same time ensuring both the integrity and confidentiality of parties involved. Finally, this dissertation presents a prototype implementation of SMaWS Manager Application and Sample SMaWS Web Service applications. The experimental results obtained, in terms of overhead induced by the SMaWS framework on the monitored Web Service applications, demonstrate the feasibility of the SMaWS infrastructure.