PLAID 1005
`
`l 1
`
`Systems Journal
`
`Vol. 37, ND. 4. 1998
`
`
`
`

`
`Editorial Stali
`
`Editor
`
`(i. I’.
`
`I Iulflialgls:
`
`Associate Editors
`M. L. Bale:-i
`A. (5. I)u\-is
`J. R.
`l’1‘icdInar1
`Stalt Editor
`(K R. Scddnli
`
`Editorial Associate
`R. M. Jnttnsun
`
`Publications Stall
`
`Art Director and
`Business Adviser
`.l.
`l‘.
`l\-1115-=:1':i\-'-.:
`
`Production Assistant
`I.. A. Fit.‘-l‘Il1L‘
`
`Circulationfiullillment
`(7 C’ ““"‘l""“
`Administrator Analyst
`M. A. (‘aI'g_iulu
`
`Systems and Internet
`S. Ii.
`.r’\1|cn
`
`Advisory Board
`P. M. Hum {('l'mirmrm)
`M. J. i\Hill'lj(‘I
`.l. P. Brizml
`E. (‘zilzrliia
`B. E. Dies
`M. l)nn0frin
`W. A.
`l.-jtlicringturt
`K. Ishiilar
`A. F. Kulmstunmi
`A. Mills
`
`0. I.-'.. Myers
`I’.
`I{uwl::_\_-'
`R. M. Stcplrcrttauri
`D. M. Tltmnzis
`J. M. 'l'lmmp.xm1
`J. T. V£il1LlCI‘S|iCl.:
`D. M. Welsh
`
`
`
`'l')"rc- ..v:n-.\'wrr'r' u_,I"rrir'rJ'rJ'.-'r'Imrc in
`.m_.I"i'n’rrt'r'
`.s‘_\'.\‘.*r'm.\' rum’ !h<'t'r‘ rt!‘-
`1:‘.-'1'fl'r’('i‘ttt'L’.\' rrrrrkm it ;:r:_s'.rr'hl'r' in
`:r'.*'.\'.'irrgzrr‘.s':"r. rmnpmrrm'mm’r':r’.
`mm’
`.\‘r-permit’
`<‘unc'cm_\'
`arr
`lrfiufir-r‘rrrrrll‘rnrcr'.-"c--.'r'.-‘x.
`'1l‘:.F.x-in
`rum pr‘w.!lu.'r'.\'
`rr
`r':"mr'r’r' rarrr.’
`.\'irJrpl'r’r' rm'.-'u'm'.=rm- _,fE.=r
`.\._\‘.\'-
`rr'ur.s' us rr H".-"mic mm’ at hc.'tcr'
`
`op;Jr;r‘t:rJth'_\‘ _,-‘hr’ Nut".-'1' pu.\'.f'.'it'(’
`I,-'i*ur:m*.s'
`rm‘ HI.'rrupr':'cr!J.‘l'irj.'.
`pr:t‘frrhf."t.'_t'. srrmrlrrm’i:rrrrur:. rcrrxuhr‘.-’r'.t_\' mm’ r'r*rr.w. c:r.»'c’
`r:_1l'rr'.s'rr'rr;:. midrirrrrrugerrrwrtc.1!'r':"rurr_r4c.
`'r'}’n* (‘ui‘m'.s'rrg—
`gr*.\'t.\' .\'m‘r'r rm rrr'(‘h.‘!cr‘lrrr‘rrr' :'rr_\'c'r'hr'.'u'¢'r'rr u'ii'U m‘l'rr'r‘_'l_\‘.x‘-
`Ir’rH.\'l'u_\'¢’r'.\‘. 1-"11-u_.v;rrpr'r'.s'mrrt'r'mr.-‘r
`'l"m'J'rrric'rrr’ .-'\-"rim" in
`rhr'.\' t'.\'.m¢’ mm‘.-"i rm rr.\'_m’u:'t.\'rutr."r‘rJl.'JrH1'.5a".‘ftt’.\ r:_,".ur.5c.-’u’.-'r'-
`I1-'{H"{'.
`
`Tliu NH.‘ .\‘_\'.\(:'m.v.J'urrmm’ is :1 |'ulL‘I'cul IcchI1icuI_inLII'n:nl. |1ltl'||l.\|'Ii.‘I.|
`q1:u1'tcr'|_\'1'n_\'
`|ntct'I1'.l1innul BiI.~.im:s.~ M;u:hina.‘~ (‘urpnr;1t'Iun. .-\r—
`mnnk. Nu“ ‘r'nI"l\ lllfill-l l'.§i..‘\.()i1i<:uI'\: Lstuin \'. (tt:I‘hlI1L'l'. Jt'..
`{‘|1'.lirnt:m and (‘hicl' li\ucuti\'u.- {lEIiu:s.‘|': IL-fi'|'u,\' I). {'iu|'L::.~. Tr‘-.'.I—
`-urcr: l);m Ii. {)'[)nnnc1l. .Ԥccr'ct;rr}'.
`
`the
`lruln m:.'|'nhc|'.~. ml"
`.’xlI|11’l'Iih!~it'rI‘|\
`\'\'1.']L't'til]L'h
`'|'i1u J'nm'mrl'
`\\rt['|I.l\\'ltlL'|1I'tlIL,"~riil'r[1l|.l£!|'|L|(ICllL|L'I‘lliL‘Ul!Il'lI]‘lI.|.l'lll}'\\1]lt;lI'C inter‘-
`Unlud in .'u.l\'u|tu:-4 in ~n|'1~.\';rrc and .~._\'s1:.-Ins. Sec l1l~I pngu ul this
`i.-.~uu I'm‘ “lnl'nr'mullnn tor .-\L1Iln-IN." \«"|'.I]'Il.lN'L'I'l]‘l[ ~e1IhI1ti.~s~iunh
`um! nlhcr \\'ritl:.-:1 mrweapnrulcncc uhuulul
`In; ncnl In the [il-
`itur. Hflf .'s'\'s::'rrr.w ..’urrr'rr:u'. PI}. BM IIH. Ynr'kIu\\n llcigltin.
`Nuu
`‘furl;
`|l|."*‘lN-till.‘-6
`L-’..\',.»'\.
`li1uL‘lr'uniu.'
`cur|'u.~.pumlcru.‘u
`m;._\-
`Iiu *&L,'|1|
`lu |hc l'.t|ill'I|' zrl
`ilk‘
`thllmxing Itilcrnul ;u.|«.|rc~.-.:
`_iIIlI[‘I]zIIN(I'| \\:1tsnn.il:m.mn1_
`
`
`:~.[Il l pa.-1' carlcildur _\':::u' l single L‘upiL‘~u SZZJIII:
`Biirlwcriplinli mic:
`r'cpr'inI.~. ml" urticlcx $$.llt| t.’EIi.‘|'i].
`()\'::r'e~u.-'.r.~. (Ind Imiulling r;l!;iI'g_-us
`m.-:_\--.ippl_\-.l)i~.cnumuLl1':Itr:e~::|'uz|\'ui|:rlt1ul'nr'IBM::I11pIu}u:\::|iu.|
`r;1|:rli|'}'ir1g ci|.~.lnrm-r.~. .‘\'uc in.~.iu.lc |‘iIL‘L s.‘n\.'t.'t' |'n|' ~irl'w;|'ipliurt arltd
`Lm.tur'ing i|1!'nr'r11;ltinr1. t:lL‘Cl|'r!1tlI.‘ .Ht‘l.Il'L‘t.'\. and ;1h~atr:u:1in_u uml rc-
`11IuLlu:.‘linr1 r-«.‘1'\'icu.~.
`
`'l'|1L~.:'om-.-:r.=.|".~ \\'nrlu.l Widc \\":.'h harm‘ p:1_uc m;1_\ lac fmiml at LIRI .:
`l1tlp:.-"M \n~'.:l| ntadrnt .ihIn.onInxjutrrnall.-".
`
`'I'l1c.-\(‘Mnllurw1l1c.:'um'mn'tuitsmcm|n:I'\.Scuirtsitlcltrluk unxcr
`lnr mnru inl'm'm'.ltinn_
`
`'|'|1n: l'H.‘l.* .\'_i'.\mn.\Jurrrmn’I ISSN {Ill I H—‘<h?'{I} is pulrlilshml t'nur'li|1i::s
`an _\'c;:r by lnta.-r'n-.L1i:m'.Ll
`liuxiriuss l\-1-.uu|1inc~ (kzrpnrutiun. UILI
`UI'L‘h:!I'v.l l{nm.l. .*\I'It1t'I|:‘|l\'. NY Ill:"~ll~l.
`|'urim|1'L".||.- i.‘|ils\|)4.tHiil_‘__'t.' p;:'ru.|
`ul .-\|'1nunl-e. NV. untl '.lL|t.llIiL'ri‘li|.l niniling I'I|liL‘s.‘5. ."’n.~'mrmm': Send
`alnldrcxs s:|1:n1gcx1n IBM 3'§_\'xIL‘I‘I‘Ih.|H1|l'l'I:Il. IBM {'urpnr':ttiutt. P.U.
`Hm 215. Rte. 134. ‘furlxlnwli lluiglits. NY lIl:'1‘?H-{|21H.
`
`ii
`
`
`
`

`
`“mi” E!III“
`S stems Journal
`
`.-.r-
`
`UNI ._
`MicHiéAi:
`
`-N‘
`
`NOV 23 1993
`
`LIBFMFW
`
`Capitalizing on
`intellectual assets
`
`K,—T_ Huang
`
`Technical note_
`WBDEWBB.
`534 A Web service
`
`3Ql_l|‘8QfltD|'
`Y. Zhao
`
`Technical note-
`IMS celehrales lhirly
`years as an
`product
`K. Fl. Blackman
`
`Books
`
`606 Volume 37, 1993
`
`Preface
`
`An approach jo_
`improving existing
`measurement
`Ii's“§‘i'iZ‘i3§1‘irV.H.
`
`I. S. Bhandari. and J. Dawson
`
`Support lor_Enlerprise
`502 JavaBeans In
`Cflmllflflem Bfflkt‘-T
`8.
`goldelgi.
`_
`ileri er er.
`.
`D. F. FEFQLISOFIQ R. D. Jackson.
`T. A. Mikalsen. and I. Silva—Lepe
`
`On the linkage
`of dynamic tables
`in relational DBMSS
`
`G. Y. FLIh. «J.-H. Chow.
`
`2’.nm“+.“?;?“%?ibE‘gJl
`
`Software development:
`Processes and
`performance
`
`8. Sawyer and P. J. Guinan
`
`.'ii'1iclu~. Ihul
`|‘n.x1—I‘."J~l
`\|.u'|iiii-.-\ ("i-r|u~i.itini1. My iii.li\u|ii.i1 .ii1ii'li-s his cnp\ii1_-_' ililiiiriiuliivn.
`|iitcria.i:inn.i| }iii~i'il..\».
`|i_\
`I‘J\l\
`ikiintiuhi
`-
`\.'lI||_\
`1| cuilc :it [In lmltum nl
`lhu lizxl
`p.i_~_'u m.i_\
`In" I.'1|J“L'Ll. pin-\i1lui lliu iiui-u-p_\ Tu‘ iiiiliuilul iii Ilic midi‘ ik }\'.i'u1 1h|'£IIl_L‘_|l
`||‘I:.' (':ipyi'ig|il
`i"ii::il.'lIl\\' {"..'I11L'I'. Ill Rin\._'\\ir-Iil Hliic.
`|J'.iII\\'1-. \'| \ l|l‘J:.“ l
`.‘u..\.
`|.il‘|c HI
`'i'i~r11e‘I‘il-
`|1.i5:..'
`lll:I_\
`l‘L'
`|'|L‘L'1_\
`\"‘!‘|'l-‘L1 '~‘“‘| ‘I"‘”i|“”L"-1 in 4".‘-
`lul In.
`|‘§S\. HUI-‘---\'fi_“. Priiilul in l'_\'. \.
`
`iii
`
`

`
`This material may be protected by Copyright law {Title 17 U.S. Code)
`
`Technical note
`
`WehEntree: A Web service
`
`aggregatnr
`
`by Y. Zhao
`
`This technical note introduces lBM’s WebEntree,
`a single-log-in Web service aggregator.
`WebEntree provides an aggregated Web service
`on top of distributed Web service systems {as
`components} with a centralized access control
`and content customization facility. Each service
`system can have its own access control facility
`and provide its own independent service.
`WebEntree implements a flexible and dynamic
`component-bundling mechanism, and can
`provide personalized service with user-selected
`component sets. WebEntree offers a convenient
`way for new components to be “plugged in” and
`“played.” The owner of the aggregated Web
`service can keep each component's original
`branding, add more information, filter out certain
`content, or customize the presentations.
`WebEntree also provides a single user
`registration and authentication interface for all of
`its user-selectable service components.
`WebEntree currently accommodates Web service
`components invoked via HyperText Transfer
`Protocol (HTTP, i.e., undera Web server} and
`service components invoked directly from local
`or remote application programming interfaces.
`Other component interfaces are planned.
`
`Wel1sen=ice commcreialization and personaliza-
`lion usually involve user access control. Tltis
`means that users must register to obtain a service.
`and they must be authenticated each time to access
`the services. e.g.. by providing user identification and
`password. With a growing number of Web services.
`each with its own authentication facilities. Web users
`have been inconvenienced. For exarnple. a user's
`identification {to} in one s_vsten1 may not he accept-
`able for another system because of ID conllicts. Also
`the password validation polie_v {e.g.. time period.
`character restrictions. etc.) in one s_vstem ma_v dilfer
`
`from another. Consequently. a user must have mul-
`tiple user [Us and passwords. and must he authen-
`ticated several times to access ditferent services. Mul~
`tiplc user Ins and passwords are inconvenient to use
`and ditlicult to manage. Weblintree solves this prob-
`lem by providing one common entrance fora user
`to access all Web service systems. identified as l-Vrli
`st.=r1'it'c t'r)lll_l)t')ll{’ltl.\‘ in this note. A user can register
`and be authenticated only once at entrance: WehEn~
`tree then hartdles user registration and authentica-
`tiort to Web service components. Wehtititree also
`provides the convenience of consolidating the user's
`Web services in one place. saving exploration time.
`
`In addition. WchEntrce assists a Web aggregation
`service provider by not only providing a single log-in
`entrance lor users. but also the ability to change the
`Web service components‘ original branding. custom-
`ize the presentation. Iilter out certain content. and
`add the service providers own advertisements. (‘on-
`tents from the dillerent Welt service components are
`made accessible b_v Wchfintrce prior to sending tltcm
`to end users. which allows the aggregation service
`provider to customize the content.
`
`Through WebEntree. the aggregation service pro-
`vider can also provide personalized services. (‘astoni-
`e1's can select the prchundlcd Web service compo-
`nent groups they want via initial registration. and they
`can change their selections at any titne. With the use
`
`IWH h_\' International Business Machines Corporat-
`‘Copyright
`tion. (‘op_ving in printed form for private use is permitted with-
`out pa}-'it1c11t ol |'tl_\":lll_\" provided lhatt I 1 each rcproduct ion is done
`\\ilhoot :t1lcI'aIion and ill the Jutrrrttrl re|'cI'cIIcc and [BM copy-
`right notice are iltcltldetl on the lirst page.'l‘|ie title and abstract.
`but no other portion.~.. of this paper mn_\-' be copied or tiislrihulcd
`ro_va|l}-' lree without in rt her permission h_v computcr—haset| and
`other int::rmalion—scrvice .\'_\-'Nil..'t'|"|S. l’erI‘niss'ton to r'epirlrlr'.s'lt any
`other portion of this paper rnust he obtained lrorn the Editor.
`
`534 znso
`
`HIJIH flli-‘t'|.'|H'Sh flll
`
`'-.'
`
`l'l“.lt'l
`
`|E:l-M
`
`IBM SYSTEMS JOURNAL. VOL 3?. ND -1-. 1993
`
`

`
`of WebEntree’s graphical user interface (GUI)-based
`administration subsystem, an aggregation service
`provider can add or remove a Web service compo-
`nent easily. Also, the service provider can dynam-
`ically bundle the service components into different
`groups, and manage user information and access to
`the dilferent groups.The administration activity will
`not interrupt customer service.
`
`Some WebEntree application scenarios follow:
`
`0 Web service center as (J virttmi Web site: WebEn-
`
`tree enables the separation of Web service from
`Web contents, greatly reducing complexity for the
`Web service provider. Thus. a Web service pro-
`vider can create a service Web site without host-
`
`ing the actual contents, olfering a variety of pop-
`ular Web applications and services from many
`locations.
`'
`
`' Ercistirtg Web publication service provider ertl'rarrcc-
`rrrerrts.‘ A publisher with an existing Web site can
`add other interesting Web sites. This broadens the
`contents and colors of the site and adds to its ap-
`peal. WebEntree also enables the integration of
`multiple Web service systems that the service pro-
`vider may have.
`- Service site in at corrtpartyis irrrrrrrret: In a company's
`intranet, there may be a need to construct a Web
`service site that aggregates a variety of Web ser-
`vices from outside as well as inside the company.
`By using WcbEntree. employees do not need to
`individually pay registration or service fees for the
`services provided because these items are handled
`in one place. The single registration and log-in in-
`terface and personalized home page also provide
`employees with access convenience. In addition,
`the company can customize and filter the Web con-
`tents.
`
`- Service sireforarr ertrarret: An extranet is a network
`among partners. There may be access control in-
`volved with each partner's Web site. WebEntree
`makes it easier for a user to access the participat-
`ing Web sites.
`
`The Web content mentioned earlier is information
`
`that is representable by a Web browser. It can be
`compound documents or business data. It can be
`dynamically generated from database query and
`computation or from static files. The Web service is
`to provide Web content from a Web server to Web
`browsers. Web service aggregation provides collective
`Web services from involved Web services systems
`(or components). It is dilferent from integration,
`
`which tends to provide a more tightly coupled sys-
`tern.
`
`Single registration and authentication elforts (or sin-
`gle sign-on) for non-Web environments have been
`around for a long time. A survey can be found in
`Hursti.' IBM’s Global Sign-On product is one exam-
`ple. : More can be found in the documents from The
`Open Group.“ These solutions usually are based
`on DCE (Distributed Computing Environment) or
`LAN (local area network) architecture, and for mul-
`tiple hosts in an afliliated environment. In a Web
`environment, the most popular service systems are
`based on HyperText Transfer Protocol (I-I1TP)," or
`so-called Web servers. although Common Object
`Request Broker Architecture (CORBA**)-based HOP
`(Internet Inter-Orb Protocol) servers are beginning
`to be considered new as well. These Web service sys-
`tems usually are operated in a nonafliliated environ-
`ment. The problem of single registration and authen-
`tication must be solved for Web service systems
`operated across all different protocols.
`
`In HTTP. the response to a request must come from
`the server to which the request was sent. This makes
`it diflicult for requests to dilferent HTTP servers to
`go through a single aggregator gateway. Proxy serv-
`ers" can be a solution. HTTP-based proxy servers have
`been implemented by Netscape, ’ IBM, and other
`companies. Services available via proxy servers in-
`clude firewall. cache.’ and content filtering and se-
`lection.“ The problem with this solution is that the
`proxy server must be specified on the Web browser.
`Most corporate Web clients use a proxy server to go
`through their fircwal Is and to get Internet access. Ob-
`viously, diflerent proxy servers are used by dilferent
`corporate firewalls. Since only one proxy server en-
`try is allowed for each Web browser (although proxy
`server relay is allowed from the entry proxy server),
`it is dilficult for a common service proxy to reach all
`users inside different firewalls (each firewall proxy
`has to be configured separately to use the common
`service proxy). It will be more complicated when mul-
`tiple common service proxies are involved through
`dilicrent Web service providers. WebEntree has been
`designed to solve this problem in an alternative way.
`
`WebEntree adopts object-oriented architecture and
`design. It is based on the object-oriented Java“ Web
`servers (Web servers that support Sun Microsystems’
`servlet application programming interfaces) and is
`implemented purely in the Java language; therefore,
`it is platfonn-independent.
`
`IBM SYSTEMS JOURNAL VOL 3?. ND 4. 1993
`
`M0 585
`
`

`
`Architecture
`
`The conceptual architecture ofWebEntree is shown
`in Figure 1. Webfintree can provide services from
`either inside a firewall (to serve intranet customers)
`or outside a firewall (to serve certain internal infor-
`mation to the world), as illustrated in Figure 2. To
`enhance security, digital certification can be used to
`establish trust between Web clients and WebEntree.
`This can be implemented by using secure m'rPbased
`on SSL (Secure Socket Layer). Some Web service
`components may also choose to use SSL with certif-
`icates for security enhancement. Most current Web
`servers support secure HTTP protocol. The challenges
`in using SSL are (1) the involvement of a third party
`who issues the certificates and (2) certificate man-
`agement in both Web client and server.‘ The third
`party must be trusted by both the other two parties.
`Depending on the needs of a Web service provider,
`WebEntree can be configured to use or not to use
`SSL.
`
`As shown in the system architecture depicted in Fig-
`ure 3, WebEntree has three main subsystems: user
`registration, service engine, and administration. The
`user registration subsystem coordinates user regis-
`
`5352»-mo
`
`tration information with the corresponding service
`components. The service engine accepts requests
`from Web browsers, passes them to the correspond-
`ing service components, obtains responses from the
`components, and sends them back to the Web brows-
`ers. Also, the service engine conveys user authen-
`tication information to the corresponding compo-
`nents, and provides various service options. The
`administration subsystem is implemented with a
`graphical user interface, which provides a convenient
`mechanism for managing users and Web service
`components, as well as for servitx: and Web content
`customization.
`
`A data manager maintains a repository for user, ser-
`vice component, user access group, and component
`bundling information. It also manages a set of per-
`sistent objects to accommodate repository accesses
`from dilferent threads and processes. This data man-
`ager and relevant persistent objects are implemented
`on top ofJDBC (Java Database Connectivity), allow-
`ing access to diiferent database products.
`
`A user must be registered to obtain services from
`WebEntree. User registration information is prop-
`
`IBM SYSTEMS JOUWNIAL. VOL 3?. NO 4. 1998
`
`

`
`
`
`Flynn: VIrebErlrco!orbettIi'IIranatarndoxIrar|etlN'chuIoI's
`
`agated to the user-selected Web service components
`or applications by the registration subsystem. Initial
`groups of service components can be selected dur-
`ing registration. After registration, a user is granted
`a user ID, a password, and a certificate if SSL authen-
`tication is involved in a selected Web service com-
`
`ponent. Then, the user can log in to the member ser-
`vice provided by WebEntree. After user log-in, the
`service engine authenticates the user and provides
`a personalized home page that includes hyperlinks
`to all service components the user has selected. When
`the user elicits on a component’s hyperlink, the re-
`quest is sent to the service engine. The service en-
`gine first compares the user’s access to the acces-
`
`lE|MSYS'l'EM5JCI.I7|MN..\I'DL8?.M)4t‘l99E
`
`sihility requirements for the requested service
`component. If the user has proper access, the ser-
`vice engine will retrieve the Web content from the
`selected URL (uniform resource locator) and send
`it to the user. Also. users can post content to a Web
`service component. Optionally, the service engine
`can also support usage logs and reporting, and an
`interface to a billing or payment subsystem.
`
`The WebEntree administration subsystem is imple-
`mented in two versions: a server-based Java appli-
`cation version and a Java applets version, viewable
`with a Web browser. The user interface is basically
`the same in both versions.
`
`IHAOSB7
`
`
`
`

`
`User registration subsystem
`
`The user registration subsystem allows users to reg-
`ister themselves. It also provides a user with an ini-
`tial list of selectable service groups. Each group
`contains a list of service components, and each com-
`ponent can reside in multiple groups. Also. a user
`can access multiple groups. The user registration in-
`fonnation is stored in a persistent repository (i.e.,
`a database) via the data manager. This registration
`information is propagated to the access control sys-
`tems of user-selected service components. Therefore.
`only one registration is necessary to access all ser-
`vice components that are routed to WebEntree. It
`also enables a single user-authentication interface.
`i.e., a user needs only to log in once to access all of
`the services provided by selected service components.
`A sample user registration form is shown in Figure
`4. The architecture and control flow for this sub-
`system are shown in Figure 5.
`
`Registration mechanisms. WebEntree provides two
`types of user registration mechanisms: automatic and
`
`5382:-mo
`
`administrator assisted via electronic mail. In the au-
`tomatic registration mechanism. a user fills in a reg-
`istration form like the one shown in Figure 4. Then,
`the registration form is sent to the registration man-
`ager via URL after submission. The registration man-
`ager parses the user’s information and calls the data
`manager to store the user data into the aggregator’s
`database. Then, the registration manager invokes the
`registration dispatcher to register the user to the se-
`lected Web service components. The user becomes
`a member and gets access to the aggregated Web
`service immediately.
`
`If a proofing procedure needs to be performed be-
`fore a user can be registered, the administrator-as
`sisled registration mechanism can be applied. With
`this mechanism, the user's registration forms are
`routed to a system administrator via electronic mail.
`If approved, the administrator sends the user’s reg-
`istration form to the registration manager. Then the
`registration manager stores the user’s registration
`information in the aggre-gator’s database via the data
`
`IBM SYSTEMS JOURNAL. VOL 37. N0 4. 1998
`
`

`
`manager and invokes the registration dispatcher to
`propagate the registration information. The user is
`notified via electronic mail about membership and
`access information.
`
`Registration synchronization. The registration syn-
`chronization between Webfintree and other Web
`service components is achieved by propagating user
`registration infonnation in WebEntree to other user-
`selected service components via the regular regis-
`tration channel provided by these components, e.g.,
`via HTML (I-IypeI’I‘cxt Markup Language) forms, cli-
`ent registration applets, or server registration APIs
`(application programming interfaces). For each Web
`service component, there is a special registration han-
`dler. This handler, implemented in Java code. sends
`registration information in the format that is accept-
`able by the component’s registration interface. The
`registration method in a registration handler is cus-
`tomized code. Since each Web service component’s
`registration interface can be unique, registration
`method automation does not seem possible in a non-
`afliliated environment.
`
`IBM SYSTEMS JOURNAL. V01. 37. NO 4, 1998
`
`The registration dispatcher is a daemon, started at
`aggregation service initialization time, that detects
`user registration and invokes the registration han-
`dlers to send registration information to the user-
`selected Web service components or applications.
`
`If a user-selected Web service component provides
`personalized service, the user profile information,
`user ID, and password are sent to this component
`for registration. Notice that the password here is not
`the same password used to access the aggregator.
`The component password is generated by running
`a Java algorithm, and the algorithm produces the
`same password each time. To change the password
`is to change the algorithm, which belongs to the sys-
`tem and is transparent to users. The password pol-
`icies can be provided from the administrator's in-
`terface, and the Java code will be dynamically
`generated and compiled. The generated passwords
`comply with the password policies specified by the
`Web service components. The password algorithm
`is implemented as a method inside the registration
`handler.
`
`M0 589
`
`

`
`
`Figures
`flnactiteenrnuidcunrunawotfliorogleuaflonaubsyetam
`
`The registration handlers are dynamically loaded at
`run time, an advantage of Java code. Therefore, the
`registration handlers can respond to registration in-
`terface and password changes for a Web service com-
`ponent at any time during service, as necessary. Since
`each password is uniquely generated at run time for
`each Web service component (by running the Java
`code), an intruder to WebEntree will not be able to
`find passwords to the Web service components. Each
`aggregated Web service component can use its own
`password generation methods (e.g., with encryption)
`or the default ones provided by this Web service ag-
`gregator.
`
`If a Web service component does not provide any
`personalized service, it is unnecessary to propagate
`user information to it. The aggregator is registered
`to each Web service component with a separate ID
`and password. The aggregator’s [D can be either
`dynamically generated (as for the password) or
`
`stored in the Web service component authentication
`table. The password generation is as described above.
`
`This two-level registration and authentication mech-
`anism, aiong with run—time password generation for
`accessing real content in the Web service compo-
`nents, has enhanced WebEntree’s security, because
`the passwords to Web service components are not
`recorded anywhere. The Web service component de-
`termines whether clear password text is allowed to
`be transferred on the network (e.g., basic authen-
`tication) or not (e.g., digest authentication). For af-
`filiated Web service components, one-time password
`or token-based authentication can be considered as
`well for further improvement of security, e.g., the
`Kerberos method.“ SSL-based authentication can give
`better security, but is more expensive when consid-
`ering certificate management and the involvement
`of a third party. 1" The overall security also relies on
`the security implementation for individual Web ser-
`
`59||zHAo
`
`lBllIISYSTEMSJOl..IiNAl..VOL37.NO4.1998
`
`
`
`

`
`vice components, although WebEntrec does not re-
`duce their security level.
`
`Since the same password is used by all users from
`WebEntree, if passwords are easily obtained from
`a particular Web service component (e.g., passwords
`are stored as clear text in the server or database),
`the possible damage to this component would be
`greater because of WebEntree’s involvement. To
`provide better security service for each Web service
`component, a different password could be generated
`for each user. The drawback of this choice would be
`the additional complexity for password generation
`and maintenance, although the implementation
`would still be practical.
`
`After registration, a user is granted a user ID, a pass-
`word, and a certificate if SSL authentication is used.
`The user can then log in to the member service pro-
`vided by the service engine of the aggregator.
`
`A registered user can be removed by the system ad-
`ministrator. In addition, a user can remove himself
`or herself by selecting denegisrmtion. During dereg-
`istration, the registration manager removes the user
`from the aggregator's database and invokes the reg-
`istration dispatcher to remove the user from previ-
`ously selected Web service components. Users can
`also update their service selections by themselves.
`Each time a user updates his or her service compo-
`nent group selection list, registration information will
`be sent to the newly selected components and de-
`registration information will be sent to the deselected
`components. Some Web service components may re-
`quire more specific information than the general reg-
`istration infonnation that WebEntree provides. If
`so, an additional request form will prompt the user
`after their selection.
`
`WebEntree service engine
`
`The WebEntree service engine performs user au-
`thentication, service access control, gateway access
`to Web service components, and personalized user
`services. The service personalization is based on the
`user ID obtained during user authentication. For ba-
`sic and digest authentication, the user ID, password,
`and authenticated server are stored in the Web
`browser (both Netscape Navigator" and Internet
`Explorer“ support this feature). The user ID and
`password are sent to the Web server in the request
`header each time the user makes a URL request via
`the Web browser. Thus, the WebEntree service en-
`gine can provide personalized content to users based
`
`IBM SYSTEMS JOURNAL. VOL 3?. N0 4. 1998
`
`on their user ID in the request header. For other au-
`thentication mechanisms “cookies” and session-
`tracking techniques can be used to carry user infor-
`mation. The servlet AI’ls are useful
`for
`these
`operations. "
`
`The architecture of WebEntree’s service engine is
`shown in Figure 6. The Web service coordinator
`manages the workflew among the different compo-
`nents inside the service engine. For first-level authen-
`tication (users authenticate to WebEntree), the ac-
`cess authenticator checks the user’s credential (i.e.,
`user ID and password) based on the information in
`the URI. request (e.g., for basic or digest authenti-
`cation, user ID and password are in the request head-
`ers) and the information in the user credential ob-
`ject (created from the persistent data in database).
`If they are a match, the access authenticator sends
`“true” to the Web service coordinator; if not, “false”
`is sent. Based on the authentication result, the Web
`service coordinator either generates the user’s per-
`sonal home page or sends back an alert to inform
`the user of the access violation.
`
`The user’s personal home page is generated based
`on the user ID,
`the user-accessible component
`groups, and the Web service components in these
`groups. An access control object for each Web ser-
`vice component indicates by which groups it can be
`accessed.
`
`After the user selects a hyperlink from his or her
`home page, the second-level authentication pro-
`ceeds, between Weblintree and the Web service
`component indicated by the selected URL. The Web
`service coordinator sends authentication information
`to the component’s Web server—a password for ba-
`sic or digest authentication, and a certificate for SSI.
`authentication.
`
`After authentication, the Web service coordinator
`sends the user request to the Web request dispatcher.
`The dispatcher constructs the URL based on the pa-
`rameter string passed by the user and the server map
`information stored in the repository. Then. the dis-
`patcher sends the constructed URL to the corre-
`sponding Web service component, gets response
`content back. and sends it to the Web service co-
`ordinator.
`
`Notice that if WebEntree and the Web service com-
`ponent are not on the same side of a firewall, a proxy
`server or a SOCKS (socket secure) server can be used
`for service request and access.
`
`ZHN-‘J 591
`
`

`
`Figure 6 The enehlteeture of the service engine
`
`After the Web service coordinator gets the Web con-
`tent from the Web service component, it sends the
`content to the content editor. The content editor
`
`parses the content and performs the following op-
`erations:
`
`O Converts URLs for protocols (HTTP, FTP [File
`Transfer Protocol], telnet, gopher, etc.) to point
`to WebEntree’s service engine. The URLs for im-
`ages, sounds, and other multimedia data are
`changed to the absolute path to the original serv-
`ers. It should be noticed that the “CODEBASE" at-
`
`tribute for Java applets should be specified for the
`original server.
`- Adds information to the content according to the
`predefined service request, e.g., the WebEntree
`service owner's branding
`* Adds specific information to the content accord-
`ing to user information
`
`The local or remote applications related to content
`are hosted in WebEntree’s Web site. The content
`
`592 ZHA0
`
`can be in the local machine of the Web service en-
`
`gine or can be accessed via DCE. CORBA, etc. The
`Web service coordinator directly serves the content
`in WebEntree’s Web site by invoking local and re-
`mote applications; no content parsing or transfor-
`mation is necessary.
`
`To enhance performance, a cache manager, as shown
`in Figure 6, manages a cache for service data. These
`service data are in the form of persistent data ob-
`jects, such as the Web service component’s informa-
`tion object, access control information object, and
`authentication information object. Each Web ser-
`vice component is given a unique ID when it is added
`to WebEntrce, and the cached component informa-
`tion objects are retrieved by component ID. Also, the
`user-persistent data, such as the user profile infor-
`mation object and the user credential information
`object, can be cached for the most recent users. These
`user-data objects can be retrieved by user IDs. No-
`tice that Web content is not cached here; it is han-
`died by Web servers or cache proxy servers.”
`
`IBM SYSTEMS JOURNAL. VOL 37. NO 4. 1953
`
`
`
`

`
`Figure '3'
`
`The architecture for scalablllty and load balancing
`
`=..,-:'‘,'-.._ . . . ~:--‘I
`
`ln_5FE:i 1.‘,--3.-~.-': : re):-u;-;;!.'. -;.‘.ur«{-L‘
`
`5- ¢ t=.L:u.~
`
`There is a continuously running notification agent
`for each service engine instance (therefore for each
`Web server) waiting for messages from the admin-
`istration subsystem. When the administration sub-
`system makes any changes to the persistent data, it
`sends a message to each notification agent. The no-
`tification agent then invokes the cache manager to
`update the cache from the persistent storage.
`
`Digital certificates are involved when Weblintree or
`Web service components use SSL. If Weblintree uses
`SSL. it needs to get a server certificate. If some of
`the Web service components use SSL and are out-
`side the Weblintree firewall, WebEntree needs to
`get client certificates for these components as well.
`If these components are inside the WebEntree fire-
`wall, then direct handshaking between Web clients
`and service components can be facilitated, and
`WebEntree's involvement will not be necessary