Towards Deciding Policy Violation During Service Discovery

In a service-oriented architecture, a provider publishes its service in a service repository. A requester approaches a broker which returns a service S matching the requester’s service R. Then, S and R are coupled. The provider of S may require a specific relation between the expenses and rewards for an execution of S, summarized in a policy φ. The control flow of S may contain both internal and external decisions: By sending messages, R may trigger a certain execution path. Based on models of S and R, the broker may decide if R violates φ before coupling. If so, the broker may not couple S and R. In this paper, we provide a formal framework to model policies, and introduce a decision procedure for policy violation based on open net models of the services. 1 Setting and problem We understand a service as a component with an inner control flow and an interface to exchange messages asynchronously with other services. Thereby, it provides a certain functionality which may be used by other services. A provider publishes its service in a repository. A requester approaches a broker for accessing a previously published service. The provider earns a reward for providing its service. This reward may manifest as a usage fee, or a provision from the repository owner, or from any third party. Usually, a provider desires some beneficial relation between this reward and the expenses for providing its service. As an example, a provider might want the expenses to be covered by the reward. We specify such requirements as policies. A partner either violates a policy or not. The provider aims at its service being coupled only with non-violating partners. Both reward and expenses may have fixed and variable components. This is a quite usual problem in economics and solutions for this problem are known for a long time. However, in our case, we encounter another difficulty: We consider stateful services. A stateful service has its own control flow which is influenced by internal and external decisions. External decisions are made through asynchronous message exchange. Therefore, reward and expenses for providing a service vary from requester to requester. As a running example, consider a vending machine which sells coffee and tea, modeled as an open net [1] in Fig. 1(a). In its initial state, it waits for one of three messages: Either an order for coffee, an order for tea, or a quit message. To receive an order it executes the respective transition c or t. Subsequently, it serves the beverage by executing b. A quit message may be consumed by executing q, resulting in a final state ω. The machine may serve up to three beverages, as indicated by the three tokens in the place in the bottom. The provider of the vending machine may have fixed expenses of 10 units for providing its service and variable expenses for each served beverage depending on the type: 20 units for coffee and 10 units for tea. As a reward, the provider collects a fixed amount of 5 units and additionally 25 units per served beverage. Assume the provider desires the expenses to be fully covered by the reward, specified in a policy φV. We find that a customer ordering at least one beverage is a good customer, whereas a customer ordering nothing and simply quitting is not. However, asynchronous message exchange induces a subtle problem: A customer ordering a beverage and then sending the quit message before receiving the beverage is a bad customer: The vending machine might receive the quit message first. A simple partner for V is shown in Fig. 1(b): D orders either a tea or a coffee, receives the beverage, and sends a quit message. Obviously, D does not violate φV.