Sinhala lyrics

Before you get yourself embarrassed during the next party or the picnic ;-)
Find your favourite Sri Lankan songs in Lanka Song Book

ICSOC 2008

The sixth International Conference on Service Oriented Computing (ICSOC) is to be held from 1st to 5th of December in Sydney, Australia. In parallel to the main conference there is is a PhD symposium (December 1st) that will discuss the approaches, steps, best practices for PhD student that are exploring the Services Oriented Architecture.
After the main conference there is a summer school too. A good opportunity for students living downunder to learn and discuss the latest concepts and technologies in Services Oriented Computing. That will be held in Friday (5th) and Saturday (6th). The complete program is available in the main conference web site here.

Sri Lanka trail guides.

If you are a nature lower and would like to hike in Sri Lanka, have a look at the following web site.
http://www.lakdasun.com
It contains pictures, useful tips and much required trail guides with GPS way points. You may download the trail map and view it on google earth. Thanks Lakdasun team for these useful info. Keep up the good work.

BPEL from CDL

WS-CDL and WS-BPEL both provide a way to describe how web services should collaborate. But the difference is that WS-CDL gives a global perspective the message exchange whilst the WS-BPEL provides a single participant's perspective.
As some are arguing I do not see a competition between these two specifications. Rather they must co-exist to describe services interactions properly.
Though, WS_CDL is designed to be used in conjunction with the WS-BPEL, one limitation of the WS-CDL specification is that a clear mapping with BPEL is missing. I agree that the intention of WS-CDL is not to be depend on WS=BPEL but there are advantages of having such a clear mapping.

1. Choreographies can be defined in WS-CDL first by business partners and then generate BPEL process stubs for each party
   
2. A party who’s having an internal business processes may need to publish the interface to its processes to attract business partners by generating the choreography. This could be done using a BPEL to CDL mapping.
   

From the engineering perspective such a mapping could be automated. Also such a defined approach would minimize the inconsistent mappings by different parties coming in to collaboration.
This paper presents how BPEL process definitions are derived from the global WS-CDL model. Authors have done this by defining a set of transformation rules.
For example

1. Each party participated in CDL choreography a separate BPEL stub is generated
   
2. One cdl:relationshipType maps to one bpel:partnerLinkType and the bpel:role with its bpel:portType is generated from the referenced cdl:roleType declaration
   
3. Generate separate property files for each cdl:roleType including only those bpel:properties that are relevant for a party.
   
4. BPEL basic activities are directly mapped to CDL basic activities
   
5. Work units in CDL are related to scopes in BPEL
   

The complete mapping is available in the section 5.
The paper addresses a much required issue by not altering the existing standards or without introducing new standard, which is a plus point. The approach seems straightforward and not requiring intermediated mapping like in the approach here[4] where the mapping is into Communicating Sequential Processes. Also authors have implemented a prototype of the mapping as a proof of concepts.
Saying that, one limitation of the paper is that there is no reference on how to verify the generated BPEL stubs over the original CDL. Generated stubs may be correct for the given example or could be verified manually for simple scenarios. But it is required to have a formal mechanism to verify more complex scenarios. That is not in future work section too. And the verification need to be integrated to the BPEL stub generation or it should be done after generating BPEL stubs but before the populating them with application logic.
Also it is not clear how the mapping from BPEL processes to CDL is done. Which also an interesting issue (as far as ROAD is concerned ). May be we might be able to complete that part. We can map several processes to a common choreography by projecting them over a ROAD Self Managed Composite. In other words by overlapping several processes we might be able to define the choreography. Syntactical transformations might use the same discussed in the paper. Sure need to think and discuss more about that.

How to pronounce a word like a native?

Ever imagined how to pronounce a word correctly like a native? For example how the word for home in Sinhala language be pronounced in English properly? Is it "Gedara" or "Gethara"? Or something in between "da" and "tha" sounds? Well… now we have the chance to make the correct pronunciation available for non-Sinhala speaking community by recording them via Forvo’s web database.
Forvo’s goal is to collect proper pronunciations of every word in every language on the plant. Sounds bit dotty yeah…? But I think it’s a matter of time. I have already included some words in Sinhalese to the database and will contribute in the future as well.
So if you need to contribute for your language or like to learn how to pronounce a word in another language like French, Spanish or Japanese (as of now 195 languages are supported) properly check this out.

Adaptation categories

Static Vs Dynamic

The static adaptation can be achieved via logics in the program source code. That’s in the design time where a certain predictions are reflected in program source code and the configuration settings. Dynamic adaptation is the adaptation at runtime. The latter is considered to be more difficult to achieve as it is difficult to predict what are the events are and what the actions on them are. Undoubtedly the latter with a higher research interest.

Manual Vs Automatic

The manual adaptation refers to a sort of adaptation where human intervention is involved. In contrary, the automatic adaptation is where there is no such human involvement. By referring to the existing literature we can see that the more effective adaptation strategies are based on semi-automatic, where at a certain point there is a human involvement but mostly it’s the system itself is adapting to changes. (Especially adaptation of non-functional properties)

Proactive Vs Reactive

The difference here is based on the time of the adaptation occurs with respective to a particular event in the environment. If the adaptation is before the event, then it is proactive adaptation. If the adaptation is after the event then it’s known as reactive adaptation.

Adaptive web processes in a pervasive services oriented environment

Services Oriented Architecture provides different applications to interact in a distributed environment to perform a particular task. The concept of services orientation in software design aimed to achieve the loose coupling of applications from its underlying operating environment. Being a progression of component based software development, Services oriented computing provide interfaces to users (human or software) to utilize a particular resource in a distributed environment.
On the other hand the image of traditional computer is fading away. Mobile /embedded devices claim for a good portion of computing efforts today, with the advancement of electronic technologies. Our car, phone, watch or what ever a device that we can’t picture today, has started to or will become a computing device. This resulted in many researches on Pervasive Computing or Ubiquitous Computing.
The operating conditions in such a pervasive services oriented computing environment are always subjected to change. For example while you are travelling, you mobile phone in your pocket and the car you drive might be doing some message exchanges/queries with applications hosted in nearby restaurants, shops and motels. The operating conditions like the mobile coverage, network bandwidth, types of technologies and even the availability of services can be subjected to frequent changes. The life time of applications is determined by these varying factors of the environment. The survival is always critical. And this calls for self-adaptive software systems.
Studies about adaptable and adaptive software systems have emerged as a major research topic in the past few years. Survival in highly fluctuating environments is a critical requirement for future software systems. Concepts of self-healing, self-configuration, self-optimization and all other self-* buzzwords are popping up in pervasive services oriented software systems. Many frameworks, solutions, techniques are being introduced in the reason past.
It is interesting to study about how business processes adapts to these highly fluctuating environments. Current approaches like BPEL and WS-CDL does not address the adaptation. Although it is possible to identify sort of programmable adaptation, in above approaches, where pre-defined processes are carrying out according to limited "expected" changes, it is not the sort of adaptation that we would be looking for. It is required to define, change choreographies among different business partners at run time in order to ensure smooth continues business processes. Runtime negotiation and establishment/termination of contracts among participating entities are essential part of the adaptation.
My research would be concentrated finding techniques and designs for process adaptation in such a pervasive, services oriented computing environment. Yeah... A diverted lil bit from security:-). Though this is not a really hot topic, I belive that there are more yet to be investigated. Therefore in coming months I'd be concentrating on this.

RESTful PHP Web Services

Samisa has written a book :-)

I'm happy to hear that for two reasons. First, the book fills a gap between PHP web developers and RESTful web services. Second,it is written by someone who really knows ins and outs of the technology.

Given Samisa's expereinces in web services I'd recommend he should write a book on SOAP+PHP as well.

The book is available here

My (neighbor's) question

Here is my analysis on the current situation between Sri Lanka and India. I'm neither a political analyser nor typically interested about politics(well below the average). So my comments may or may not be valid. Yet I thought it is better to share them as a citizen at this critical moment in Sri Lankan history. Moreover my views are biased. They are biased as I am totally against LTTE terrorism and their ideology.

Current situation in brief

1. SL military is gaining advantage of the land controlled by LTTE. As a result of that many people (Mostly Tamil) are displaced
   
2. Tamilnadu politicians (DMK) are urging Indian Government to intervene the Sri Lankan war. If not they have threatened to withdraw their support to the central, stirring a political storm in India as the general election is just around the corner.
   
3. LTTE is a banned terrorist organization in India and the first country to ban the group (even before Sri Lanka). LTTE killed Indian Prime Minister Rajiv Gandhi in 1991 and many IPKF during the period of 1987-1990
   
4. SL government is backed by many parties consisting of different communities to finish the LTTE outfit once and for all. Main reasons are
   
   
   
   1. LTTE is responsible of killing and chasing of many Sinhalese and Muslims from North and Eastern parts of the island to create their mono ethnic homeland.
      
   2. LTTE have killed many moderate Tamil politicians who do not accept their ideology.
      
   3. LTTE have killed many Sinhalese leaders and potential leaders including former president Ranasinghe Preamadasa
      
   4. LTTE is responsible of destroying many assets of the country. (Katunayake Airport attack, Central Bank)
      
   5. More
      
   
   
5. Indian government cannot ask from Sri Lanka government to stop the war against LTTE, yet they still need to get the full advantage of the waves of Tamil nationalism in Tamil Nadu, in order to win the GE (At the same time Delhi needs to tame the Tamil nationalism, in order to keep the integrity). On the other hand Pakistan and China is willing to provide unconditional support for the war against terror. These affections are not for the best interest of India in long term. Basically Delhi is in a thick soup.
   

What SL should do?

1. Sri Lanka should not treat India as an enemy. The enemy should always be the LTTE.
   
2. Sri Lanka should allow India to help the suffering Tamil community. We should not forget that at this moment there are people living under trees. If Tamilnadu politicians are genuine about their appeal, they should help the displaced Tamils not a terrorist organisation. SL government could facilitate this.
   
3. Government should convince effectively the Tamil community about their safety (now and post war). Sinhala/Tamil/Muslim political leaders should understand the situation and should fish in troubled water for their short term political interests.
   
4. Government should have a mechanism to convince ex-LTTE cadres and Mahaveer families (Those who support the cause and got benefited from LTTE) about their safety too.
   
5. Government should provide facilities to those who are displaced due to war. After all we need to make sure that a “child today” is not a “terrorist tomorrow”.
   
6. SL government should keep good relationship with international community, not allowing LTTE propaganda to spread lies. Government representatives and diplomats abroad should be more vigilant and active.
   
7. Finally SL political parties should unite in this crucial hour. They should throw their personal agendas away. The country should always before the party.
   

The hypocrisy that cannot be neglected

1. When LTTE is committing direct attacks on civilians Tamilnadu was in a deep sleep.
   
2. Whenever LTTE is militarily powerful and mount attacks on an elected government, Tamilnadu was just blind
   
3. Whenever LTTE killed moderate Tamil leaders and torture Tamil civilians, Tamilnadu was deaf.
   
4. When tables are turned and Sri Lanka government takes the thing control into its hands (as it aught to do) and LTTE is struggling to survive, Tamilnadu becomes very unconfortable. Despite the wow of LTTE not to allow SLDF to step in tiger control areas, now the Tamil Tigers are pushed towards a defensive war.
   
5. Tamilnadu knows very well that India is fighting tooth and nail to keep the Kashmir.
   

The solution

Still it is too early to say what would be the solution. Seems each party is just continuing what they do. If Sri Lankan government could play their cards carefully and let the Indian governments to handle their internal affairs, then the LTTE would be history. At the same time the government should lay their plans on how to address key issues in every community and pay an especial attention in developing the war torn areas.
It is quite interesting to see how Indian government eat food without burning their fingers. Though an Indian military intervention is far from reality we have to live with South Asian politicians who cannot see beyond the ballot box. Though winning an election is my neighbour's problem...

Sports, Politics and Nitwits

Blindly following the path of their psychopathic leader, the LTTE goons have staged a stinky protest in Canada during the Twenty20 Cricket series. The best slap over the faces of those pathetic losers, is given by the SL cricket team by winning the series. And for the best of all, the spinner Ajantha Mendis, who was the main target, (just because he is serving in the army) is the man of the series. Too much for the bunch of nitwits who cannot see the difference between sports and politics.


[Photo AP]

Petri nets. An interactive tutorial

I found a nice interactive tutorial that gives some examples of using Petri nets to model concurrent processes. Here is the famous problem with four philosophers modelled with Petri nets.

The history of social networking sites

I found following image while I was searching about the history of social networking sites.


Source is here

Web Services Ecosystems

The traditional definition of an ecosystem is something related to living things as the following found in the Merriam-Webster online dictionary,
"The complex of a community of organisms and its environment functioning as an ecological unit". Extending this to the world of web services with the concept of "a software as a service", as the backbone, today we are talking about Web Services Echo Systems.
The article by Alistair Barros and Marlon Dumas describes us, how different entities in the web services world plays different roles and how they are depending on each other forming an ecosystem. Also it shows how different entities are benefited by being part of this web services ecosystem. For example third party developers are developing services or service components and software companies acting as service brokers and integrators depending on them. Another example is how some companies address the space of interoperability and QoS issues on the basis of software as a service.
Also the paper shows unlike application servers, how business environment in an ecosystem evolve constraints. This is depending on the requirements of the demand side and the supply side
Demand side constrains on how services are
1. Discovered
2. Ranked
3. Authenticated
4. Mediated
5. Charged

While Supply side constrains on how services are
1. Published
2. Re-purposed through composition
3. Brokered
4. Re-provisioned through leasing and licensing

As we see that there are multiple entities are benefited under web services ecosystem, there are few obstacles on the way. The paper identifies three major fronts that the web services infrastructure will have to evolve

1.Flexible web services discovery:
Need to go beyond the conventional key word based searches. If the domain of the ecosystem is wider then key word based searches become unsuccessful. Instead it is advisable to use a combination of free-text and ontology-based searches.
2.Conversational multiparty interactions:
Service interactions are getting complex. Different transaction paths in a business process.
3.Service mediation and adaptation:
Services have different behaviours. Need to find cost-effective ways for service interface adaptation.

Intellectual property and researching in a university

While I engaged in an assignment for the subject "Research Commercialization" in this semester, I searched about how the intellectual property rights are applied to our research outcomes. In many universities, we, as research PhD students or research fellows, are bound by the rules of the university. I found this intellectual property rights case in the very country that I'm studying right now. Ultimately the court decided who is the real owner of the invention. It's the researcher, though he has used the university resources. May be the result of the case is dependent on that particular context but not in any case in the future. Here you find the story in short and here you'll see more details.

Open source, WS-Standards and Beyond

16/09/2008 @ Swinburne University of Technology

Open source, WS-Standards and Beyond - Upload a Document to Scribd

Read this document on Scribd: Open source, WS-Standards and Beyond

Folks, if u need the animated version of this or if u have any questions, drop an email (Right now I do not have any space to upload the original PPT). Alternatively meet me at Room 404 EN Building.

Murali from Moratuwa

The University of Moratuwa, SL, where I studied as an undergrad, is on news for it's proud product of "Murali", which is nothing but an eight legged robot for detecting land mines.
North-Eastern regions of Sri Lanka are one of the heavily mined areas in the world due to the war between SL government and Tigers. The war has come to a decisive stage as government is gaining control over many regions, but land mines can be a problem for years even after the war. Therefore, this kind of a product from Sri Lankan institute should be appreciated and supported.
The most important characteristic of Murali is its ability to access areas that cannot be accessed by other means. Also Murali is capable of collaborating with other Muralis operated in a particular area upon detection of a land mine.
Read more...

Murali, or the Moratuwa University Robot for Anti-Landmine Intelligence, is a result of project funded by National Science Foundation and efforts of students lead by Dr. Thrishantha Nanayakkara.

Watch video ...


PS: Sorry if I raised eyebrows of few cricket addicts with the title.

Federated registries and crawlers

Deepal has revealed some of the things we discussed over the chat during the last weekend regarding web services discovery mechanisms.
I started to look into WSO2 registry to help with another PhD student but didn’t have much time to dig into the architecture level as I was busy during last week with my studies.
Yeah… the problem with having multiple registries in a heterogeneous environment is that it makes really difficult to find web services information, which is essential part in SOA. As web services grows from hundreds to thousands, the consumers or the clients need to have an efficient way to locate them. And publishers also need to attract clients without going through other marketing channels and gimmicks.
One such approach is discussed in this paper, which uses a crawler engine to find web services. In this approach the Crawler Engine (WSCE) actively crawls excising UBRs and search engines to collect web services information. Thus a system can maintain most up-to-date information about available web services. Web services information can be found using existing web services registries and web services portals. And also via search engines, which is becoming popular.

[Source : Eyhab, A.-M. and H.M. Qusay, Investigating web services on the world wide web, in Proceeding of the 17th international conference on World Wide Web. 2008, ACM: Beijing, China]

But using search engines too have limitations as they do not recognize web services with basic service properties such as binding information, ports, operations etc. And search engines can cache/store WSDL documents but there is no business-centric model or adhering to web services standards.

Another approach discussed in this paper is to form a federation of registries. The current search facilities offered by the latest version of UDDI do not offer any special features for finding Web service registries depending on the business domains. And it is difficult to have a design and execution autonomy for affiliated registries. The approach discusses in the paper allows peer to peer network of private, semi-private and public UDDI registries, which allow transparent access to registries in a federated environment. Following are the essential features of the approach

-Participating registries are autonomous registries that can be private or public
-Participating registries can be part of multiple federations
-Participating registries can be heterogeneous. Can have different data models and APIs
-Participating registries can arbitrary join and leave the federation. This is something that we cannot achieve with the UDDI replication support in V3
-Participating registries will have the design and execution autonomy
-The federation of registries can be formed as a market place for common interests
-The XTRO or the extended registries ontology provides a way o do complex queries across federations

So, in overall there is a requirement of adhering to a common standards as well as developing mechanisms to retrieve web services information from the repositories built upon multiple standards. IMO the latter is much better as it does not limit to a particular standard. (Lessons from the history)

Sri Lankan Recipes

I know that most of my colleagues are abroad and might find it difficult to taste a hot spicy Sri Lankan dish. Fortunately I bought a cook book before I depart from Sri Lanka and right now it’s the best gift I’ve given to my wife (yeah… it works). But for those who did not, this is a page you must bookmark. I’m gonna try some of these definitely on my weekends.

Jogging to finish

Never seen an athlete jogging to the final 20 meters of the fastest event in the Olympic. But the Jamaican Bolt did it... awesome!!!


The facial expressions says it all.
I wonder what he is gonna do in his favorite 200m in coming days.

Two months with mixed experiences

It’s about two months now in Melbourne. Had one chance to experience the Australian landscapes. That’s on my way to Melbourne from Sydney, but no more. Need to escape from the busy city for a while. It says it is snowing now in Victorian mountains but still no chance to see them. The enthusiasm of traveling is fading away as I lost my camera in Melbourne. Daily on my way to the university some good potential pics of sceneries, faces, and lifestyles scanning through my mind but unfortunately cannot convert them to digital format. May be I should start painting again. At least it’s cheaper compared to photography, A good camera worth more than my bank account at the moment. But the loads and loads of readings and searching at the beginning of my PhD have swallowed the time for it. Besides, my small apartment would not support that much space.
I hope I can find some free time, as I somewhat succeeded in my hunt for a place to live in Melbourne. Also some money to buy a good camera. Hopefully before the coming summer, when the sun borrows the sky.

Experience the interoperability with Stock Trader 2.0

Without going thru all the hazzle with nitty gritty configurations, now you can experience the power of interoperability with Stock Trader example. WSO2 developer portal aka Oxygen tank has a project page to help you find the examples in many different flavors including PHP, Java, Ruby, Spring, Perl and Python. Try Stock Trader with .Net Stock Trader 2.0
Also better to read this explanation from Jonathan Marsh and Greg Leek.

Adaptive software systems and their challenges - Part II

In my previous blog, I categorized what are the challenges faced by different software systems at runtime. This time I’m going to talk about how to face those challenges.

From a reason to a challenge
The uncertainties I talked earlier are common in designing any kind of system. In early days it was considered a failure of a system as a result of such an uncertainty is OK. Many software systems gave above issues as excuses for the failure of software. For example a failure of a proper functioning of a particular networked application, due to limited bandwidth was considered to be normal. And users were too accepted such a failure. And usually seek the help of some expertise. The Geek who’s sitting in the dark room. But as the time passes software architects wanted to find solutions for such issues and minimize failures in fluctuating environments.

From challenge to solutions
On one hand there is a continuous improvement of resources such as more memory, more processing power and more bandwidth. But at the same phase, the software systems too evolved into digesting more resources.
On the other hand software designs too shoved some kind of adaptability. For example a failure in a transaction resulted in rollback of the transaction. Basically the software started to sense the environmental context it is operated in. Thereby adjust its internal properties to suit the context, to support continues availability of the software.
Parallel to these developments, different kind of programming languages too supported such adaptability. The awareness of the platform they are operated in is inbuilt to the language and reflected in the API.
Different tools were also developed to support the adaptability. As an example GPS sensor in mobile devices gives the developers the capability of sensing the geographical location of the device operated in.

Architecture based solutions
The approach taken by the ROAD framework described in details in the thesis, is an architectural approach to adaptive software applications rather than introducing strategies or mechanisms. The thesis introduces three kind of adaptation. (Section 2.1)
1.Evolutionary adaptation : Reproduces instances with variations
2.Ontogenic adaptation : Change the internal structure
3.Environmental manipulation: Change the environment

The approach taken in the ROAD framework is based on the ontogenic adaptation, where the system itself regulates its internal structure based on the fluctuations in the environment. The system changes can be seen in two ways.

1.Indirection of instantiation: Changes to the elements, which the system is built upon. This includes replacements, modifications to the elements.
2.Indirection of association: Changes to the relationships of the elements within the system.

The ROAD framework considers such a system as an organisation, which consists of different roles with different responsibilities. Roles are assigned by role players and changed according to the environment they are operated on. Also new roles can be introduced and old roles can be discarded as well.
In my opinion the approach is a success due to following reasons.

1.Loosely coupled roles and role-players allow more freedom in instantiation, thereby allowing easier adaptation. Different players can be allocated to different to a particular role of the system depending on the environment change.
2.The recursive structure makes the design very simple and thus can be applied in very complex software requirements. In ROAD a system is consist of element which are intern similar systems. Just like in OOP where properties of an object or a class instance can also be another object.
3.A system is self-managed so as its elements are.

Adaptive software systems and their challenges - Part I

There are different challenges posed by different software executing environments. As the technology advances, the computer is no longer something that you see in your office desk. It can be varied from your mobile to a something distributed along the network. Or may a teeny tiny chip, which can be stored anywhere. And software is not something that ready to do your work once you install it using a wizard. The traditional definitions and methodologies are demolishing so as the traditional software designs. Just like the human beings trying to adapt to the changing environments software itself needed to be adapted. The adaptation is a sign of survival. Just like humans trying to survive in different weather conditions, software systems too need to survive in different environments. For example a system installed in your car or the mobile need to sense the changing environment and adjust itself to suite the changes without dieing.
So what are the challenges faced by different categories of systems when it comes to adaptation? What are the challenges in designing such systems? Following is a brief of such challenges categorized in terms of different types of software systems.

Supporting Dynamism in Architectural Level

In the past decade or two, there were several attempts to come up with a proper way to support the dynamism in software architecture. Different approaches such as architectural style based, graph grammars and Architecture Description Languages (ADL) based models were also introduced.
According to my understanding the actual constraint comes when we map the dynamism that can be seen in the design to the implementation. The barriers posed by limitations in operating systems, programming languages and hardware would take some time to resolve. But our approach as software architects or engineers to find ways to support dynamism in the design level. That’s only the first step there are bunch of other questions to be answered.
I came up with a typical set of questions that to be answered and not limited to, in supporting dynamism in the implementation level, are follows.

1. How to analyze run time changes? And how to analyze them in run time?
2. How to map run time changes to implementations.
At the end what ever the design, we have to map the design into an implementation.
3. How the implementation platform supports run time changes. What changes to be done in the platform level? If not feasible, what are the alternatives we can find?
Constraints in languages, operating systems, tools need to be considered
4. How to preserve the system integrity? How to prevent any security violations?
5. What are the cost effective ways to implement changes?
6. What approaches associated with lesser risk

Change management in Services Oriented Architecture

Also if we map the question in hand to the Services Oriented Architecture, what are the approaches we have taken in terms of supporting dynamism and change management? It is unavoidable as in other software systems; the components (mainly services and consumers) too need to be evolved over the time. Especially the continuos availability of services is concerned. So the services need to be changed due to following reasons.
1. Change of requirements that are initially set.
2. Change in the environment
3. Changes due to fixes and patches

Advantages in Services Oriented Architecture

The SOA model itself has some characteristics that support the dynamism
1. Loosely coupled nature minimizes problems in services dependencies
2. Service descriptions makes it easier to propagate changes to other systems
3. Abstract business logic hides details from its consumers via encapsulation
4. Stateless behavior
5. Self described nature
6. Re-usability
7. Ability to compose or assemble services

So the above characteristics make systems in SOA to show more support in dynamism than the conventional systems. But are there any specific issues related to SOA, in supporting dynamism? This is going to be a god research topic I think.

Make it adaptive, but avoid the complexity

That’s where the ROAD heading
One of the major challenges to be faced in designing adaptive software systems is the how to avoid the complexity. A complex design is always hard to develop and then very hard to maintain.
The complexity of such a system arises due to following reasons, which are in turn challenges to be faced by software architects.

1. How to represent changing requirements at runtime?
   
2. How to account for computational and network contexts at runtime?
   
3. How to manage the system in a distributed architecture
   

Changing requirements

As we studied in our Software Engineering lectures, it is better to separate the user requirements from the design itself, to make it more maintainable. The design itself shows very little evidence about the exact requirements and most of the time is developed using set of interfaces and abstract functions. Requirements or the awareness of the run time environment is kept separate.
But the problem with this approach when it comes to adaptive systems is that it is necessary to know these requirements and make it available within the software itself. Java like languages tries to make the implementation to be separated by the specification using interfaces. But there are limitations in this approach too

1. No mechanism to update interfaces at runtime
   
2. Only functional requirements can be met
   
3. Requirements are related to entity. Not the context in which they are applied to
   

Computational and network contexts at runtime
At the end the designed software executes on a physical computers or a network. The challenge posed by adaptive systems is how to identify the computational context in which operates on. This is further complicated by the fact that these contexts need to be account both for entities and for the composite as a whole.

Distributed/Open architecture
Though there are many attempts to go for a common middle ware standard, there is still no such. So the system needs to work with heterogeneous components in a distributed architecture.
So the question is how to find answers to these inherent challenges at the same time avoiding the complexity?

ROAD Framework
Role Oriented Adaptive Design is or ROAD in short is an attempt to answer the questions mentioned above. ROAD framework is based on the view that adapting the relationships among entities rather than entities it self. To put in another way adaptation is a property of the relationship rather than a property of an entity.

Key concepts

1. Role: Description of the behavior of a functional entity
   
2. Functional Entity : Role players such as services, objects and components
   
3. Contracts: Connectors between roles.
   
4. Organizer: A role that create/destroy roles.
   
5. Self Managed Composite: A set of roles and contracts manages internally by an organizer.
   
6. Management Interface: The interface of the SMC (Self Managed Composite) to the external world.
   

In my view the power behind the RODE framework is the separation of roles from its role player and the concept of self managed composites. All contracts are internal to the SMC, avoiding the complexity of the design.
Note that such a composite system can again be an entity which plays a role of another global SMC.

Let’s see how above challenges are met in ROAD framework

Facing Challenge #1:
The organizer manages the contracts rather than functional entities. Functional entities are bound to play the roles which can be reconfigured at run time depending on the changing requirements. New roles and contract may create depending on the requirements. Also the Manager binds the functional role players to its roles.

Facing Challenge #2:
As the runtime environment changes, the framework allows to add/drop roles or assign/replace/remove role players. The contract oriented nature facilitates such, without actually damaging the initial design.

Facing Challenge #3:
ROAD doesn’t require the knowledge of entities. Thus entities in heterogeneous technologies can interact and be managed.

More details can be found in this paper

Adaptive systems... more reliable or not?

Would the adaptive systems or the systems that can adapt themselves to fluctuating environmental conditions actually bring the reliability? Or would the reliability is compromised in such a system?
One can argue that the internal structure or the behavioral patterns of the system are tend to change more in an adaptive system. Thus the initial reliability index can be changed with the environment changes. And also prone to be attacks/failures that never imagined before.
But again adaptiveness or the flexibility can also be a sign of a reliable system. Like a grass bending to the wind. Or take us, the humans beings for example. We adapt to the environment and thus survived so far in the world(Until we try to adapt the environment to suit us ;-) )
So how far we can go with adaptiveness in a system? What are the areas that we need to consider in designing adaptive systems? How to assess/predict the reliability of such systems?

Security concerns of composite systems

For last couple of days I managed to read a bit about composite systems and how useful the component based Software Engineering when it comes to the industry. The flexibility of coupling and decoupling components in a composite systems and reusability of using one component in a number of such systems makes them very attracted in numerous applications.
But at the same time we have to consider about the security concerns in that approach. These concerns can be divided into two categories.

1.Security concerns of the component
2.Security concerns when the component is inegrated and used

When forming or modifying composite systems by coupling and decoupling different components the integrator has to evaluate how the component is secured itself. In other words how securely the component is being built by the developer.
Also the integrator has to evaluate how the system is secured from the components. A set of secure components doesn’t always guarantee a secure system. The integrator has to determine for what extent the system can trust the component.
This brings us to the topic of Trust Management in component based software engineering.

Cross roads

For the past two or three years, I've been working on SOA (Services Oriented Architecture) systems. To be more specific web services. In the same time I was lucky enough to study/implement certain web services security specifications, by polishing my knowledge in Computer Security.
As I start my higher studies in Swinburne University of Technology, now I'm expanding my knowledge towards adaptive systems. I'm now hopping along this new axis with the help of Swinburne Research in Melbourne.
I'm still just enjoying the sceneries in this path and occasionally glance through the track I used to travel earlier.
Would I be able to divert the current path and form a new junction with the former?
Or is it too early sketch the map?

My first talk at Swinburne

Tomorrow I'm going to talk about Myself, Apache Software Foundation and WSO2. And also about the community that ASF has developed and how ASF works by bringing developers and users together.
The second part of the talk is about WSO2, where we developed many web services middleware for the Apache Software Foundation and hence for the open source community.
The interesting fact is that some staff members including PhD students here knows about Oxygentank but not about WSO2. :)

Living in Melbourne

It's so easy to come to Melbourne Air Port but not from there to the home you desire...

This hold still true for me as there is a big competition for apartments and town houses in Melbourne and its suburbs. Now I have to live temporarily in an area a bit far (about 30km) from the university travelling up and down by train daily.
Winter is not that cold but it's raining as often as train leaves a station. You can expect the blue sky and the rain at the same time in this Victorain Capital.
People here are from all over the world making it a Salad city. It's like one place to see all the nationalities in the world. Except in certain areas of Melbourne, where Beijing is re-created in Australia.
Apart from Chinese and Indians, Australians(?) too live in Melbourne. And in Trains, Parks and Shops you have a chance of meeting a Sri Lankan too.
Last weekend I've a chance to travel in the city and see the Australian life style. Should take some pics next weekend when its sunny and bright during the short day time.

Painful

Painful... its so painful not to have a notebook + broadband.
Finally I've got the notebook that I was looking for and the next task is... broadband. hmm... life is not that easy in cross roads.
Need to settle down and blog again. :-(

Two achievements...

I am very thrilled with two achievements recently grabbed by two of my WSO2 colleagues.

1irst

Paul, who is a co-founder of WSO2, has become one of the TOP 25 CTOs of 2008 nominated by InfoWorld . Technically I have learned a lot from him and he is one of the great persons to talk about web services.
His expertise definitely helped to bring WSO2 to where is is right now and a very cool guy to talk about serious stuff.

2econd

Deepal who's a colleague of mine in WSO2 and also a batch mate from University of Moratuwa has written a book. Still he didn't give me a free copy ;-) but you can get it from here.
The book contains information about mostly used features of Axis2 web services engine and a must have in your shelf if you are using the engine to consume/deploy web services. Besides it's from the hands of some one who's a key figure behind the success of Axis2.

Congratulations to both of you...

WSO2 WSF/C 1.3.0

WSO2 Web Services Framework for C version 1.3.0 has been released.
The new release came with many improvements including memory leak fixes and bug fixes. Also it has changed the default parser to Guththila, which is optimized for SOAP processing.
Get more details from the project home page about the latest release.
WSO2 WSF/C is the base framework for many web services frameworks including WSO2 WSF/PHP.

Web services in scripting langauges. PHP, Perl and Ruby

I have done survey to compare features of three scripting languages related to web services implementations. Those three languages are PHP, Perl and Ruby. This comparison also contrasts WSF/* family of products with other implementations. For example WSF/PHP vs nuSOAP. Please note that the features are compared to the latest released versions mentioned below.


And here is the feature comparison.


Not Implemented
Implemented
Experimental

Trip of the life time

Wake up 3 AM
2 hr flight to ATL
13 hr transit in ATL
15 hr flight to DXB
7 hr transit in DXB (TODO)
3 hr flight to CMB (TODO)

forums/mailing-lists/LOST/youtube/facebook/blog/flickr/burgers/ice cream/Tetris/dizzy/dots-on-the-walls/blurring-faces/...

Gosh... when is 8 AM Saturday...?

How to obtain a remote X509 certificate?

Have you ever tried to obtain an X509 certificate from a remote site? This is quite required when you need to write a PHP client to securely access a web service using WSF/PHP. Or may be a Ruby client using WSF/Ruby.
Naaah...!!! this is not only for WSF or for web services stuff. But also if you need simply to encrypt locally and send the file as an attachment to a remote party via mail or to verify a signature of an attachment.
OK. This is how you do it. Simply enter the following command. Here we are going to obtain the google's certificate. Never forget to have openssl installed in your system.

echo | openssl s_client -connect 64.233.161.103:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.cert

Note that we are saving the file as cert.cert. You are free to use any file name.
OK. Now by simply replacing the ip address (64.233.161.103) from yours, you can obtain the X509 certificate of your desired site.

Apache Rampart/C 1.2.0 unleashed

Unleashed to secure Apache Axis2/C 1.4.0.
Download Apache Rampart/C here

Key features of the release includes
1. Ability to send and verify UsernameTokens with
- Username and PlainText password
- Username and Digested password

2. Ability to send Timestamp tokens

3. SOAP message encryption
- With derived key support for improved security
- Symmetric and Asymmetric modes of operations
- Support for AES and Tripple DES encryption
- Signature encryption
- Keys encryption

4. SOAP message signature
- XML signature with RSA-SHA1
- Message authentication with HMAC-SHA1
- Signature confirmation support
- SOAP Header signing

5. WS-Security Policy (spec 1.1) based configurations
- Support for both Symmetric as well as Asymmetric policy bindings
- Support for different modes of key identifiers
- Support for different algorithm suites
[Basic128, Basic 192, Basic256, TrippleDES, Basic128Rsa15, Basic192Rsa15,Basic256Rsa15, TripleDesRsa15]
- Support for IssuedToken assertion in client side.
- Support for SAMLToken assertion.

6. Replay detection support
- Easy to use built-in replay detection module
- Ability to deploy a customized replay detection module

7. Different protection orders
- Encrypt before signing
- Sign before encrypting

8. Extensible modules
- Password callback module
- Authentication module
- Credentials module

9. Keys management
- Support for X509 token profile
- Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references

10. WS-Secure Conversation Language support (Experimental)
- Establishing Security Context and thereby maintaining a session
- Per message key derivation
- Support for stored securtiy context token

11. WS-Trust Language support (Experimental)
- Security Token Services (STS)
- STS Client
- Server and Client entrophy support

12. SAML Support
- Support for Creation and Processing of SAML Core 1.1 Assertions
- SAML Token as Sign Supporting Token

10. Other
- Easy to use deployment scripts
- A comprehensive set of samples

Trip to Kandy, Matale and Anuradhapura

... Could find some time to enjoy a trip with our parents and family ones during the last weekend.:-)
First we went to Kandy and then to Matale alu-viharaya (Viharaya=Temple). Most of you might've known about Kandy. Compared to that Aluwiharaya is a little known and less described. But it's importance is not overshadowed by the fact that its not a popular shrine. Alu-viharaya is the place where the well known Buddist Tipitaka inscribing took place. And still this inscribing is taking place in 'Ola' leaves in the traditional way. Matale, which was battered by many wars against British invaders is north of Kandy. The library was completely destroyed later due to the 1848 rebellion lead by "Puran Appu" against British rulers.

One who takes Kandy-Jaffna A9 highway can easily reach the temple, which is adjacent to the main road. The temple is built on a rock, where one can get a very good view over the surrounding valley. Whilst few new modifications and additions has done some damage to its historical look, the cave temple, the old carvings and secret signs keeps the proud and mystic scenery intact.
Here are some pics.

Later we went to the ancient capital city, Anuradhapura. Have been there numerous times but seems this is like the best time to be there. One reason is that this is the time everybody is getting ready for the high season, which is starting from June. The second is that due to heavy rains during the last month there is no dust and lakes/tanks are very beautiful.
Will write more when I get time. Meanwhile enjoy these memories.

Seven things to know about FEDi

FEDi is
- about authentication and to enable single sign on in a federated environment
- to establish the trust between entities in different security realms
- based on Apache Axis2/C and Apache Rampart/C
- to provide the infrastructure to develop identity enabled web services
- is an effort to implement WS-Trust, SAML and WS-Federation specifications in C language


FEDi is NOT
- a product/application. It's a framework that can be used to implement the final product/application.
- an alternative to Identity Solution. It's an effort to extend the capabilities to federated environment

Need to know more check this out

Closed his eyes forever

Suffering from fever for couple of days and irrespective of all the treatments, Terry closed his moody eyes, forever. A very sorry morning for all of us. :(

Cardspace authenitcation with Identity Solution

WSO2 Identity solution 1.5 has been released. The new version supports SAML 2.0, which is a very handy feature to have.
Check more details about the release here.
You can also listen to this podcast by Prabath Siriwardena

C web services : A locus for demos

It's now possible to try out some of the samples/demos written using the WSO2 WSF/C. This page contains the downloadable archives, source codes and documentations. You can view, rate and try these samples and publish your own ones too. If you are interested in developing such demos, please drop an email to wsf-c-dev@wso2.org.
Right now we have an amazonclient, which can be used to do on-line transactions with Amazon E-commerce Service, a windows shell extension (aka FlickrPal), which can be used to upload you images to Flickr and a store client and manufacturing server to demo, how to address a typical business problem using WSO2 WSF/C.

Writing a secure client in Ruby

WSF/Ruby provides an easy to use API to consume and deploy web services. Adding the Apache Rampart/C features, it also provides SOAP message confidentiality, integrity and authentication.
In the following four easy steps we will show how to write a secure client using WSF/Ruby.

1. Create the policy. Here we need to encrypt using the Basic256Rsa15 algorithm suite and the relavent key information should be identified using the Issuer name and the serial number of the certificate

      
       policy_content = {"encrypt"=> true,
                     "algorithm_suite" => "Basic256Rsa15",
                     "security_token_reference" => "IssuerSerial"}
       policy = WSPolicy.new({"security" => policy_content}

2. Create the security token. Note that the private keys and certificates need to be loaded

  
   security_options = {"private_key" => pvt_key,
                       "receiver_certificate" => rec_cert}
   security_token = WSSecurityToken.new(security_options)

3. Create options for policy and security token. Here the use_wsa=true means that the clinet MUST include WS Addressing header in the message.

  
   options = {"use_wsa" => true,
              "policy" => policy,
              "security_token" => security_token}

4. Request from the service. For this we need to create the client.

  
    client = WSClient.new(options, LOG_FILE)
    res_message = client.request(payload)

The complete source code is as follows.

  
require 'wsf'
require 'rexml/document'

include WSO2::WSF
include WSO2::Util

#This is your pay load
req_payload = << XML
Hello World!
XML

begin
   LOG_FILE = "security_sample.log"
   ACTION = "http://php.axis2.org/samples/echoString"
   END_POINT = "http://localhost:3000/encryption/encryption"

   message_properties = {"to" => END_POINT,
                         "action" => ACTION}

   #Load certificates and keys from the disk
   rec_cert = WSUtil::ws_get_cert_from_file("../keys/bob_cert.cert")
   pvt_key = WSUtil::ws_get_key_from_file("../keys/alice_key.pem")
 
  #The payload or the body of the SOAP message
   payload = WSMessage.new(req_payload,
                           nil,
                           message_properties)

    #Create the security policy
   policy_content = {"encrypt"=> true,
                     "algorithm_suite" => "Basic256Rsa15",
                     "security_token_reference" => "IssuerSerial"}

   policy = WSPolicy.new({"security" => policy_content})

    #Create the security token
   security_options = {"private_key" => pvt_key,
                       "receiver_certificate" => rec_cert}
 
   security_token = WSSecurityToken.new(security_options)

    #Create option for the client
   options = {"use_wsa" => true,
              "policy" => policy,
              "security_token" => security_token}
  
    #Create a client instance
   client = WSClient.new(options, LOG_FILE)

    #Request
   res_message = client.request(payload)

   if not res_message.nil? then
      puts "Received OM: "<< "\n" << res_message.payload_to_s << "\n\n"
      puts "Client invocation SUCCESSFUL !!!"
   else
      puts "Client invocation FAILED !!!"
   end

#If SOAP fault, print the details
rescue WSFault => wsfault
   puts "Client invocation FAILED !!!\n"
   puts "WSFault : "
   puts wsfault.xml
   puts "----------"
   puts wsfault.code
   puts "----------"
   puts wsfault.reason
   puts "----------"
   puts wsfault.role
   puts "----------"
   puts wsfault.detail
   puts "----------"

rescue => exception
   puts "Client invocation FAILED !!!\n"
   puts "Exception : " << exception
end

More security samples can be found here...

WSF/PHP : Creating Business-Conscious IT Solutions

In this article I have shown how to address a typical business communication scenario using WSF/PHP. It also discusses the importance of the message level security and shown how exactly those will be used in a scenario like this. The complete source code is available here.

What's beyond C web services?

Recently I started adding entries to the C web services blog. Doing so, I must state that C web services are not only limited to the C language itself, but also a basis for other programming languages. So far this has become a reality for PHP, Perl, Ruby and C++. Other scripting languages such as python to be added to the list in the future. The reason behind this successful pumping of array of frameworks to the community is the solid WSF/C, which is a web services framework written in C language. The framework allows you to consume and deploy web services easily and securely. WSF/C integrates the famous Axis2/C engine with implementations of various WS-* standards such as WS-Security, WS-RM, WS-Addressing and WS-Policy.
So why not conquer the web services beyond the C territory. :)
Click on and image to go to the respective project home pages.

Product of the year 2007 - GOLD - To WSO2 WSAS

Being awarded to WSO2 WSAS (Data Services).

Congratulations folks !!!
You deserve it.
--More--

Username and passowrd is not enough

If you are planning to steal a username and the password of your colleague, you'd better check this out. If he is clever enough to use key stroke dynamics with the GDM (Gnome Display Manager), you'll have to watch and practice a lot how he types them.
By modifying the GDM it is possible to store an encrypted hash of your key stroke pattern. This pattern will be verified using the key stroke dynamics in the next time you log in. Following article will show how to modify the GDM.

Identify and verify users based on how they type

Open source will quietly take over

Read a nice article about the Open Source and it's future. Here are few lines from it.

...Users who reject open source for technical, legal or business reasons might find themselves unintentionally using open source despite their opposition...

..."Much of the availability, management and DBMS licensing costs will remain proprietary," says the report, and "version control and incompatibilities will continue to plague open-source OSs and associated middleware"...

...Open source gives massive scalability at no transaction cost, for whatever you are doing...

The full article is here...

A collection of PHP demos

Wanna try out some samples in PHP web services?
Try out this collection of demos.
You can try, download, rate samples and view the source code to get an idea what you can do with web services in PHP language. The demos here are developed with WSO2 Web Services Framework for PHP (WSF/PHP).

Spring the WSF/*

Adding yet another member to the WSF family WSO2 has announced the release of WSF/Spring 1.0.
Similar to other WSF products, this too is released under the Apache license 2.0. Now the spring users would be able to expose web services using the famous Apache Axis2/Java engine. The framework is also powered by the WS-* of implementations including WS-Security, WS-SecurityPolicy, WS-Policy, WS-Addressing, WS-ReliableMessaging and WS-Eventing. Here you will find a quick start guide.

We got married...

Me and Kalani had our wedding on the 6th of March at Hotel Bluewaters, Wadduwa. We were friends first and then become lovers... and later decided its time to be together for the rest of our lives :-). A big and very happy occasion for us as well as our parents, relatives and friends. Thanks for all who helped, wished and joined with us to make the event a success. More pics here...

Sir Arthur C. Clarke has passed away

Popular sci-fi writer Sir Arthur C. Clarke has passed away. He is the author for many of my childhood fav books. Sir Arthur C. Clarke lived in Sri Lanka from 1956 was the chancellor in University of Moratuwa from 1979 to 2002. In my home town, Katubedda he established the institute Arthur C. Clarke Center for Modern Technologies. He selected this hill for his research and thus known has "technical kanda" (technical hill) among locals. This visionary author was the inventor for the concept of communication satellites.
Aged 90, he died due to a cardio-respiratory attack.

WSO2 WSF/C with Apache HTTP server

Following section will show you how to use WSO2 Web services framework for C (WSF/C) with the Apache HTTP server in linux environment.
First download and install apache2 server. Please follow the instructions in INSTALL file.
Then download WSF/C and configure with the following option

%./configure --with-apache2=/path/to/apache2 --prefix=/your/wsfc_home/directory
%make
%make install

Once you do make install, this will create a libmod_axis2.so inside WSFC_HOME/lib. Copy this file to apache2/modules directory. Now please open the httpd.conf file inside conf directory. Add following entries to the file. These will be your configurations to the axis2/c web services engine.

LoadModule axis2_module modules/libmod_axis2.so
    Axis2RepoPath /your/path/to/wsf/c/home
    Axis2LogFile /tmp/apache_axis2.log
    Axis2LogLevel debug
    Axis2MaxLogFileSize 32
    <Location /axis2>
        SetHandler axis2_module
    </Location>

Done? Perfect. Let's start the server

%./httpd -k start

If the default port (i.e. 80) is in use try another port such as 8080. You can change the port in the conf/httpd.conf file

Listen 8080

Open s browser and enter the following address as the url

http://localhost:8080/axis2/services

If all goes well, this should show the deployed services. Usually these are samples comes with WSF/C.

WSO2 Web Services Framework for C language

As the B2B communication becomes loosely coupled and automated in a distributed environment, web services technology is blooming as the perfect solution for numerous business applications. With the ability of multiple legacy applications to be integrated to form a single system and allowing various clients, dispersed in contrasting platforms in different coordinates of the world to communicate are the major challenges faced by many software architects and developers.
As a solution for this WSO2 has introduced a series of web services middle-ware that can be used to implement your business application. Amongst them WSO2 Web services framework for C (WSF/C) can become appealing to the C, C++ community.
If you are a PHP or Ruby developer you have the option of using respective extensions of WSF/C in these languages. Please check WSF/PHP and WSF/Ruby for more details.

Google as a score board.

Google for "SL v IND" to view the latest score for the current match. Cricinfo is a bit slower to load, which is a common problem for battles btwn these two teams.
Lankans badly need to grab the first win for the series, today.

WSO2 registry 1.0 Unleashed

The WSO2 Registry team today announced the release of WSO2 Registry 1.0. Aligned with other WSO2 products, the Registry is also released under Apache license v2.0. To see features, read more or to download the product visit here.

Tree view in UNIX

I found this is interesting. If you like to get your directory structure in a tree view with a single command try following.

1. Create a shell script in directory /usr/local/bin/ (You need root permission)
   
2. Give it a name (I call it gr. )
   
3. Edit the script (usr/local/bin/gr)to include following command using a suitable editor (such as vi ;-))
   

   
   #!/bin/bash
   ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/   /' -e 's/-/|/'
   

   
   
4. Give excutable rights
   

   % chmod +x /usr/local/bin/gr
   

   
   
5. Now go to any directory, (My preferred is Apache Rampart/C source) and issue
   

   % gr
   

   
   That should give you a tree view as follows.
   

      .
     |-core
     |-data
     |-handlers
     |-omxmlsec
     |---c14n
     |---openssl
     |---saml
     |---tokens
     |-secconv
     |-trust
     |-util
   
   

   
   
   

The best moment of a married life

The best moment of the married life would be the time when you realize... ohh yeah...!!! It's OVER.
I mean not the marriage, but the wedding :).
Don't I hate the experiences I'm having these days. This tiny little period in your life brings enough troubles to cry for the comfortable and relaxed life you had in the past.
Guys, the inertia of converting a GF to a wife is unreasonably tiresome and expensive. Still thinking why the "living together" is not popular among us, yet.

Apache Axis2/C FAQ

There is this FAQ prepared by Spencer Davis and some other Apache Axis2/C developers. If you have any entries that you think worth including, please feel free to drop them here.
http://wiki.apache.org/general/axis2c/FAQ
Soon it will be filtered, sorted and integrated into the Apache Axis2/C documentation.
If you do not have permissions to edit, simply drop an email to axis-c-dev@ws.apache.org list with the subject Axis2/C FAQs.

Create your own Certificate Authority using OpenSSL

In my earlier blog I showed how to generate a self signed certificate.
A self signed certificate is of no use as it is not signed by a third party. There are such well known third parties like verisign and thawte. But getting a certificate signed is a complex and costly process. If you need to form a small trust community (e.g. For your company or with your clients) you can create your own Certificate Authority. The process is not that complex as it sounds. Thanks to a pearl script available in OpenSSL distribution of cource. If you have used default installation settings, this script (CA.pl) can be located in /usr/lib/ssl/misc/CA.pl. First of all create a directory for you CA. Then copy CA.pl and /usr/lib/ssl/openssl.cnf to the directory you just created. Run the CA.pl script.

%./CA.pl -newca

If you press enter key, the script will create a new certificate/key pair for you. If you already have a certificate and you need to use it, just type the filename. Now you have a certificate authority setup in a sub directory called "demoCA". Simple, right? Let's try to sign a certificate using the CA we have just set up. Copy your certificate request to the current directory and rename it to newreq.pem (In the next section we will discuss how to generate a certificate request). Then issue the following command.

%./CA.pl -sign

If everything is successful and the request is a valid one, a new certificate called newcert.pem will be created in the same directory.

Free rice

Improve your vocabulary while donating some rice... :)
http://freerice.com/
Thanks Suran for the mail

Self signed certificates using OpenSSL

Use the following command to generate a self-signed x509 certificate (mycert.pem), which is valid for 365 days and an RSA key (mykey.pem) of length 1024.

openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout mykey.pem -out mycert.pem

Then you have to answer few questions. The information you provide by answering these questions will be stored in the certificate.

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

That's it !!!

A request to a certificate authority using OpenSSL

Signing your certificate by a recognized certificate authority is consists of two steps. First you have to generate a certificate request locally. Then you need to fill a form providing some information and send to the CA. Here we will describe how to generate such a request using OpenSSL.
First you need to generate a private key. If you already have a private key skip this step.

%openssl genrsa -out x.key 1024

Then use that private key to generate your request to the CA.

%openssl req -new -key x.key -out request.pem

This will create a file called request.pem from the private key (x.key). The requset file has the following format.

-----BEGIN CERTIFICATE REQUEST-----
(Base64 encoded certificate request data)
-----END CERTIFICATE REQUEST-----

Then you have to provide your information to the certificate authority. Usually this can be done by sending a fax or by filling an on-line application. Make sure that you are sending accurate information and specially check your request and information on it. Use following commands for the verification.

%openssl req  -noout -text -in  request.pem
%openssl req  -noout -verify -key x.key -in request.pem

Facing security threats with WSF/PHP

Following table shows how to use/combine WSO2 WSF/PHP security features to face the common web services security threats...



Note that it is necessary to use username tokens with transport level security

Presentation: Secure Web Services with Apache Rampart/C

Slides are available at
http://people.apache.org/~kaushalye/publications/sec_ws_with_RamC.ppt

Apache Rampart/C 1.1.0 is released

Apache Ramaprt/C team has unleashed it's version 1.1.0 y'day.
Check the feature list here...
The project is to fulfill the message level security requirements of the Apache Axis2/C engine. Without worrying about having custom mechanisms to provide message confidentiality, integrity and authentication requirements, it is very easy to use the Rampart/C module with the Axis2/C engine.
The released version is compatible with the Apache Axis2/C 1.2.0.
You may download the latest version here...

Writing a secure client using WSO2 WSF/C

Once you install WSO2 WSF/C , it has a sample client in WSFC_HOME/rampartc/samples/client/sec_echo, that shows how to enable security for the SOAP messages. Go to the directory and open the echo.c source.
In order to write a secure client following steps should be followed.
1.Create a service client

svc_client = axis2_svc_client_create(env, client_home);

2.Set options, such as endpoint address and SOAP action

options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
axis2_options_set_action(options, env,"http://example.com/ws/2004/09/policy/Test/EchoRequest");
axis2_svc_client_set_options(svc_client, env, options);

3.Create policy object and set it to the service client

policy = neethi_util_create_policy_from_file(env, policy_file_name);
axis2_svc_client_set_policy(svc_client, env, policy)

4.Engage the security module

axis2_svc_client_engage_module(svc_client, env, "rampart");

5.Write your code to build the payload. i.e. the body of your SOAP message that carries your business logic to the service

payload = build_om_payload_for_echo_svc(env);

6.Send the message

ret_node = axis2_svc_client_send_receive(svc_client, env, payload);

Note that from above list, only 3 and 4 are the additional steps that you have to take, to secure a client request. Also note that in the step 3 we are giving a policy file name as a string argument to the function neethi_util_create_policy_from_file(). Here the policy_file_name is the file name for your policy configurations in the client side. You may find such client's policy files for each and every security requirement in the scenarios available under WSFC_HOME/rampartc/samples/secpolicy.