A theory of contracts for web services

Castagna, Giuseppe; Gesbert, Nils; Padovani, Luca

doi:10.1145/1328438.1328471

Cited by 54 publications

(28 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [20,25], a contract defines the possible flows of invocations that are received and emitted by the service. Subcontract preorders [25] formally characterise the ability of replacing one service with another, without breaking the correctness of the composition. Instead, [20] considers multi-party compositions where services can be replaced with sub-services.…”

Section: Related Workmentioning

confidence: 99%

“…Similarly to these works, our effects represent a multi-party contract among services. Differently, we do not feature synchronization, and only have an internal choice, while [25] also has an external one to model client choices. A peculiar point of our proposal is the ability of constraining effects to obey given safety and liveness policies.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Planning and verifying service composition

Bartoletti

Degano

Ferrari

2009

JCS

View full text Add to dashboard Cite

A static approach is proposed to study secure composition of services. We extend the λ-calculus with primitives for selecting and invoking services that respect given security requirements. Security-critical code is enclosed in policy framings with a possibly nested, local scope. Policy framings enforce safety and liveness properties. The actual run-time behaviour of services is over-approximated by a type and effect system. Types are standard, and effects include the actions with possible security concerns -as well as information about which services may be invoked at run-time. An approximation is model checked to verify policy framings within their scopes. This allows for removing any run-time execution monitor, and for determining the plans driving the selection of those services that match the security requirements on demand.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Planning and verifying service composition

Bartoletti

Degano

Ferrari

2009

JCS

View full text Add to dashboard Cite

show abstract

“…We now consider related work in the theory of contracts: first that due to Fournet et al (Fournet et al 2004) and then the theory proposed by Carpineti et al (Carpineti et al 2006) and extended in Laneve and Padovani (2007) and Castagna et al (2008). We now consider related work in the theory of contracts: first that due to Fournet et al (Fournet et al 2004) and then the theory proposed by Carpineti et al (Carpineti et al 2006) and extended in Laneve and Padovani (2007) and Castagna et al (2008).…”

Section: Conclusion and Related Workmentioning

confidence: 98%

“…The explicit information about the input/output alphabet used in Laneve and Padovani (2007) allows the corresponding theory of contracts to be applied in multiparty compositions also, but the independent refinement that we advocate can only be partially achieved. The dynamic filters of Castagna et al (2008) allow for independent refinement, but at the cost of synthesising a specific filter for each service that eliminates the additional behaviours introduced by services that also expose a subcontract. In other words, the selection of one subcontract with a larger input/output alphabet can influence the choice of the possible other subcontracts in the system.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

See 1 more Smart Citation

A theory of contracts for strong service compliance

Bravetti

Zavattaro

2009

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

We investigate, in a process algebraic setting, a new notion of correctness for service compositions, which we call strong service compliance: composed services are strong compliant if their composition is both deadlock and livelock free (this is the traditional notion of compliance), and whenever a message can be sent to invoke a service, it is guranteed to be ready to serve the invocation. We also define a new notion of refinement, called strong subcontract pre-order, suitable for strong compliance: given a composition of strong compliant services, we can replace any service with any other service in subcontract relation while preserving the overall strong compliance. Finally, we present a characterisation of the strong subcontract pre-order by resorting to the theory of a (should) testing pre-order.M. Bravetti and G. Zavattaro 602 than orchestrations. Indeed, orchestrations require the implementation of central points of coordination, while choreography languages support a high-level description of peerto-peer interactions among services that directly communicate without the mediation of any orchestrator. More precisely, the aim of choreography languages is to support the high-level description of systems that should be actually implemented as a combination of autonomous, loosely coupled and heterogenous services. One of the most challenging problems concerned with high-level specification languages for service composition is related to the discovery of available services that, once combined, are guaranteed to implement the specified system correctly. In order to solve this problem, two aspects must be addressed: on the one hand, appropriate interface languages that describe the externally observable behaviour of services must be defined; while, on the other hand, retrieval mechanisms must be developed such that, given a composition of services exposing certain interfaces, the overall behaviour of the system is guaranteed to be in accordance with the given high-level specification.As far as interface languages are concerned, the attention of the research community is concentrated on contracts, which are intended as the description of 'the externally visible message-passing behaviour of the service' (Fournet et al. 2004). Several papers have already investigated contracts (Carpineti et al. 2006;Bravetti and Zavattaro 2007a;Laneve and Padovani 2007;Castagna et al. 2008), exploiting them for checking service compliance. Services are compliant when they can be correctly combined in such a way that all the service invocations of one service in the system are guaranteed to be eventually served by another service in the system.For instance, the following three services S1, S2, and S3 are compliant:S 1 : invoke(a@S 2 ); receive(b) S 2 : receive(a); invoke(c@S 3 ) S 3 : receive(c); invoke(b@S 1 ).We use invoke(a@S) to denote the invocation of operation a on service S, and receive(a) for the reception of an invocation on operation a. According to this notion of compliance, the following is also an example of compliant s...

show abstract