Constraint programming is a powerful paradigm for solving combinatorial search problems that draws on a wide range of techniques from artificial intelligence, computer science, databases, programming languages, and operations research[10, 3, 26]. It is currently applied with success to many domains, such as scheduling, planning, vehicle routing, configuration, networks, and bioinformatics. The basic idea in constraint programming is that the user states the constraints and a general purpose constraint solver solves them. Constraints are just relations, and a Constraint Satisfaction Problem (CSP) states which relations should hold among the given decision variables (we refer to this classical view as “crisp” constraints). Constraint solvers take a real-world problem, represented in terms of decision variables and constraints, and find an assignment of values to all the variables that satisfies all the constraints.
Rather than trying to satisfy a set of constraints, sometimes people want to optimize them. This means that there is an objective function that tells us the quality of each solution, and the aim is to find a solution with optimal quality. For example, fuzzy constraints [10, 3, 26] allow for the whole range of satisfiability levels between and . In weighted constraints, instead, each constraint is given a weight, and the aim is to find a solution for which the sum of the weights of the satisfied constraints is maximal.
The idea of the semiring-based formalism [10, 3] was to further extend the classical constraint notion, and to do it with a formalism that could encompass most of the existing extensions, as well as other ones not yet defined, with the aim to provide a single environment where properties could be proven once and for all, and inherited by all the instances. At the technical level, this was done by adding to the usual notion of a CSP the concept of a structure representing the levels of satisfiability of the constraints. Such a structure is a set with two operations (see Sec. 2 for further details): one (written ) is used to generate an ordering over the levels, while the other one () is used to define how two levels can be combined and which level is the result of such combination. Because of the properties required on such operations, this structure is similar to a semiring (see Sec. 2): from here the terminology of “semiring-based soft constraint” [10, 3] (and Sec. 2), that is, constraints with several levels of satisfiability, and whose levels are (totally or partially) ordered according to the semiring structure. In general, problems defined according to the semiring-based framework are called Soft Constraint Satisfaction Problems (SCSPs).
The aim of this paper is to apply Quality of Service (QoS) measures for Service Oriented Architectures (SOAs) [25, 24]. Such architecture outlines a way of reorganizing software applications and infrastructure into a set of interacting services and aims at a loose coupling of services with operating systems, programming languages and other technologies. A SOA separates functions into distinct units or services, and these services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services. Web services [22, 2] can implement a service-oriented architecture.
SOAs clearly represent a distributed environment and QoS aspects become very important to evaluate, since the final integrated service must fulfill the non-functional requirements of the final users; this composition needs to be monitored [25, 24]. We are also interested in representing contracts and Service Level Agreements [2, 22] (SLAs) in terms of constraint based languages. The notions of contract and SLAs are very important in SOC since they allow to describe the mutual interactions between communicating parties and to express properties related to the quality of service such as cost, performance, reliability and availability. The existing languages for describing Web services (e.g. WSDL, WS-CDL and WS-BPEL) are not adequate for describing contracts and SLAs and, so far, there exists no agreement on a specific proposal in this sense: a general, established theory of contracts is still missing [2, 22].
The key idea of this paper is to use the a soft constraint framework in order to be able to manage SOAs in a declarative fashion by considering together both the requirements/interfaces of each service and their QoS estimation[31, 28, 29]. C-semirings can represent several QoS attributes, while soft constraints represent the specification of each service to integrate: they link these measures to the resources spent in providing it, for instance, “the reliability is equal to 80% plus 5% for each other processor used to execute the service”. This statement can be easily represented with a soft constraint where the number of processors corresponds to the variable, and the preference (i.e. reliability) level is given by the polynomial.
Beside expressivity reasons, other advantages w.r.t. crisp constraints are that soft constraints can solve over-constrained problems (i.e. when it is not possible to solve all of them at the same time) and that, when we have to deal with quality, many related concepts are “smooth”: quality can be represented with intervals of “more or less” acceptable values. It has been proved that constraint in general are a powerful paradigm for solving combinatorial search problems [10, 3, 26]. Moreover, there exists a wide body of existing research results on solving (soft) CSP for large systems of constraints in a fully mechanized manner [10, 3].
The paper is organized as follows: Sec. 2 presents the minimum background notions needed to understand soft constraints, while Sec. 3 closes the introductory part by defining SOAs, QoS aspects and by showing how semiring instantiations can represent these non-functional aspects. Sec. 4 shows that the use of soft constraints permits us to perform a quantitative analysis of system integrity. Section 5 shows how QoS can be modeled and checked by using a soft constraint-based formal language. Finally, Sec. 6 present the related work, while Sec. 7 draws the final conclusions and discusses the directions for future work.
2 Background on Soft Constraints
An absorptive semiring  can be represented as a tuple such that: i) is a set and ; ii) is commutative, associative and is its unit element; iii) is associative, distributes over , is its unit element and is its absorbing element. Moreover, is idempotent, is its absorbing element and is commutative. Let us consider the relation over such that iff . Then it is possible to prove that (see ): i) is a partial order; ii) and are monotonic on ; iii) is its minimum and its maximum; iv) is a complete lattice and, for all , (where is the least upper bound). Informally, the relation gives us a way to compare semiring values and constraints. In fact, when we have (or simply when the semiring will be clear from the context), we will say that b is better than a.
In  the authors extended the semiring structure by adding the notion of division, i.e. , as a weak inverse operation of . An absorptive semiring is invertible if, for all the elements such that , there exists an element such that . If is absorptive and invertible, then, is invertible by residuation if the set admits a maximum for all elements such that . Moreover, if is absorptive, then it is residuated if the set admits a maximum for all elements , denoted . With an abuse of notation, the maximal element among solutions is denoted . This choice is not ambiguous: if an absorptive semiring is invertible and residuated, then it is also invertible by residuation, and the two definitions yield the same value.
To use these properties, in  it is stated that if we have an absorptive and complete semiring111If is an absorptive semiring, then is complete if it is closed with respect to infinite sums, and the distributivity law holds also for an infinite number of summands., then it is residuated. For this reason, since all classical soft constraint instances (i.e. Classical CSPs, Fuzzy CSPs, Probabilistic CSPs and Weighted CSPs) are complete and consequently residuated, the notion of semiring division (i.e. ) can be applied to all of them.
Soft Constraint System.
A soft constraint [7, 3] may be seen as a constraint where each instantiation of its variables has an associated preference. Given and an ordered set of variables over a finite domain , a soft constraint is a function which, given an assignment of the variables, returns a value of the semiring. Using this notation is the set of all possible constraints that can be built starting from , and .
Any function in involves all the variables in , but we impose that it depends on the assignment of only a finite subset of them. So, for instance, a binary constraint over variables and , is a function , but it depends only on the assignment of variables (the support of the constraint, or scope). Note that means where is modified with the assignment . Notice also that, with , the result we obtain is a semiring value, i.e. .
Given set , the combination function is defined as (see also [7, 3, 9]). Having defined the operation on semirings, the constraint division function is instead defined as . Informally, performing the or the between two constraints means building a new constraint whose support involves all the variables of the original ones, and which associates with each tuple of domain values for such variables a semiring element which is obtained by multiplying or, respectively, dividing the elements associated by the original constraints to the appropriate sub-tuples. The partial order over can be easily extended among constraints by defining . Consider set and partial order . Then an entailment relation is defined s.t. for each and , we have (see also [3, 9]).
Given a constraint and a variable , the projection [7, 3, 9] of over , written is the constraint s.t. . Informally, projecting means eliminating some variables from the support. This is done by associating with each tuple over the remaining variables a semiring element which is the sum of the elements associated by the original constraint to all the extensions of this tuple over the eliminated variables. To treat the hiding operator of the language, a general notion of existential quantifier is introduced by using notions similar to those used in cylindric algebras. For each , the hiding function [3, 9] is defined as .
To model parameter passing, for each a diagonal constraint [3, 9] is defined as s.t., if and if . Considering a semiring , a domain of the variables , an ordered set of variables and the corresponding structure , then 222 and respectively represent the constraints associating and to all assignments of domain values; in general, the function returns the semiring value . is a cylindric constraint system (“a la Saraswat” ).
Soft CSP and an Example.
A Soft Constraint Satisfaction Problem (SCSP)  defined as : is the set of constraints and is the set of variables of interest for the constraint set , which however may concern also variables not in . This is called the best level of consistency and it is defined by , where ; notice that . We also say that: is -consistent if ; is consistent iff there exists such that is -consistent; is inconsistent if it is not consistent.
Figure 1 shows a weighted CSP as a graph. Variables and constraints are represented respectively by nodes and by undirected arcs (unary for and , and binary for ), and semiring values are written to the right of each tuple. The variables of interest (that is the set ) are represented with a double circle (i.e. variable ). Here we assume that the domain of the variables contains only elements and . For example, the solution of the weighted CSP of Fig. 1 associates a semiring element to every domain value of variable . Such an element is obtained by first combining all the constraints together. For instance, for the tuple (that is, ), we have to compute the sum of (which is the value assigned to in constraint ), (which is the value assigned to in ) and (which is the value for in ). Hence, the resulting value for this tuple is . We can do the same work for tuple , and . The obtained tuples are then projected over variable x, obtaining the solution and . The blevel for the example in Fig. 1 is (related to the solution , ).
3 Service Oriented Architectures and QoS Aspects
Service Oriented Architecture (SOA) can be defined as a group of services, which communicate with each other [25, 24]. The process of communication involves either simple data passing or it could involve two or more services coordinating some activity. Basic services, their descriptions, and basic operations (publication, discovery, selection, and binding) that produce or utilize such descriptions constitute the SOA foundation. The main part of SOA is loose coupling of the components for integration. Services are defined by their interface, describing both functional and non-functional behaviour. Functional includes describing data formats, pre and post conditions and the operation performed by the service. Non-functional behaviour includes security and other QoS parameters. The main four features of SOA consist in Coordination, Monitoring, Conformance and Quality of Service (QoS) composition .
Services are self describing, open components that support rapid, low-cost composition of distributed applications. Services are offered by service providers, which are organizations that procure the service implementations, supply their service descriptions, and provide related technical and business support. Since services may be offered by different enterprises and communicate over the Internet, they provide a distributed computing infrastructure for both intra and cross-enterprise  application integration and collaboration. Service descriptions are used to advertise the service capabilities, interface, behaviour, and quality. Publication of such information, about available services, provides the necessary means for discovery, selection, binding, and composition of services. Service clients (end-user organizations that use some service) and service aggregators (organizations that consolidate multiple services into a new, single service offering) utilize service descriptions to achieve their objectives.
QoS measures include also dependability aspects: dependability as applied to a computer system is defined by the IFIP 10.4 Working Group on Dependable Computing and Fault Tolerance as : “[..] the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers [..]”.
Some different QoS/dependability measurements can be applied to a system to determine its overall quality. A very general list of attributes is: i) Availability
- the probability that a service is present and ready for use;ii) Reliability - the capability of maintaining the service and service quality; iii) Safety - the absence of catastrophic consequences; iv) Confidentiality - information is accessible only to those authorized to use it; v) Integrity - the absence of improper system alterations; and vi) Maintainability - to undergo modifications and repairs. Some of these attributes, as availability, are quantifiable by direct measurements (i.e. they are rather objective scores), but others are more subjective, e.g. safety.
The semiring algebraic structures (see Sec. 2) prove to be an appropriate and very expressive cost model to represent the QoS metrics shown in this Section. The cartesian product of multiple c-semirings is still a c-semiring  and, therefore, we can model also a multicriteria optimization. In the following list we present some possible semiring instantiations and some of the possible metrics they can represent:
Weighted semirings ( is the arithmetic sum). In general, this semiring can represent additive metrics: it can be used to count events or quantities to minimize the resulting sum, e.g. to save money while composing different services with different costs, or to minimize the downtime of service components (availability and reliability can be modeled this way).
Fuzzy semirings . It can be used to represent fuzzy preferences on components, e.g. low, medium or high reliability when detailed information is not available. This semiring can be used to represent concave metrics, in which the composition result of all the values is obtained by “flattening” to the “worst” or “best” value. One more application example is represented by the aggregation of bandwidth values along a network route or, however, by aggregating concave values on a pipeline of sub-services.
Probabilistic semirings ( is the arithmetic multiplication). Multiplicative metrics can be modeled with this semiring. As an example, this semiring can optimize (i.e. maximize) the probability of successful behavior of services, by choosing the composition that optimizes the multiplication of probabilities. For example, the frequency of system faults can be studied from a probabilistic point of view; also availability can be represented with a percentage value.
Set-Based semirings . Properties and features of the service components can be represented with this semiring. For example, in order to represent related security rights, or time slots in which the services can be used (security issues).
Classical semirings . The classical semiring can be adopted to cast crisp constraints in the semiring-based framework defined in [3, 8]. Even this semiring can be used to check if some properties are entailed by a service definition (i.e. true of false values), by composing the properties of its components together.
4 Soft Constraints to Enforce System Integrity
In this Section we show that soft constraints can model the implementation of a service described with a policy document [2, 22]; this really happens in practice by using the Web Services Description Language (WSDL) that is an XML-based language that provides a model for describing web services . Moreover, by using the projection operator (i.e. in Sec. 2) on this policy, which consists in the composition (i.e. in Sec. 2) of different soft constraints, we obtain the external interface of the service that are used to match the requests. This view can be used to check the integrity of the system, that is if a particular service ensures the consistency of actions, values, methods, measures and principles; as a reminder, integrity can be seen as one of the QoS attributes proposed in Sec. 3. The integrity attribute is very important when different sub-services from distinct providers are composed together to offer a single structured service. The results presented here are inspired by the work in .
For the scenario example in Fig. 2, suppose to have a digital photo editing service decomposed as a set of sub-services; the compression/decompression module (i.e. COMPF) is located on the client side, while the other filter modules are located on the side of the editing company and can be reached through the network. The first module, i.e. BWF turns the colors in grey scale and the REDF filter absorbs green and blue and let only red become lighter. The client wants to compress (e.g. in a JPEG format) and send a remarkable number of photos (e.g. the client is a photo shop) to be double filtered and returned by the provider company; filters must be applied in a pipeline scheme, i.e. REDF goes after BWF.
The structure of the system represented in Fig. 2 corresponds to a federated system. It is defined as a system composed of components within different administrative entities cooperating to provide a service ; this definition perfectly matches our idea of SOA.
As a first example we consider the Classical semiring presented in Sec. 3, therefore, in practice we show a crisp constraint case. We suppose to have four variables outcomp, incomp, bwbyte and redbyte, which respectively represent the size in bytes of the photo at the beginning of the process, after applying the black-and-white filter, the red filter and after compressing the obtained black-and-white photo. Since the client has a limited memory space, it wants that the memory occupied by the photo does not increase after the filtering and compressing process:
The following three constraints represent the policies compiled respectively by the staff of the BWF module, the REDF module and COMPF module. They state, following their order, that applying the BWF filter reduces the size of the image, applying the REDF filter reduces the size of the received black-and-white image and, at last, compressing the image reduces its size.
The integration of the three policies (i.e. soft constraints) describes
Integrity is ensured in this system since Imp1 ensures the high-level requirement Memory.
We are unconcerned about the possible values of the ‘internal’ variables bwbyte and redbyte and thus the constraint relation describes the constraints in Imp1 that exist between variables incomp and outcomp}. By definition, the above equation defines that all of the possible solutions of are solutions of Memory, that is, for any assignment of variables then
We say that the requirement locally refines requirement through the interface described by the set of variables iff .
Continuing the example in Fig. 2, we assume that the application system will behave reliably and uphold BWFilter and Compression. Let us suppose instead that it is not reasonable to assume that REDF will always act reliably, for example because the software of the red filter has a small bug when the size of the photo is Kbyte. In practice, REDF could take on any behavior:
Imp2 is a more realistic representation of the actual filtering process. It more accurately reflects the reliability of its infrastructure than the previous design Imp1. However, since redbyte is no longer constrained it can take on any value, and therefore, incomp is unconstrained and we have
that is, the implementation of the system is not sufficiently robust to be able to deal with internal failures in a safe way and uphold the memory probity requirement.
(Dependability and Constraints ) If gives requirements for an enterprise and is its proposed implementation, including details about the nature of the reliability of its infrastructure, then is as dependably safe as at interface that is described by the set of variables if and only if .
When a quantitative analysis of the system is required, then it is necessary to represent these properties using soft constraints. This can be done by simply considering a different semiring (see Sec. 3), while the same considerations provided for the previous example with crisp constraints (by using the Classical semiring) still hold.
With a quantitative analysis, now consider that we aim not only to have a correct implementation, but, if possible, to have the “best” possible implementation. We keep the photo editing example provided in Fig. 2, but we now represent the fact that constraints describe the reliability percentage, intended as the probability that a module will perform its intended function. For example, the following (probabilistic) soft constraint shows how the compression reliability performed in BWFilter is linked to the initial and final number of bytes of the treated image:
tells us that the compression does not work if the input image is more than , while is completely reliable if is less than . Otherwise, this probability depends on the compression efficiency: more that the image size is reduced during the compression, more that it is possible to experience some errors, and the reliability consequently decreases. For example, considering the definition of , if the input image is and compressed is , then the probability associated to this variable instantiation is .
In the same way, we can define and that respectively shows the reliability for the REDFilter and Compression modules. Their composition represents the global reliability of the system. If is the soft constraint representing the minimum reliability that the system must provide (e.g. is expressed by a client of the photo editing system), then if
we are sure that the reliability requirements are entailed by our system. Moreover, by exploiting the notion of best level of consistency (see the blevel in Sec. 2), we can find the best (i.e. the most reliable) implementation among those possible.
At last, notice also that the projection operator (i.e. the operator explained in Sec. 2) can be used to model a sort of function declaration to the “outside world”: soft constraints represent the internal implementation of the service, while projecting over some variables leads to the interface of the service, that is what is visible to the other software components.
5 A Nonmonotonic sccp Language for the Negotiation
In this Section we present a formal language based on soft constraints ; the language is tied to the monitoring of QoS aspects, as shown in Subsec. 5.1. Given a soft constraint system as defined in Sec. 2 and any related constraint , the syntax of agents in nmsccp is given in Fig. 3. is the class of programs, is the class of sequences of procedure declarations (or clauses), is the class of agents, ranges over constraints, is a set of variables and is a tuple of variables.
The is a generic checked transition used by several actions of the language. Therefore, to simplify the rules in Fig. 5 we define a function (where ), that, parametrized with one of the four possible instances of (C1-C4 in Fig. 4), returns true if the conditions defined by the specific instance of are satisfied, or false otherwise. The conditions between parentheses in Fig. 4 claim that the lower threshold of the interval clearly cannot be “better” than the upper one, otherwise the condition is intrinsically wrong.
In Fig. 4 C1 checks if the -consistency of the problem is between and . In words, C1 states that we need at least a solution as good as entailed by the current store, but no solution better than ; therefore, we are sure that some solutions satisfy our needs, and none of these solutions is “too good”.
To give an operational semantics to our language we need to describe an appropriate transition system , where is a set of possible configurations, is the set of terminal configurations and is a binary relation between configurations. The set of configurations is , where while the set of terminal configurations is instead . The transition rules for the nmsccp language are defined in Fig. 5.
In the following we provide a description of the transition rules in Fig. 5. For further details, please refer to . In the Tell rule (R1), if the store satisfies the conditions of the specific transition of Fig. 4, then the agent evolves to the new agent over the store . Therefore the constraint is added to the store . The conditions are checked on the (possible) next-step store: i.e. . To apply the Ask rule (R2), we need to check if the current store entails the constraint and also if the current store is consistent with respect to the lower and upper thresholds defined by the specific transition arrow: i.e. if is true.
Parallelism and nondeterminism: the composition operators and respectively model nondeterminism and parallelism. A parallel agent (rules R3 and R4) will succeed when both agents succeed. This operator is modelled in terms of interleaving (as in the classical ccp): each time, the agent can execute only one between the initial enabled actions of and (R3); a parallel agent will succeed if all the composing agents succeed (R4). The nondeterministic rule R5 chooses one of the agents whose guard succeeds, and clearly gives rise to global nondeterminism. The Nask rule is needed to infer the absence of a statement whenever it cannot be derived from the current state: the semantics in R6 shows that the rule is enabled when the consistency interval satisfies the current store (as for the ask), and is not entailed by the store: i.e. . Retract: with R7 we are able to “remove” the constraint from the store , using the constraint division function defined in Sec. 2. According to R7, we require that the constraint is entailed by the store, i.e. . The semantics of Update rule (R8)  resembles the assignment operation in imperative programming languages: given an , for every it removes the influence over of each constraint in which is involved, and finally a new constraint is added to the store. To remove the information concerning all , we project (see Sec. 2) the current store on , where is the set of all the variables of the problem and is a parameter of the rule (projecting means eliminating some variables). At last, the levels of consistency are checked on the obtained store, i.e. . Notice that all the removals and the constraint addition are transactional, since are executed in the same rule. Hidden variables: the semantics of the existential quantifier in R9 can be described by using the notion of freshness of the new variable added to the store . Procedure calls: the semantics of the procedure call (R10) has already been defined in : the notion of diagonal constraints (as defined in Sec. 2) is used to model parameter passing.
One application of the nmsccp language is to model generic entities negotiating a formal agreement, i.e. a SLA [2, 22], where the level of service is formally defined. The main task consists in accomplishing the requests of all the agents by satisfying their QoS requirements. Considering the fuzzy negotiation in Fig. 6 (Fuzzy semiring: ) both a provider and a client (offering and acquiring a web service, for example) can add their request to the store (respectively and ): the thick line represents the consistency of after the composition (i.e. ), and the blevel of this SCSP (see Sec. 2) is the max, where both requests intersects (i.e. in ).
We present three short examples to suggest possible negotiation scenarios. We suppose there are two distinct companies (e.g. providers and ) that want to merge their services in a sort of pipeline, in order to offer to their clients a single structured service: e.g. completes the functionalities of . This example models the cross-domain management of services proposed in . The variable represents the global number of failures they can sustain during the service provision, while the preference models the number of hours (or a money cost in hundreds of euros) needed to manage them and recover from them. The preference interval on transition arrows models the fact that both and explicitly want to spend some time to manage the failures (the upper bound in Fig. 4), but not so much time (lower bound in Fig. 4). We will use the Weighted semiring and the soft constraints given in Fig. 7. Even if the examples are based on a single criterion (i.e. the number of hours) for sake of simplicity, they can be extended to the multicriteria case, where the preference is expressed as a tuple of incomparable criteria.
Example 5.1 (Tell and negotiation)
and both want to present their policy (respectively represented by and ) to the other party and to find a shared agreement on the service (i.e. a SLA). Their agent description is: , executed in the store with empty support (i.e. ). Variables and are used only for synchronization and thus will be ignored in the following considerations (e.g. replaced by the agents in Ex. 5.2). The final store (the merge of the two policies) is , and since is not included in the last preference interval of (between and ), does not succeed and a shared agreement cannot be found. The practical reason is that the failure management systems of need at least hours (i.e. ) even if no failures happen (i.e. ). Notice that the last interval of requires that at least hour is spent to check failures.
Example 5.2 (Retract)
After some time (still considering Ex. 5.1), suppose that wants to relax the store, because its policy is changed: this change can be performed from an interactive console or by embedding timing mechanisms in the language as explained in . The removal is accomplished by retracting , which means that has improved its failure management systems. Notice that has not ever been added to the store before, so this retraction behaves as a relaxation; partial removal is clearly important in a negotiation process. is executed in . The final store is , and since , both and now succeed (it is included in both intervals).
Example 5.3 (Update)
The update can instead be used for substantial changes of the policy: for example, suppose that . This agent succeeds in the store , where and (i.e. the polynomial describing the final store). Therefore, the first policy based on the number of failures (i.e. ) is updated such that is “refreshed” and the newly added policy (i.e. ) depends only on the number of system reboots. The consistency level of the store (i.e. the number of hours) now depends only on the variable of the SCSP. Notice that the component of the final store derives from the “old” , meaning that some fixed management delays are included also in this new policy.
6 Related Work
There exist already several proposals for languages which allow to specify (Web) services and their composition, at different levels of abstractions, ranging from description languages such as WSDL (which allows to describe services essentially as collections of ports), to orchestration languages (XLANG, WSFL and WS-BPEL) and choreography languages (WS-CDL and BPEL4Chor) which allow to define composition of services either in terms of a centralized meta-service (the orchestrator) or by considering the reciprocal interactions (the choreography) among the different services (without centralization). There exist also some specific proposals [16, 14] for describing contracts and their relevant properties. However a general, established theory of contracts is still missing. Furthermore most languages do not take into account SLAs, that is aspects of contracts such as cost, performance or availability, which are related to QoS.
Other papers have been proposed in order to study dependability aspects in SOAs, for example by using the Architecture Analysis and Design Language (AADL). In  the authors purpose a modeling framework allowing the generation of dependability-oriented analytical models from AADL models, to facilitate the evaluation of dependability measures, such as reliability or availability. The AADL dependability model is transformed into a Generalized Stochastic Petri Net (GSPN) by applying model transformation rules.
The frameworks presented in this paper can join the other formal approaches for architectural notations: Graph-Based, Logic-Based and Process Algebraic approaches . A formal foundation underlying is definitely important, since, for example, UML alone can offer a number of alternatives for representing architectures: therefore, this lack of precision can lead to a semantic misunderstanding of the described architectural model . Compared to other formal methods , constraints are very expressive and close to the human way of describing properties and relationships; in addition, their solution techniques have a long and successful history . The qualitative/quantitative architectural evaluation can be accomplished by considering different semirings (see Sec 2): our framework is highly parametric and can consequently deal with different QoS metrics, as long as they can be represented as semirings.
Other works have studied the problem of issuing requests to a composition of web services as a crisp constraint-based problem , but without optimizing non-functional aspects of services, as we instead do with (semiring-based) soft constraints. For a more precise survey on the architectural description of dependable software systems, please refer to . The most direct comparison for nmsccp in Sec. 5 is with the work in , in which soft constraints are combined with a name-passing calculus. The most important difference is that in nmsccp we do not have the concept of constraint token and it is possible to remove every that is entailed by the store, even if is syntactically different from all the previously added.
7 Conclusions and Future Work
We have proved that soft constraints and their related operators (e.g. , , in Sec. 2) can model and manage the composition of services in SOAs by taking in account QoS metrics. The key idea is that constraint relationships model the implementation of a service component (described as a policy), while the “softness” (i.e. the preference value associated with the soft constraint) represents one or more QoS measures, as reliability, availability and so on (see Sec. 3). In this way, the composition of services can be monitored and checked, and the best quality result can be found on this integration. It may also be desirable to describe constraints and capabilities (also, “policy”) regarding security: a web service specification could require that, for example, “you MUST use HTTP Authentication and MAY use GZIP compression”.
Two different but very close contributions are collected in this work. The first contribution in Sec. 4 is that the use of soft constraints permits one to perform a quantitative analysis of system integrity. The second contribution, explained in Sec. 5, proposes the use of a formal language based on soft constraints in order to model the composition of different service components while monitoring QoS aspects at the same time.
All the models and techniques presented in this work can be implemented and integrated together in a suite of tools, in order to manage and monitor QoS while building SOAs. To accomplish this task, we could extend an existent solver such as Gecode , which is an open, free, portable, accessible, and efficient environment for developing constraint-based systems and applications. The main results would be the development of a SOA query engine, that would use the constraint satisfaction solver to select which available service will satisfy a given query. It would also look for complex services by composing together simpler service interfaces.
-  P. Bhoj, S. Singhal & S. Chutani (2001): SLA management in federated environments. Comput. Networks 35(1), pp. 5–24.
-  S. Bistarelli (2004): Semirings for Soft Constraint Solving and Programming, LNCS 2962. Springer, London, UK.
-  S. Bistarelli & S.N. Foley (2003): A Constraint Framework for the Qualitative Analysis of Dependability Goals: Integrity. In: S. Anderson, M. Felici & B. Littlewood, editors: SAFECOMP, LNCS 2788. Springer, pp. 130–143.
-  S. Bistarelli, M. Gabbrielli, M. C. Meo & F. Santini (2008): Timed Soft Concurrent Constraint Programs. In: Doug Lea & Gianluigi Zavattaro, editors: COORDINATION, LNCS 5052. Springer, pp. 50–66.
-  S. Bistarelli & F. Gadducci (2006): Enhancing Constraints Manipulation in Semiring-Based Formalisms. In: European Conference on Artificial Intelligence (ECAI). pp. 63–67.
-  S. Bistarelli, U. Montanari & F. Rossi (1997): Semiring-based constraint satisfaction and optimization. J. ACM 44(2), pp. 201–236.
-  S. Bistarelli, U. Montanari & F. Rossi (1997): Semiring-based Constraint Solving and Optimization. Journal of the ACM 44(2), pp. 201–236.
-  S. Bistarelli, U. Montanari & F. Rossi (2006): Soft concurrent constraint programming. ACM Trans. Comput. Logic 7(3), pp. 563–589.
-  S. Bistarelli & F. Rossi (2008): Semiring-Based Soft Constraints. In: P. Degano, R. De Nicola & J. Meseguer, editors: Concurrency, Graphs and Models, LNCS 5065. Springer, pp. 155–173.
-  S. Bistarelli & F. Santini (2009): A Nonmonotonic Soft Concurrent Constraint Language for SLA Negotiation. In: A. Aldini, M.H. ter Beek & F. Gadducci, editors: VODCA’08: Proceedings 3rd International Workshop on Views On Designing Complex Architectures, Electr. Notes Theor. Comput. Sci. 236. pp. 147–162.
-  F. S. de Boer, J. N. Kok, C. Palamidessi & J. M. M. Rutten (1993): Non-monotonic Concurrent Constraint Programming. In: ILPS. pp. 315–334.
-  J.S. Bradbury, J.R. Cordy, J. Dingel & M. Wermelinger (2004): A survey of self-management in dynamic software architecture specifications. In: WOSS’04: Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems. ACM, New York, NY, USA, pp. 28–33.
-  M. Bravetti & G. Zavattaro (2007): Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In: M. Lumpe & W. Vanderperren, editors: Software Composition, LNCS 4829. Springer, pp. 34–50.
-  M.G. Buscemi & U. Montanari (2007): CC-Pi: A Constraint-Based Language for Specifying Service Level Agreements. In: ESOP’07, LNCS 4421. Springer, pp. 18–32.
-  S. Carpineti, G. Castagna, C. Laneve & L. Padovani (2006): A Formal Account of Contracts for Web Services. In: Mario Bravetti, Manuel Núñez & Gianluigi Zavattaro, editors: WS-FM, LNCS 4184. Springer, pp. 148–162.
-  S.N. Foley (1998): Evaluating system integrity. In: NSPW ’98: Proceedings of the 1998 workshop on New security paradigms. ACM, New York, NY, USA, pp. 40–47.
-  S.N. Foley (2003): A Non-Functional Approach to System Integrity. In: IEEE Journal on Selected Areas in Commications, 21(1). pp. 36–43.
-  C. Gacek & R. de Lemos (2006): Architectural Description of Dependable Software Systems. In: D. Besnard, C. Gacek & C. Jones, editors: Structure for Dependability: Computer-Based Systems from an Interdisciplinary Perspective. Springer-Verlag, pp. 127–142.
-  D. Garlan, S.-W. Cheng & A. J. Kompanek (2002): Reconciling the needs of architectural description with object-modeling notations. Sci. Comput. Program. 44(1), pp. 23–49.
-  IFIP (1998): IFIP WG 10.4 on Dependable Computing and Fault Tolerance. Technical Report, International Federation For Information Processing.
-  A. Keller & H. Ludwig (2003): The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. J. Netw. Syst. Manage. 11(1), pp. 57–81.
-  A. Lazovik, M. Aiello & R. Gennari (2005): Encoding Requests to Web Service Compositions as Constraints. In: Conference on Principles and Practice of Constraint Programming (CP’05). pp. 782–786.
-  M.P. Papazoglou (2003): Service-Oriented Computing: Concepts, Characteristics and Directions. Web Information Systems Engineering, International Conference on 0, p. 3.
-  M.P. Papazoglou & D. Georgakopoulos (2003): Service oriented computing. Commun. ACM 46(10).
-  F. Rossi, P. van Beek & T. Walsh (2006): Handbook of Constraint Programming (Foundations of Artificial Intelligence). Elsevier Science Inc., New York, NY, USA.
-  A.E. Rugina, K. Kanoun & M. Kaâniche (2006): A System Dependability Modeling Framework Using AADL and GSPNs. In: R. de Lemos, C. Gacek & A. B. Romanovsky, editors: WADS, LNCS 4615. Springer, pp. 14–38.
-  F. Santini (2008): Managing Quality of Service with Soft Constraints. In: D. Fox & C. P. Gomes, editors: AAAI. AAAI Press, pp. 1869–1870.
-  F. Santini (2008): Managing Quality of Service with Soft Constraints. In: M. G. de la Banda & E. Pontelli, editors: ICLP, LNCS 5366. Springer, pp. 815–817.
-  C. Schulte (2002): Programming Constraint Services, Lecture Notes in Artificial Intelligence 2302. Springer-Verlag.
-  M. Wirsing, A. Clark, S. Gilmore, M. Hölzl, A. Knapp, N. Koch & A. Schroeder (2006): Semantic-Based Development of Service-Oriented Systems. In: E. Najm, J.F. Pradat-Peyre & V. Donzeau-Gouge, editors: FORTE, LNCS 4229. Springer, pp. 24–45.