Modern middleware has roots in object-based distributed programming models [4] and actors [1] developed in the mid-1980s. Later, the need for component integration and interoperability across different operating systems motivated development of standardized interface definitions, protocols, and architectures, including the Object Management Group’s CORBA. More recently, Java and its related technologies, including JavaBeans, have provided a new set of powerful facilities for distributed programming using remote method invocation, code mobility, dynamic class loading, object serialization, and reflection. Yet another path to middleware development is motivated by meta-computing executing parallel programs on networked computers; results include Globus and other WAN-based middleware systems [6].
The requirement by many distributed applications for new classes of service from next-generation middleware architectures is driven by four factors:
- The increasing importance of component integration, as opposed to programming;
- New paradigms for distributed computing based on mobile code and mobile agent technologies;
- Development of context-aware smart environments [9]; and
- Multimedia-based real-time interactions in groupware and collaboration systems.
To address the increasingly complex requirements in building and managing distributed applications, next-generation middleware systems are being designed to support policy-driven integration of application-level components with system-level services and resources. The policies are defined by application developers as well as by system administrators. Security is another area of concern; security requirements in distributed applications are increasingly complex because of the need to integrate components across administrative domains and the mobility of users and components in open systems. An application spanning multiple autonomous administrative domains further complicates policy enforcement.
The conceptual framework described here involves middleware architectures to support policy-based development of distributed applications.
Framework
Distributed applications’ nonfunctional requirements are related to the application’s quality-of-service (QoS). The traditional notion of QoS largely pertains to performance measures like throughput and latency. A more general view of QoS includes reliability, availability, security, debugging support, real-time guarantees, and synchronization of data streams in multimedia delivery. Middleware structures for implementing complex policies related to these aspects of QoS require mechanisms based on meta-level reflection, aspect orientation, and QoS-based allocation of underlying network- and operating-system-level resources.
The figure outlines a conceptual framework for an application’s policy-driven deployment by middleware. The middleware consists of a set of services; the most common include: name service, resource directories, discovery protocols, resource-access protocols, public-key certification, key management, and event notification. A middleware platform may be designed for a specific class of applications for which it provides certain specialized services. For example, middleware for a computer supported cooperative work (CSCW) application may provide services for role management and role-based security policy administration.
In the framework, integration of distributed components is expressed in terms of a formal specification of requirements for coordination, security, reliability, performance, and event logging for auditing and debugging. These requirements are represented as different aspects of an application. For each such aspect, appropriate policy modules are specified or derived from the requirements. From the policy modules, the middleware constructs appropriate policy-enforcement mechanisms, integrating them with application components and system services using meta-level protocols; these protocols support component integration using reflection, aspect management, and QoS-based resource allocation.
Policy-driven middleware requires techniques to validate policies for any conflicts, derivation of suitable policy-enforcement mechanisms, and secure installation of these mechanisms in a distributed system. This approach is exemplified in my research group’s work on middleware for secure distributed collaborations (see the sidebar “Policy-driven Middleware for Computer Supported Cooperative Work”).
Reflection. Reflection allows a system to examine or alter its behavior by manipulating a set of meta-objects encapsulating its implementation-level representation. Reflection provides the mechanisms for enforcing application-specific policies in the framework. Reflection by middleware services for QoS and fault tolerance has been demonstrated by several researchers [2, 3]; for example, the middleware design in [3] uses reflection for altering the protocols stack of a communication system; the middleware design in [2] uses reflection for defining customizable communication protocols and resource access for a group of distributed components.
QoS requirements and aspect management. QoS requirements need to be presented to the middleware as part of an application’s policy modules. The policies indicate acceptable QoS for an aspect under a given set of conditions. The middleware needs specific mechanisms for managing the QoS requirements for each aspect. In general, all such mechanisms require configuration and control of end-to-end components, middleware services, and underlying network/operating-system-level resources.
The policy-enforcement mechanisms in the figure are generated by the middleware and interfaced with both the application-defined components and the system services. Certain QoS mechanisms may require control over the allocation of system-level resources. For example, end-to-end QoS in a multimedia application requires network-level mechanisms, such as the RSVP protocol, as exemplified by the QuO middleware [7], and real-time scheduling by the underlying operating system kernel [10]. Similarly, the requirement of a desired level of availability of an application’s data might involve replication at various nodes that were selected based on their observed uptime.
The system-defined administrative policies for resource allocation dominate application-defined policies. Mechanisms are required for monitoring underlying system-level resources, as well as application-level components, and resource management decisions may need to be changed when certain events occur.
Services and Protocols
Deviating from the network-transparency model, next-generation middleware architectures have to expose to the programmer the distribution and other characteristics of network resources. I therefore emphasize the following services for emerging applications and how they need to be orchestrated by the middleware.
Event notification. Event service is a core component of middleware for dynamic environments. The publisher-subscriber model is a commonly adopted paradigm for event services. Policy-driven middleware must support the following requirements:
- Integration of application-defined security policies for event dissemination; and
- Definition of application-directed policies for event aggregation, correlation, and filtering.
Context-aware computing. The need for middleware support for context-aware applications is motivated by several factors. First, an adaptive service may sense the execution context and environment of its client, then select an appropriate set of protocols according to the specified policies. For example, if a client is executing on a resource-limited device through a low-bandwidth link, it may use a simple protocol of interaction and information presentation. Second, there is a growing trend in the research community toward building smart systems able to take proactive actions for users. For example, for mobile users, the system might anticipate or detect that they would be moving to another location and copy or move their data to nodes closer to the new location. Such proactive actions have to be based on user profiles and specified policies.
Device mobility and resource discovery. Middleware support for mobile users and devices in the form of wearable computers and handhelds is an important research area for future computing environments. Resource-discovery protocols, such as UPnP and Bluetooth, are designed for ad hoc networking of wireless devices, whereas Sun Microsystems’ Jini performs discovery of components through Java interfaces. These devices need to discover, address, and communicate with one another to obtain descriptions of their functions and services; a rich set of description methods is needed for this purpose. The resource-discovery protocols may also need to interface with the event service. More importantly, such ad hoc networking protocols have to function within the restrictions imposed by each networked application’s security policies.
Mobility of objects and agents. The mobility of objects, particularly those representing active components, provides new paradigms for structuring distributed applications. Mobile objects and agents can be used in different ways, including:
- Perform remote operations asynchronously in distributed applications;
- Support system administration tasks, including the upgrading of middleware services, and composing new services by integrating mobile components; and
- Support the mobility of mobile users’ computing environments.
Several Java-based mobile-agent programming platforms have emerged in recent years to address these needs [11]. Mobile agents raise two important security problems: protecting host resources from malicious agents and protecting agents from attacks by malicious hosts. The first is addressed by several systems using Java’s security architecture; enforcement of resource-consumption limits on agents is an issue requiring further research. In regard to agent protection, mechanisms are available for detecting any tampering of an individual agent’s state or use of “stolen” credentials [11]; further research is needed in mechanisms to detect the tampering of an agent’s code by a malicious host.
Inter-agent communication is another area requiring further investigation. An agent’s use of network resources is subject to the remote host’s security policies. Moreover, support for authenticated inter-agent communication requires distributed trust models, as an agent cannot carry with it any secret keys for a challenge-response-based protocol.
Security services. The functions of a security service go beyond key management and authentication. Policy-enforcement mechanisms have to be distributed and interfaced with the components in a secure manner, and middleware support is required to update them securely, as policies tend to be dynamic in modern applications. Security requirements also influence other services in the system. Moreover, in regard to underlying resources, security requirements might be specified, such as by anointing certain nodes as untrusted and prohibiting the system from storing the application’s data on them. An important area for further research is development of distributed trust models and their policy-based integration with applications.
Conclusion
Increasingly complex QoS requirements in distributed applications require policy-driven middleware services. Dynamic security requirements, user and component mobility, ad hoc networking of devices, and context-aware computing pose new challenges motivating this approach.
Figure. An approach to building CSCW systems using policy-driven middleware.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment