[Back]


Doctor's Theses (authored and supervised):

I. Rauf:
"Design and Validation of Stateful Composite RESTful Web Services TUCS Dissertations No 177";
Supervisor, Reviewer: I. Porres, G. Kappel, C. Pautasso; Institut für Softwaretechnik und Interaktive Systeme, 2014; oral examination: 2014-03-07.



English abstract:
A web service is a software system that provides a machine-processable interface
to the other machines over the network using different Internet protocols. They are
being increasingly used in the industry in order to automate different tasks and
offer services to a wider audience. The REST architectural style aims at producing
scalable and extensible web services using technologies that play well with the
existing tools and infrastructure of the web. It provides a uniform set of operation
that can be used to invoke a CRUD interface (create, retrieve, update and delete) of
a web service. The stateless behavior of the service interface requires that every
request to a resource is independent of the previous ones facilitating scalability.
Automated systems, e.g., hotel reservation systems, provide advanced scenarios for
stateful services that require a certain sequence of requests that must be followed
in order to fulfill the service goals. Designing and developing such services for
advanced scenarios with REST constraints require rigorous approaches that are
capable of creating web services that can be trusted for their behavior. Systems that
can be trusted for their behavior can be termed as dependable systems. This thesis
presents an integrated design, analysis and validation approach that facilitates the
service developer to create dependable and stateful REST web services.
The main contribution of this thesis is that we provide a novel model-driven
methodology to design behavioral REST web service interfaces and their compositions.
The behavioral interfaces provide information on what methods can
be invoked on a service and the pre- and post-conditions of these methods. The
methodology uses Unified Modeling Language (UML), as the modeling language,
which has a wide user base and has mature tools that are continuously evolving.
We have used UML class diagram and UML state machine diagram with additional
design constraints to provide resource and behavioral models, respectively, for
designing REST web service interfaces. These service design models serve as
a specification document and the information presented in them have manifold
applications. The service design models also contain information about the time
and domain requirements of the service that can help in requirement traceability
which is an important part of our approach. Requirement traceability helps in
capturing faults in the design models and other elements of software development
environment by tracing back and forth the unfulfilled requirements of the service.
The information about service actors is also included in the design models which is required for authenticating the service requests by authorized actors since not all
types of users have access to all the resources. In addition, following our design
approach, the service developer can ensure that the designed web service interfaces
will be REST compliant.
The second contribution of this thesis is consistency analysis of the behavioral
REST interfaces. To overcome the inconsistency problem and design errors in our
service models, we have used semantic technologies. The REST interfaces are
represented in web ontology language, OWL2, that can be part of the semantic web.
These interfaces are used with OWL 2 reasoners to check unsatisfiable concepts
which result in implementations that fail. This work is fully automated thanks to
the implemented translation tool and the existing OWL 2 reasoners.
The third contribution of this thesis is the verification and validation of REST
web services. We have used model checking techniques with UPPAAL model
checker for this purpose. The timed automata of UML based service design models
are generated with our transformation tool that are verified for their basic characteristics
like deadlock freedom, liveness, reachability and safety. The implementation
of a web service is tested using a black-box testing approach. Test cases are generated
from the UPPAAL timed automata and using the online testing tool, UPPAAL
TRON, the service implementation is validated at runtime against its specifications.
Requirement traceability is also addressed in our validation approach with which
we can see what service goals are met and trace back the unfulfilled service goals
to detect the faults in the design models.
A final contribution of the thesis is an implementation of behavioral REST
interfaces and service monitors from the service design models. The partial code
generation tool creates code skeletons of REST web services with method pre and
post-conditions. The preconditions of methods constrain the user to invoke the
stateful REST service under the right conditions and the post condition constraint
the service developer to implement the right functionality. The details of the
methods can be manually inserted by the developer as required. We do not target
complete automation because we focus only on the interface aspects of the web
service.
The applicability of the approach is demonstrated with a pedagogical example
of a hotel room booking service and a relatively complex worked example of
holiday booking service taken from the industrial context. The former example
presents a simple explanation of the approach and the later worked example shows
how stateful and timed web services offering complex scenarios and involving
other web services can be constructed using our approach.

German abstract:
A web service is a software system that provides a machine-processable interface
to the other machines over the network using different Internet protocols. They are
being increasingly used in the industry in order to automate different tasks and
offer services to a wider audience. The REST architectural style aims at producing
scalable and extensible web services using technologies that play well with the
existing tools and infrastructure of the web. It provides a uniform set of operation
that can be used to invoke a CRUD interface (create, retrieve, update and delete) of
a web service. The stateless behavior of the service interface requires that every
request to a resource is independent of the previous ones facilitating scalability.
Automated systems, e.g., hotel reservation systems, provide advanced scenarios for
stateful services that require a certain sequence of requests that must be followed
in order to fulfill the service goals. Designing and developing such services for
advanced scenarios with REST constraints require rigorous approaches that are
capable of creating web services that can be trusted for their behavior. Systems that
can be trusted for their behavior can be termed as dependable systems. This thesis
presents an integrated design, analysis and validation approach that facilitates the
service developer to create dependable and stateful REST web services.
The main contribution of this thesis is that we provide a novel model-driven
methodology to design behavioral REST web service interfaces and their compositions.
The behavioral interfaces provide information on what methods can
be invoked on a service and the pre- and post-conditions of these methods. The
methodology uses Unified Modeling Language (UML), as the modeling language,
which has a wide user base and has mature tools that are continuously evolving.
We have used UML class diagram and UML state machine diagram with additional
design constraints to provide resource and behavioral models, respectively, for
designing REST web service interfaces. These service design models serve as
a specification document and the information presented in them have manifold
applications. The service design models also contain information about the time
and domain requirements of the service that can help in requirement traceability
which is an important part of our approach. Requirement traceability helps in
capturing faults in the design models and other elements of software development
environment by tracing back and forth the unfulfilled requirements of the service.
The information about service actors is also included in the design models which is required for authenticating the service requests by authorized actors since not all
types of users have access to all the resources. In addition, following our design
approach, the service developer can ensure that the designed web service interfaces
will be REST compliant.
The second contribution of this thesis is consistency analysis of the behavioral
REST interfaces. To overcome the inconsistency problem and design errors in our
service models, we have used semantic technologies. The REST interfaces are
represented in web ontology language, OWL2, that can be part of the semantic web.
These interfaces are used with OWL 2 reasoners to check unsatisfiable concepts
which result in implementations that fail. This work is fully automated thanks to
the implemented translation tool and the existing OWL 2 reasoners.
The third contribution of this thesis is the verification and validation of REST
web services. We have used model checking techniques with UPPAAL model
checker for this purpose. The timed automata of UML based service design models
are generated with our transformation tool that are verified for their basic characteristics
like deadlock freedom, liveness, reachability and safety. The implementation
of a web service is tested using a black-box testing approach. Test cases are generated
from the UPPAAL timed automata and using the online testing tool, UPPAAL
TRON, the service implementation is validated at runtime against its specifications.
Requirement traceability is also addressed in our validation approach with which
we can see what service goals are met and trace back the unfulfilled service goals
to detect the faults in the design models.
A final contribution of the thesis is an implementation of behavioral REST
interfaces and service monitors from the service design models. The partial code
generation tool creates code skeletons of REST web services with method pre and
post-conditions. The preconditions of methods constrain the user to invoke the
stateful REST service under the right conditions and the post condition constraint
the service developer to implement the right functionality. The details of the
methods can be manually inserted by the developer as required. We do not target
complete automation because we focus only on the interface aspects of the web
service.
The applicability of the approach is demonstrated with a pedagogical example
of a hotel room booking service and a relatively complex worked example of
holiday booking service taken from the industrial context. The former example
presents a simple explanation of the approach and the later worked example shows
how stateful and timed web services offering complex scenarios and involving
other web services can be constructed using our approach.

Keywords:
REST, CRUD, UML

Created from the Publication Database of the Vienna University of Technology.