As a result of the proliferation of Web 2.0 style web sites, the practice of mashup services has become increasingly popular in the web development community. While mashup services bring flexibility and speed in delivering new valuable services to consumers, the issue of accountability associated with the mashup practice remains largely ignored by the industry. Furthermore, realizing the great benefits of mashup services, industry leaders are eagerly pushing these solutions into the enterprise arena. Although enterprise mashup services hold great promise in delivering a flexible SOA solution in a business context, the lack of accountability in current mashup solutions may render this ineffective in the enterprise environment. This paper defines accountability for mashup services, analyses the underlying issues in practice, and finally proposes a framework and ontology to model accountability. This model may then be used to develop effective accountability solutions for mashup environments. Compared to the traditional method of using QoS or SLA monitoring to address accountability requirements, our approach addresses more fundamental aspects of accountability specification to facilitate machine interpretability and therefore enabling automation in monitoring. 1. Introduction The recent and rapid expansion of Web 2.0 has considerably placed pressure upon industry to institutionalize new technologies and conform to emerging standards. While agreement on the scope of the term Web 2.0 does vary, O’Reilly provides a commonly accepted definition, noting this to include a range of enhanced services including web services, wikis, blogging, BitTorrents, and syndication [1]. The rapid growth of Web 2.0 has also introduced a number of new design patterns and architectural styles in web development. One of the notable techniques involves mashing up information from existing services to deliver new value-added services. This process effectively involves the drawing of content from several sources to create a new content or service. The resulting web page is then referred to as a mashup of the existing content. While mashup services bring flexibility and speed in delivering new valuable services to consumers, the legal implications of using this technology are significant. Researchers in law conclude that the development of mashup services is fraught with potential legal liabilities that require careful consideration [2]. The issue of accountability associated with the mashup practice remains largely ignored by the industry. Current formal practices suggest that the
References
[1]
T. O’Reilly, What Is Web 2.0, Design Patterns and Business Models for the Next Generation of Software, O’Reilly Media, 2005.
[2]
R. S. Gerber, “Mixing it up on the web: legal issues arising from internet mashup,” Intellectual Property and Technology Law Journal, vol. 18, no. 8, 2006.
[3]
Performance-Based Management Special Interest Group, The Performance-Based Management Handbook: Establishing Accountability for Performance, vol. 3, Oak Ridge Associated Universities, 2001.
[4]
J. Zou and C. J. Pavlovski, “Towards accountable enterprise mashup services,” in Proceedings of the IEEE International Conference on e-Business Engineering, pp. 205–212, Hong Kong, China, October 2007.
[5]
D. Martin, M. Burstein, J. Hobbs, et al., “OWL-S Semantic Markup for Web Services. W3C Member Submission,” 2004, http://www.w3.org/Submission/OWL-S/.
[6]
A. Jhingran, “Enterprise information mashups: integrating information, simply,” in Proceedings of the 32nd International Conference on Very Large Data Bases (VLDB '06), pp. 3–4, Seoul, Korea, 2006.
[7]
R. Smith and SOA, Enterprise Mashup Services. Part 1: Real-World SOA or Web 2.0 Novelties?SOA World Magazine, 2007.
[8]
R. Kailar, “Reasoning about accountability in protocols for electronic commerce,” in Proceedings of the 1995 IEEE Symposium on Security and Privacy, IEEE Computer Society, pp. 236–250, May 1995.
[9]
R. Kailar, “Accountability in electronic commerce protocols,” IEEE Transactions on Software Engineering, vol. 22, no. 5, pp. 313–328, 1996.
[10]
S. Bhattacharya and R. Paul, “Accountability issues in multihop message communication,” in Proceedings of IEEE Symposium on Application-Specific Systems and Software Engineering and Technology, pp. 74–81, Richardson, Tex, USA, March 1999.
[11]
M. M. Tseng, J. S. Chuan, and Q. H. Ma, “Accountability centered approach to business process reengineering,” in Proceedings of the 31st Annual Hawaii International Conference on System Sciences, vol. 4, pp. 345–354, January 1998.
[12]
Y. Zhang, K. J. Lin, and T. Yu, “Accountability in service-oriented architecture: computing with reasoning and reputation,” in Proceedings of the IEEE International Conference on e-Business Engineering (ICEBE '06), pp. 123–131, Shanghai, China, October 2006.
[13]
S. Eriksén, “Designing for accountability,” in Proceedings of the second Nordic conference on Human-computer interaction, vol. 31 of ACM International Conference Proceeding Series, pp. 177–186, Aarhus, Denmark, 2002.
[14]
Webster’s Ninth New Collegiate Dictionary, Merriam-Webster, Chicago, Ill, USA, 1991.
[15]
D. G. Johnson and J. M. Mulvey, “Accountability and computer decision systems,” Communications of the ACM, vol. 38, no. 12, pp. 58–64, 1995.
[16]
D. Huang and S. Bracher, “Towards evidence-based trust brokering,” in Proceedings of the 1st International Workshop on Value of Security through Collaboration, pp. 43–50, September 2005.
[17]
S. C. Certo, Principles of Modern Management: Functions and Systems, William C. Brown Publishers, Ames, Iowa, USA, 2nd edition, 1983.
[18]
B. Frost, Measuring Performance, Fairway Press, 1998.
[19]
C. Ellison and B. Schneier, “Ten risks of PKI: what you're not being told about public key infrastructure,” Computer Security Journal, vol. 16, no. 1, pp. 1–7, 2000.
[20]
B. Schneier, Secrets & Lies, Digital Security in a Networked World, John Wiley & Sons, New York, NY, USA, 2000.
[21]
Z. Stojanovic and A. Dahanayake, Eds., Service-Oriented Software System Engineering: Challenges and Practices, IGI Global, 2005.
[22]
K. J. Ma, “Web services: what's real and what's not?” IEEE IT Professional, vol. 7, no. 2, pp. 14–21, 2005.
[23]
J. Luo, B. Montrose, A. Kim, A. Khashnobish, and M. Kang, “Adding OWL-S support to the existing UDDI infrastructure,” in Proceedings of the IEEE International Conference on Web Services (ICWS '06), pp. 153–160, Chicago, Ill, USA, September 2006.
[24]
D. Martin, M. Burstein, O. Lassila, M. Paolucci, T. Payne, and S. McIlraith, “Describing web services using OWL-S and WSDL,” DAML-S Coalition working document, 2003.
[25]
Z. Joe and C. J. Pavlovski, “Modeling architectural non functional requirements: from use case to control case,” in Proceedings of the IEEE International Conference on e-Business Engineering (ICEBE '06), pp. 315–322, Shanghai, China, October 2006.
[26]
A. Andrieux, K. Czajkowski, K. Keahey, et al., “Web services agreement specification (WS-Agreement),” Grid Resource Allocation Agreement Protocol (GRAAP) Working Group, Open Grid Forum, 2005.
[27]
B. Margolis and J. Sharpe, SOA For the Business Developer: Concepts, BPEL, and SCA, MC Press, 1st edition, 2007.
[28]
M. Martin, “Statement of work: the foundation for delivering successful service projects,” PM Network, vol. 12, no. 10, pp. 54–57, 1998.
[29]
J. Matsuura, Security, Rights, and Liabilities in E-Commerce, Artech House, Norwood, Mass, USA, 2002.
[30]
W3C, “Semantic annotations for WSDL and XML Schema,” 2007, http://www.w3.org/TR/sawsdl.
