Paper6

Paper Title:

Three Critical Questions

Group 1:

Member Name: Bokka Satya Saradhi

1) Any Services of an Enterprise or any commercial Company will be represented by using Internet Service only so that entire world will know it .But what does the author really mean by saying " Boundaries between enterprise services and Internet Services are vanishing" ?

2) Author says that " With web services , private business processes can be exposed to partners through public composite web application ".The main concentration should be on how it can be exposed to the people , because it can be informed to the partner in many ways and any how they will know it. But why do he much concentrates on exposing business applications to the partners ? .

3)How can service providers choose between asynchronous interaction and asynchronous interaction of services? How does QOS metrics can change based on the Web Service Agreement Specification?

Group 2:

Member Name: Reena

1. "Then, data are protected while being transferred over the Internet by a secured tunnel (HTTPS) …… Although this protocol isn't unbreakable, it should be difficult for a third party to read or modify the exchanged data." Does this mean that the author wants us to use this protocol even though we know that there are security issues?
2. "Maintaining a DMZ…… Some companies delegate the administration of this zone to a third party." Is it not more secure if the company can maintain its own DMZ?
3. "Even though it seems straightforward from a technical perspective, security issues make this work complex. Therefore, involved actors should always be aware of all incurred threats: from denial of service to data manipulation by third parties." Is the companies willing try this knowing the risks involved with it?

Member Name: Chiranjeevi Ashok Puvvula

1. Figure 1(a) which specifies the “web services methodology” does have some security concerns like at each level of the methodology. How can these security concerns be addressed? At each level there is a scope for the data to be transparent which intern will be a potential source for hacking. Even though data is encrypted during the transfer. Are these mechanisms that are used for the encryption really worth full in dealing with the security concerns?

2. Some browsers which the end user uses might not be able to support the “REST” and other technologies. How can these kinds of problems be solved? Will there be any intermediate technology that does allow the browser and REST work together?

3. Why can the LDAP Server be directly connected to the Middleware application which decreases the response time for a desired request? We can see that the web request travels twice between the “LDAP server” and “reverse proxy”; this does increase the request processing time. Is this acceptable?

Group 3:

Member Name: Sharat Chandra Dammadapu

1. Many Applications might support the network protocols and standards required for executing Web services. If in case any error occurs while sending a request to the server. How can the network and protocols error are solved by a developer.
2. The author explains that the web services can be reused. As there are lots of new technologies emerging in the software field.How can the web services would be more supportive to new technologies.
3. The author explains that the DMZ is provided only to the reverse proxy. As DMZ is a third party security system and it’s a difficult task in holding that system. How far our information system is secured?

Group 4:

Member Name:B.K Prashant Pelluri

It is said that, we must consider each new entry point from the outside as a potential security hole, then how can a genuine http request can be identified?
It was said that the results are notified asynchronously by web interface. Consider a situation where a web service takes long time to reply than the time usually it takes. In this situation if user does the transaction again (as he don't know the result of previous transaction), is there any methodology followed to detect duplicate transactions.
Is it not necessary to maintain security at message level rather than having just a secured tunnel (HTTPs) while using web services(as web services mainly depends on message passing)?

++++srujan kumar swarna

1. Exposing our work globally, for this we have to maintain one extra team for security reasons. When we are facing some security problems is it necessary?

2. In asynchronous consumption we will follow two models. In first model there is no persistence layer between server and browser. In second model it is mainly based on persistency. If we got problems with that phase how will customer notified about his request?

3. If the customer is not that much efficient with new technologies that are used by service provider. How service provider will solve end user problem?

++++Member Name: Srikanth Voruganti
Critical Questions:
1) A separate DMZ management system is employed for larger companies. And evenly
a separate web interface for negotiations. Here we are employing different people for
different services. Does this mean we are already employing service oriented
architecture before we build it?
2) In consumption of web services, how are the input requests that are coming in processed? Generally in the older systems the requests are
prioritized. Will the same methodology be followed over here too?
3) What will give the optimum performance of the architecture? - The persistent technology, the AJAX
technology or the COMET technology? How well these performances increase when
combined with the JSON?

Group 5:

Member Name: Sunil Kakaraparthi

1. As some web services don’t send any response, this architecture needs to deploy new web technologies. Does deploying new web technologies will support all the web services and increase the cost?
2. Companies delegate the administration of DMZ zone to a third party. As this zone is forwarded to a third party, Does this process is secure?
3. For executing the web services the applications should support the network protocols and standards. But how can the new technologies used stand up for all the web services?

Group 6:

Member Name: Debargh Acharya

1) To safeguard the information system from various common threats a system known as DMZ has been proposed. But the consequences of setting up a DMZ haven't been discussed as hosting such a system might be a difficult task.

2) There are certain pitfall or drawbacks in SOC such as service matching and selection, dependency consistency problem and negotiation between services are some the common problems which haven't been discussed. The paper doesn't explain anything regarding them.

3) Although the author discussed many security techniques involved when requests are made but the security haven't been discussed when a third party gets involved during designing of interfaces.

++++
1)Even though several security concerns are taken for transaction of requests,when a third party is invovled in the designing of interface,how the security is addressed ?
2)The author talks about use of third party for writing access links in the middleware.But how a third party who has no knowledge can address the requests provided by our business clients?
3)What happens if the service provided by the provider has errors and user directly wanted to interact more with the service provider to address the errors.SOC does not deal with direct interaction.Then how the problem is addressed?

Group 7:

Member Name: Rajanikanth Beesabathini

Critical questions:

1. Security is the major issue while dealing with online transactions and transmissions. There are many types of analysts like active hackers, passive hackers, intruders etc. Does transferring data through HTTPS provides security against all of the analysts?

2. For validating the requests, SOA uses the X.509 certificates, which supports a single encryption algorithm at a time and some algorithms can work only in some environments. But in SOA, it needs to combine different environments and need to respond for multiple requests simultaneously. In such situations why still it is using X.509 certificates?

3. The light reference architecture that the paper is discussing is awesome. But the extension of that architecture puts more concentration on composition of web applications, and DMZ management. Still what about the scalability of the architecture, If we extend the architecture?

Member Name: Shailaja Veeramchaneni

1. How can both the policy server and LDAP server work together in order to validate the incoming request?

2. How feasible are the consumption models that are described in the paper?

3. Are the SOAP and REST specifications sufficient to ensure security over HTTP?

Member Name: Rameshwaram Karunapriya

Critical Questions:
1. As mentioned in the paper about exposing the business process to web does this provide complete security to the data (project idea) other business people can copy the project idea and implement it in their companies?

2. The paper enlightens that most of the technical burden is handled by the SOA middleware with the integration of information systems. In the worst situation like, if the middleware crashes due to the technical burden, to what extent it has the impact on the whole process?

3. As service oriented architectures are being used by the IT performers in amending the information systems of many companies, modernizing the web as a programming platform. To how far extents are the precincts between internet service and enterprise service are being evaporated.

Group 8:

Member Name:Ramya Devabhakthuni

1. The author stated that the reverse proxy is used to safeguard the private network. What happens when this reverse proxy is damaged during a service?
2. The paper stated that a third party can be used in place of a demilitarized zone. But it has not mentioned about the functionalities and the approach that the third party can use in order to protect the sensitive data.
3. In interactive web applications, the author has discussed about the drawbacks of AJAX and Comet and then proposed Java Script Object Notation which saves bandwidth and time. How can this be suited for all the networks?

Group 9:

Member Name: SRI HARSHA JASTI

1. The desing of software architecture is mentioned using a three tier architecture.We know that 3-tier architecture is more advantageous than a 2-tier architecture.But cant we implement the design with 2- tier architecture?If implemented what are the pitfalls or advantages ?

2. It is mentioned that model view controller(MVC) simplifies service consumption. What is MVC?How does it provide simplified service consumption?

3. Three asynchronous models were designed using AJAX,persistency and Comet. Which among the three is more advantageous and why?

Group 10:

Member Name:Manasa Chennamaneni

1. Even though we can break the HTTP protocol and see the message why the Architecture relies on HTTP for communicating?
2. Some Web services not even respond for the users request then how the Web Services are becoming more programmable and why we are connecting the information system online?
3. Security is most important factor in every information system. As given the security in normal web application is same in that of web application which don’t use Web services then why we are implementing the Web services in business?

Member Name:Gayathri Devi Bojja
1. What is the backup solution if the communication fails among the various administrators?
2. The maintenance of the DMZ is a difficult task and it is handed to a third party to maintain which in turn will have access to the reverse proxy. What are the security measures to be taken in order to implement this?
3. Is there any other strong mechanism of authentication which makes it more secure to transmit the data and the requests among the business systems?

Zheng Jia

1. How to add the HTTPS authentication to the existing web servers like Apache? What are the certificate grant agencies who can give free certificate?

2. The paper proposes SOAP or REST over HTTPS in the commutation from DMZ to back-end system. Is it the same as the regular SOAP and REST over HTTP? At this point, another question is how SOAP message is digested with the encrypted content? How to decrypt the message?

3. What is XML encryption? What is Security Assertion Markup Language (SAML)? What are the differences between XML Encryption, SAML and HTTPS?

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License