ABSTRACT
Web services are believed to be the future of distributed applications
since they access a little resource from the host machine to operate. Though
many developers have bought into this idea, the development of web services
still needs a wide implementation and deployment (Du , 2004). Organizations are
still nding it di cult to grasp its make up and deployment. Many organizations,
still depend on partners infrastructure for data processing and its transfer.
For example with respect to our case study (Kumasi Polytechnic), school fees
data of students takes a long time before the institution acknowledges receipt.
This is due to the fact that the banking institution involved has to do some
internal reconciliations. In actuality this reconciliations do not bene t the
institution but they bare its consequence in the area of student registrations.
In transferring or sending real time data, web service developers claim
web services are the smartest way (Du , 2004), but customers would want to know
whether it is really what it is meant to be. Its performance coupled with high
security is very key to the customers who would want to implement such
services. In this case web service providers need a well tested framework
before the actual commercialization of the web services. For the past years,
the Kumasi Polytechnic Institute had had many challenges with the the real time
access to school fees data for other process. Transactions sent over raw the
hyper text transfer protocol(http) are susceptible to common attacks such as
the man-in-the-middle attack. When this attack occurs, the attacker will be
able to retrieve important messages from the http request and later use it
against the real person the message was meant for. This is a main problem of
raw http.
In this thesis, we showcase a secured way of transferring highly
sensitive data through Hyper Text Transfer Protocol (HTTP) by implementing two
kinds of security levels i.e. the Secure Socket Layer and the a single key data
encryption algorithm. The results proved that encrypting data over the internet
and also encrypting the transfer protocol has no signi cant e ect of the data
that is
transfered.
CHAPTER 1
Introduction
1.1 Background of
Study
The bond between the Internet and the users have become great
over the years since web pages have gone through a lot of changes from a time
where the Internet mostly provided static pages to now where the internet is
full of dynamic pages. The high increase of Internet users to day has compelled
a lot of companies,businesses and organizations to move their services or
products online. In serving users well and also winning users loyalty on the
Internet, Companies like Internet Service Providers (ISPs) have created portals
to integrate and classify their information services (Felipe , 2010) like news
so that users could get access to any news around the world at a single place
just to facilitate information retrieval. In the late 90s, saw the introduction
of search engines that allows users to search for services and content from a
variety of service providers that addressed their needs, thus reducing the in
uence and patronage of the portals. The internet has since received a
tremendous growth in terms of technology and standards. These standards and
technologies like XML,AJAX, web services have enabled companies to develop a
wide range of media based or social components (e.g.: Facebook, YouTube, delicious.com
etc). The way users and companies also interact with the Internet has changed
over time because now even non-technical people can create content and share information among
themselves and because of this, the Internet has become a space where new
services and content are continuously growing at a faster pace. Integrated
services has also become common in the web community since several businesses
and Government organizations have embraced the act of developing web services
which are some times in the form of applications created on the y out of
programs and data that live on the Internet.
Since Internet came to existence, web-applications have
played a pivotal role in the development of businesses and organizations by way
of moving them from the traditional brick and mortar infrastructures to online
infrastructure which are situated in di erent locations (Ramesh et al , 2003).
At the moment, software applications are previewed to content
or data over the World Wide Web regardless of the programming languages they
are written in. The Web Service technology insures a paradigm where two or
several heterogeneous software applications share data among themselves. The
data or information sharing is typically delivered through the Internet over
the Hyper Text Transport Protocol (HTTP). By this the applications are sort of
webi ed in order for the transfer to take place. Incorporating a web service
into any software application enables the application to expose specific functionalities
that are consumed by other software. Every web service that one develops must
be reliable and its performance should be tried and tested to build the con
dence of organizations and companies, that web services are reliable and that
they can always rely on any published service that addresses their need rather
than building a new system which will save them time and money.
Kumasi Polytechnic Institute has had many challenges with the
sale of admission forms and sub-sequently resolving the payment of students
tuition fees. Kumasi Polytechnic has several vendors that assist the
institution in the sale of admission forms all over the country. These include
nan-cial institutions and non- nancial institutions like the post o ce and
other governmental agencies. This possess some sort of threat to Kumasi
Polytechnic especially since the non monetary institutions sometimes fail to render proper
accounts on the sale of admission forms. In addition to this students are made
to queue every academic year for tuition fees receipt veri cation and
clearance. The cashiers at the polytechnic go through this process in order to
make sure that students pay their tuition fees before they are
"cleared" to register. This has been a menace to the entire student
populace and the institution. The idea of web services could be channeled in a
uni ed manner in building an integrated system that could facilitate the easy
ow of some activities in the school.
1.1.1 Extensible
Markup Language (XML)
This is a stractured language that describes a set of
regulations for presenting documents in a format that is readable to the user
and the computer. Web service is the latex technology in distributed computing,
based on XML standards and Internet protocols and also a powerful tool that
facilitates communication and collaboration between business applications which
were devel-oped on di erent platforms and are also running on di erent
resources to work as one. Extensible Markup Language, XML have been neglected
by many developers in terms of its strength and capabilities. It is powerful
tool such that its capabilities stem from documentations, development of
databases, a medium of data or information exchange between heterogeneous
systems etc.
1.1.2 Web Service De
nition
This is a tool or technology that is used for data
communication between applications through the use of Extensible Markup
Language (XML) tags, JavaScript Object Notation (json) and network protocols
like HTTP. These technologies come together to o er services in a more natural
way where by there is a request of service and an o ering of that service if
that service is available. In actual sense web service(s) is/are method(s) or
function(s) that is/are described by a WSDL and are made available or published
via UDDI. Web services can be seen as the bench mark or the standard for integrating
applications in order for them to communicate very easily based on its XML
component. Web services unlike web pages do not have GUI connecting the sever
and the client. They rather share the application logic, processes and data
through the Internet or a network interface (Chandrasekar, 2003).
It is distributed system of loosely coupled applications
whose backbone is the service oriented architecture (SOA) deployed over the
HTTP. A typical example is Amazons Web Services (AWS). This infrastructural
setup provides online services for other websites or client-side applications.
The world wide web consortium (W3C) de nes a web service as
"a software system designed to support interoperable
software-to-software interaction over the Internet. It has an interface
described in a machine-processable format (speci cally Web Service Description
Language (WSDL))",(Brown et al, 2004). This shows that once a web service
is up and running, any other system or application can request for the services
given the right access.
1.1.3 Service
Oriented Architecture (SOA)
Web services operates on the Service-oriented Architectures
(SOA) (Jones, 2205) which uses inter-operability as its communication protocol
and a broker-request architectures to facilitate exchanges of service. The
Organization for the Advancement of Structured Information Standards (OASIS)
(Leitner, 2007) (OASIS, 2006) de nes SOA as paradigm for organizing and
utilizing distributed capabilities that may be under the control of di erent
ownership domains.
SOA can also be de ned as a form of technology architecture
that adheres to the principles of service-orientation. Looking into Web service
technology platform, SOA depicts the power to support and promote these
principles of the entire business process and automation of an enterprise
(Leitner, 2007). SOA in detail has speci c features which are listed below:
loosely coupled - services are
self-contained and self-managing. The
number of necessary connections to systems outside of the service are minimal.
Services have low representational,
identity and communication protocol coupling (Papazoglou et
al, 2006).
de ned by a service contract - services adhere to a
communications and interface de nition or to a service description,
autonomous - services have the absolute control over the
function that they realize,
abstract - services hide all implementation details from the
rest of the world,revealing only the service contract,
reusable - services are intended for and promote reuse,
simple services can be assembled and coordinated to build
composite services (service com-position) (Curbera et al,2003)(Michael et al ,
2005)
stateless - services do not have a state, and
discoverable - services can be found and evaluated via
external discovery or registry mecha-nisms.
A typical SOA architecture consist of three main actors. The
Provider,the Broker and the Re-quester. In this scenario a service provider
creates the services which is then made available to the service requester
through the service broker(Simmonds , 2011). The service requester accesses the
components of the service through the Universal Description, Discovery and
Integration, UDDI which has all the information that the requetser needs.
This contains all the needed information, parameter, and
function about a published webservice to enable client invocation It enables
service providers to showcase all their services in other for service
requesters to nd and consume those services. The UDDI has two main parts or
attributes. Firstly, it has a registry of all the web service’s meta data and
secondly a set of Web S Description and the port type de nitions for searching
that registry (The Tutorials Point , 2014).
1.1.5 Web Service
Description Language (WSDL)
This is the main language that the UDDI uses in its
operations. It is commonly used in conjunction with XML data schema to serve a
web service on the Internet. A service requester searching for a service to
consume looks for the UDDI from the WSDL le for all the method that the service
provider has served. The requester then uses a SOAP to connect to the speci c
function which it needs(?).
1.1.6 Simple Object
Access Protocol (SOAP)
This is a protocol for exchanging messages written in XML.
Its way of transferring data on a network is achieved in conjunction with the
Hyper Text Transfer Protocol, HTTP(S). A extensive view on SOAP,UDDI,WSDL and
SOA will be carried out in detail later in the next chapter.
1.2 Problem
Statement
Web services are believed to be the future of web
applications since they access a little resource from the host machine to
operate. Though many developers have bought into this idea, the development of
web services still needs a wide implementation and deployment (Du , 2004).
Organizations are a still nding it di cult to grasp its make up and deployment.
Many organizations, like the one cited in this thesis still depend on
partners infrastructure for data processing. For example data on school fees
delays a day or two before the nance o ce of the institution gets access to it.
This is because their banking institution has to do some reconciliations which
do not bene t the institution when it comes to student registration. This goes
a long way to a ect student registrations and some other pertinent activities
in the school. In transferring or sending real time data, web service
developers claim web services are the smartest way, but the requesters would
want to know whether it is really what it is meant to be. Its performance is
very key to the development of their businesses. In such a situation service
providers need an above experimental proceedings before the actual
commercialization is deployed. For the past years, the Kumasi Polytechnic
Institute had had many challenges with the the real time access to school fees
data for other process. If even they had one, their main concern is the level
of security the system would be endowed with. Due to this, students are made to
queue every academic year for receipt veri cation. In other to solve some of
this problems and unleash the capabilities and advantages of web services, this
thesis was proposed.
1.3 Motivation
More than two decades ago saw the advent of Extensible Markup
Language by a group of developers in association with the W3C (?). Since then
few technologies have captured its capabilities for deploying systems that can
be used in industries. More recently, many developers are beginning to unleash
the potentials and power of the XML language in developing web service driven
applications that could seamlessly connect with any other application (Singh, ,
2004). Web services can be used to leverage di erent applications between the same
or di erent companies instead of rebuilding them. This is able to remove all
forms of platform or hardware issues since web services are platform
independent. Web service is less expensive to implement since it takes less
time to develop and also improving some of the service
components which helps in saving time in terms of service adaption. The
learning curve for developers can also be reduced as well when considering that
it is not necessary to learn speci c details behind the services. The risk
involved in web services is mitigated since there are already tried and tested
services available that can be reused. This reduce failures when developing new
services. There is also easy adaptability since the con gurations about
integrated services can be changed easily. This allows easy and quick
deployments.
1.4 Objective
This thesis addresses the following objectives:
To use web service as a tool to send data between two
heterogeneous applications To secure pertinent data (fees) before being
transacted
To measure the performance of the developed web services.
This research is geared towards the development and
deployment of a service which will seamlessly integrate the systems of Kumasi Polytechnic
and its agents.
1.5 Research
Questions
How can the transportation medium of data be encrypted before
sending data through it? How can fees data be secured before being sent over
the internet?
Would the performance and security of the new web services
hinder the existing system?
This work addresses the performance issues associated with
web services that organizations, com-panies and individuals are not aware of. The
study has also proven that web services are very reliable, e cient and secured
platform for two or more applications to communicate without any regards to the
hardware or platform on which each was developed.
1.7 Methodology
The main web service developed in this thesis is Java based.
In every system, performance measure-ment is very keen to ensure optimum usage
of the system. In other to determine the performance of the web service
created, this study took upon itself to measure some key properties of the
de-veloped service. This was done to ensure the e ciency of the service. We
demonstrated a simple web service with two clients notably Java and PHP clients
as a test case before the main web service for sending school fees data was
developed and deployed. Secured Socket Layer (SSL) was implemented to secure
the web service. The tools and technologies used for this work are eclipse
Integrated Development Environment,PostgreSql, Ubuntu 12.04 LTS. We proposed an
experiment for testing the service functionally and non functionally with a
simulator known as soapUI.. The service performance and its security was also
tested.
1.8 Scope
This thesis is focused on web services and its
implementation. The technology used is the Service Oriented Architecture (SOA).
A SOAP based web service is developed for both the client and the server. In
this thesis the RESTful architecture which is another SOA technology and
similar to SOAP was not used for the service development but it was reviewed in
the literature. Added to the above the thesis dwells the
development of a secured communication system between Kumasi Polytechnic and
all its nancial agents.
1.9 Organization
of Thesis
Chapter one in this thesis talks about the introduction and
background of the study.Chapter two is the literature review. Literature in the
area of this study are reviewed and summarized.The methodology employed in this
study is presented in chapter three.The analysis and simulation re-sults are
presented in chapter four. Chapter ve encompasses the conclusion and
recommendations for further research.
For more Computer Science Projects Click here
===================================================================Item Type: Ghanaian Topic | Size: 96 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
===================================================================
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.