Model Checking Expressive Web Service Descriptions
ABSTRACT In order to find suitable web services in a large market of web services, automatic support is needed to filter out web services semantically. Existing matchmaking approaches mainly consider only the types of the input and output parameters, which is not sufficient in practical scenarios. In this paper, we present formalisms for modeling functional and non-functional properties of web services and for specifying user goals. We show how expressive web service descriptions can be checked for satisfiability of the user goal.
[show abstract] [hide abstract]
ABSTRACT: The ever increasing need for outsourcing and automated ex-ecution of parts of business processes will lead to a large number of Web services. The resulting large market of Web services demands for automatic methods for finding, composing and selecting Web services according to some criteria specified by the user. In real business sce-narios, the user's criteria are richer than just the correctness of input and output types. In order to develop and deploy algorithms that deal with those richer user criteria, functional and non-functional properties of Web services must be described formally. In this paper, we present a novel combination of the polyadic π-calculus and the description logic SHOIN (D) for describing functional proper-ties of Web services. Furthermore, we present semantic-SPKI/SDSI cer-tificates for describing non-functional properties of Web services in an interoperable and provable way while allowing users to define and reason about their trust in them. We present a prototype for semi-automatic extraction and management of Web service descriptions specified in the presented formalism.
Model Checking Expressive Web Service Descriptions
Institute of Applied Informatics and Formal Description Methods (AIFB),
University of Karlsruhe (TH), Germany.
In order to find suitable web services in a large mar-
ket of web services, automatic support is needed to fil-
ter out web services semantically. Existing matchmaking
approaches mainly consider only the types of the input
and output parameters, which is not sufficient in prac-
tical scenarios. In this paper, we present formalisms for
services and for specifying user goals. We show how ex-
pressive web service descriptions can be checked for sat-
isfiability of the user goal.
1. Formal Descriptions of Web Services
In order to meet richer matchmaking requirements,
the web services must be described expressively. We dif-
ferentiate between functional and non-functional prop-
erties of web services. Functional properties describe
resources and behaviour whereas non-functional prop-
erties describe quality of service attributes.
1.1. Modeling Functional Properties
We use the description logic SHOIN(D) for mod-
eling resources and resource schemas in an interopera-
ble and maschine reasonable way . We specify con-
crete resources as description logic individuals. The re-
sources can be further classified into sets that can be
hierarchically ordered according to the subset relation-
We use π-calculus for modeling the dynamic behav-
ior so we first introduce it briefly and refer to [2, 3]
for details. π-calculus is a formalism for modeling la-
beled transition systems. The syntax of an agent can
be summarized as follows:
::=0 | yx.P | y(x).P | τ.P | P1? P2| P1+ P2|
ω?P:Q | (new x)P | A(y1,...,yn)
Output: c?x1,.. .,xn?.P
T = p1:T1,...,pn:Tn
add R(x1, xn)
Local Operation Type
ω(x,y) ← α(x,a),
Figure 1. Semantic Description of an Agent
π-calculus is a powerful tool for describing the dy-
namics of communicating mobile processes. However,
π-calculus names, i.e. the objects that are communi-
cated among agent, do not have any structure and any
semantics. Figure 1 illustrates our basic idea of resolv-
ing this problem by viewing pi-calculus names as de-
scription logic individuals.
Definition 1 (Communication Channel) A com-
munication channel c is a tuple (p,a,t), where p is
the protocol, a the address and t the type of mes-
sage that can be transmitted via the channel. A protocol
can be something like “http”, “phone”, “fax”, “sur-
face mail” etc.
Definition 2 (Message Type) A message type T =
p1:T1...,pn:Tnis a set of message parts p1,...,pn of
types T1...,Tn, which are concepts of a description logic
A local operation is a decidable procedure that can
add new DL axioms in the knowledge base or remove
existing DL axioms from the knowledge base of the
agent that executes the local operation. So, we model
a local operation as L(x1,...,xn) and its effects as a
list of changes C, where each element c ∈ C a param-
eterized DL A-Box axiom.
Finally, the condition ω in ω?Q:R is a description
logic predicate that may be a built-in function or the
head of a rule.
1.2. Modeling Non-Functional Properties
The main challenges while describing non-functional
properties is their interoperability and their trust-
worthiness. We use SPKI certificates to model non-
Definition 3 (SPKI Certificate) An SPKI certifi-
cate is a tuple (i,r,p) digitally signed by i, where i is the
issuing agent, r the recipient and p is a property. Intu-
itively, an SPKI certificate (i,r,p) means that the agent
i certifies the agent r the property p ∈ P.
The basic idea to model properties of actors in an in-
teroperable way is to specify the properties that are
certified to agents as description logic concepts and to
use certificates for issuing properties. Doing this, it be-
comes possible to use concept subsumption to specify
the mapping between different properties. Further, it
is possible to certify complex properties with an SPKI
certificate while still allowing reasoning over the prop-
2. Model Checking Web Service De-
Now, we present a formalism to specify constraints
on web services. We use the temporal logic µ-calculus
to build our constraint specfication formalism.
Let V ar be an (infinite) set of variables names,
typically indicated by X,Y,Z ...; let Prop be a
set of atomic propositions, typically indicated by
P,Q,...; and let A be a set of action typically indi-
cated by a,b,.... The set of formulae (with respect to
(V ar,Prop,A) is defined as follows:
true | false | P | Z | φ1∧ φ2| ¬φ | [a]φ | µZ.φ
In our goal specification language, the set of proposi-
tions of an agent correspond to the facts in the knowl-
edge base of the agent. The facts and derived facts
in the knowledge base of an agent at some point of
time represent the set of propositions that are true at
that point of time. We specify propositions of the form
QF@QA. The proposition QF@QA is true if the an-
swer of the query QFperformed by the agent described
by QA on his local knowledge base is not empty. For
Figure 2. Giving Structureto µ-calculus atoms
input and output actions, we make similar structural
extension. We use +(P)(A)(v1:T1,...,vm:Tm)@QAfor
input actions, which means an an agent satisfying
the non-functional properties described in the query
QA performs an input action that can receive m val-
ues of types T1,...,Tm respectively over a channel
of protocoal P at the address A. Similarly, we use
−(P)(A)(q1,...,qm)@QAfor an output action, which
means an agent satisfying the non-functional proper-
ties described in the query QA performs an output
action that sends m values which are answers of the
queries q1...,qmrespectively over a channel with pro-
tocol P and address A.
In this paper, we presented a technique to describe
web services semantically by describing involved re-
sources, credentials of participating actors and behav-
ior of the web service including access control policies
in a formal and interoperable and unified way. Further-
more, we have presented how expressive user goals can
be specified and presented a matchmaking approach
based on a decidable, sound and complete model check-
ing algorithm. Furthermore, there exists a prototypical
implementation12of formalisms and algorithms.
Acknowledgements This work was funded by the
BMBF project Internetoekonomie and the EU projects
NeOn and Xmedia.
 F. Baader, D. Calvanese, D. McGuinness, D. Nardi,
and P. F. Patel-Schneider, editors.
Logic Handbook: Theory Implemenation and Applica-
tions. Cambridge University Press, 2003.
 R. Milner, J. Parrow, and D. Walker. A Calculus of Mo-
bile Processes, Part I+II. Journal of Information and
Computation, pages 1–87, September 1992.
 D. Sangiorgi and D. Walker.
of Mobile Processes. Cambridge University Press, New
York, NY, USA,2001.
PI-Calculus: A Theory