Information Technology Reference
In-Depth Information
operation applied to basic data types. Such advice only need to be applied to
the primitive data types to be employed by the proposed framework.
5.3 Use Case 3: Data Encryption
Secure messaging is another crosscutting concern that can also be handled by re-
quest/response aspects. The secure messaging problem is illustrated by a work-
flow that we have developed during a cooperation with medical researchers.
When performing patient studies, it is important that personal data of patients
is kept private by either making it anonymous or by encrypting it. For this rea-
son, we have developed an advice that performs an encryption at the data source,
such that all subsequent services are not able to read sensitive data. Eventually,
the decryption aspect is located at the service that merges the results into a
patient's record. By using such an aspect, services can be encrypted without
changing the service implementation or configuring the middleware.
The workflow that motivates this use case originates from the area of sleep
research and basically performs an ECG (electrocardiogram) analysis and, based
on the obtained results, conducts apnoea detection. The implementation uses
the Physio Toolkit [17], a common set of open source tools in the biomedical
sciences. Since the data format of the recorded vital signs is different from the
format required by the Physio Toolkit, a data conversion is needed. Afterwards,
the ECG records are processed to detect medically relevant peaks in the signal.
The results are passed to an annotation reader service that in turn decodes the
input and passes the results to a beat detection service that detects particular
waves within the signal. In parallel, the output is passed to the apnoea detection
service that analyzes the signal and detects respiration dropouts to diagnose the
sleep apnoea syndrome.
The data exchanged by the services contain the actual ECG measurements
and also some identification attributes. To prevent the misuse of these attributes,
we have developed a privacy advice that uses public key cryptography. The sup-
port of the wildcard operator allows us to encrypt (and decrypt) all of the patient
related data. These data are encrypted when they are initially retrieved from a
database. During the processing by the mentioned services, the personal infor-
mation is encrypted (while the ECG data remain unencrypted). Finally, when
the analysis is finished and the result is stored in the database, the corresponding
advice decrypts the personal data.
6 Conclusions
In this paper, we have proposed request/response aspects for web services that al-
low developers of service-oriented applications to easily enrich web services with
additional non-functional requirements, such as ecient data transmission, data
compression, or other crosscutting concerns. They can be woven dynamically
into remote web services without changing their implementations or their inter-
faces. The presented framework supporting request/response aspects includes a
pointcut description for SOAP-based web service environments.
