Showing papers in "Ibm Systems Journal in 1998"

A security architecture for the Internet protocol

Abstract: In this paper we present the design, rationale, and implementation of a security architecture for protecting the secrecy and integrity of Internet traffic at the Internet Protocol (IP) layer. The design includes three components: (1) a security policy for determining when, where, and how security measures are to be applied; (2) a modular key management protocol, called MKMP, for establishing shared secrets between communicating parties and meta-information prescribed by the security policy; and (3) the IP Security Protocol, as it is being standardized by the Internet Engineering Task Force, for applying security measures using information provided through the key management protocol. Effectively, these three components together allow for the establishment of a secure channel between any two communicating systems over the Internet. This technology is a component of IBM's firewall product and is now being ported to other IBM computer platforms.

Coordination and collective mind in software requirements development

Abstract: The purpose of this study was to understand how the group processes of teams of software requirements analysts led to problems and to suggest possible solutions. Requirements definition is important to establish the framework for a development project. Researchers have proposed numerous requirements development techniques, but less has been done on managing teams of requirements analysts. To learn more about group processes within such teams, we studied two teams of analysts developing requirements for large, complex real-time systems. These teams had problems ensuring that requirements documents were complete, consistent, and correct; fixing those problems required additional time and effort. To identify sources of problems, we applied two theories of collective action, coordination theory and collective mind theory. Coordination theory suggests that a key problem in requirement analysis is identifying and managing dependencies between requirements and among tasks. Most requirements methods and tools reflect this perspective, focusing on better representation and communication of requirements. The collective mind perspective complements these suggestions by explaining how individuals come to understand how their work contributes to the work of the group. This perspective suggests that deficiencies in actors' representations of the process and subordination to collective goals limit the value of their contributions.

SpeedTracer: a Web usage mining and analysis tool

Abstract: SpeedTracer, a World Wide Web usage mining and analysis tool, was developed to understand user surfing behavior by exploring the Web server log files with data mining techniques. As the popularity of the Web has exploded, there is a strong desire to understand user surfing behavior. However, it is difficult to perform user-oriented data mining and analysis directly on the server log files because they tend to be ambiguous and incomplete. With innovative algorithms, SpeedTracer first identifies user sessions by reconstructing user traversal paths. It does not require “cookies” or user registration for session identification. User privacy is protected. Once user sessions are identified, data mining algorithms are then applied to discover the most common traversal paths and groups of pages frequently visited together. Important user browsing patterns are manifested through the frequent traversal paths and page groups, helping the understanding of user surfing behavior. Three types of reports are prepared: user-based reports, path-based reports and group-based reports. In this paper, we describe the design of SpeedTracer and demonstrate some of its features with a few sample reports.

Software development: processes and performance

Abstract: This paper presents data that describe the effects on software development performance due to both the production methods of software development and the social processes of how software developers work together. Data from 40 software development teams at one site that produces commercial software are used to assess the effects of production methods and social processes on both software product quality and team performance. Findings indicate that production methods, such as the use of software methodologies and automated development tools, provide no explanation for the variance in either software product quality or team performance. Social processes, such as the level of informal coordination and communication, the ability to resolve intragroup conflicts, and the degree of supportiveness among the team members, can account for 25 percent of the variations in software product quality. These findings suggest two paradoxes for practice: (1) that teams of software developers are brought together to create variability and production methods are used to reduce variability, and (2) that team-level social processes may be a better predictor of software development team performance than are production methods. These findings also suggest that factors such as other social actions or individual-level differences must account for the large and unexplained variations in team performance.

Designing a generic payment service

Abstract: The growing importance of electronic commerce has resulted in the introduction of a variety of different and incompatible payment systems. For business application developers, this variety implies the need to understand the details of different systems, to adapt the code as soon as new payment systems are introduced, and also to provide a way of picking a suitable payment instrument for every transaction. In our work, we unify the different mechanisms in a common framework with application programming interfaces. Our framework provides services for transparent negotiation and selection of payment instruments as well. This allows applications to be developed independent of specific payment systems with the additional benefit of providing a central point of control for payment information and policies.

Profile-directed restructuring of operating system code

Abstract: In this paper we describe how a profiling system can be successfully used to restructure the components of an operating system for improved overall performance. We discuss our choice of a profiling system and how it was applied to the AS/400® (Application System/400®) operating system for the purpose of reordering code. Previous work in the industry has been mainly useful only for application programs. Our work demonstrates how such techniques can be applied to operating system code, while preserving maintainability of the operating system in the customer's environment.

Capitalizing on intellectual assets

Abstract: Knowledge is power--the power that has become the driving force in our economy. Knowledge powers our customers' ability to adapt and innovate. It powers our ability to deliver value to clients. It powers the ability of our professionals to be their best. When knowledge is shared, its power grows exponentially. This essay discusses IBM's utilization of knowledge through the Intellectual Capital Management program.

Optimizing array reference checking in Java programs

Abstract: The JavaTM language specification requires that all array references be checked for validity. If a reference is invalid, an exception must be thrown. Furthermore, the environment at the time of the exception must be preserved and made available to whatever code handles the exception. Performing the checks at run time incurs a large penalty in execution time. In this paper we describe a collection of transformations that can dramatically reduce this overhead in the common case (when the access is valid) while preserving the program state at the time of an exception. The transformations allow trade-offs to be made in the efficiency and size of the resulting code, and are fully compliant with the Java language semantics. Preliminary evaluation of the effectiveness of these transformations shows that performance improvements of 10 times and more can be achieved for array-intensive Java programs.

IBM visualage for Java

Abstract: This paper introduces the IBM VisualAge® for JavaTM product, a robust, visual suite of tools designed for rapid prototyping and enterprise application development. The paper outlines the development-time benefits of using VisualAge for Java.

An approach to improving existing measurement frameworks

Abstract: Software organizations are in need of methods for understanding, structuring, and improving the data they are collecting. This paper discusses an approach for use when a large number of diverse metrics are already being collected by a software organization. The approach combines two methods. One looks at an organization's measurement framework in a top-down fashion and the other looks at it in a bottom-up fashion. The top-down method, based on the goal-question-metric (GQM) paradigm, is used to identify the measurement goals of data users. These goals are then mapped to the metrics being used by the organization, allowing us to: (1) identify which metrics are and are not useful to the organization, and (2) determine whether the goals of data user groups can be satisfied by the data that are being collected by the organization. The bottom-up method is based on a data mining technique called attribute focusing (AF). Our method uses this technique to identify useful information in the data that the data users were not aware of. We describe our experience in analyzing data from a software customer satisfaction survey at IBM to illustrate how the AF technique can be combined with the GQM paradigm to improve measurement and data use inside software organizations.

Technical note: WebEntree: A Web service aggregator

Abstract: This technical note introduces IBM's WebEntree, a single-log-in Web service aggregator. WebEntree provides an aggregated Web service on top of distributed Web service systems (as components) with a centralized access control and content customization facility. Each service system can have its own access control facility and provide its own independent service. WebEntree implements a flexible and dynamic component-bundling mechanism, and can provide personalized service with user-selected component sets. WebEntree offers a convenient way for new components to be "plugged in" and "played." The owner of the aggregated Web service can keep each component's original branding, add more information, filter out certain content, or customize the presentations. WebEntree also provides a single user registration and authentication interface for all of its user-selectable service components. WebEntree currently accommodates Web service components invoked via HyperText Transfer Protocol (HTTP, i.e., under a Web server) and service components invoked directly from local or remote application programming interfaces. Other component interfaces are planned.

Architecture of the San Francisco frameworks

Abstract: The San FranciscoTM project is an IBM initiative, with over 130 independent software vendors, to provide business process components that can form the basis of rapidly developed distributed solutions for mission-critical business applications. This paper describes the original objectives of the San Francisco project and discusses the methodology, skills, and architecture that were used to achieve those objectives. The paper includes discussion of the importance of design patterns, extension points, and a well-defined programming model used in the San Francisco components. Most topics are touched on briefly to give an overview; some knowledge of object-oriented development techniques is assumed.

Reverse engineering of data

Abstract: Data reverse engineering (DRE) is a relatively new approach used to address a general category of data disintegration problems. DRE combines structured data analysis techniques with rigorous data management practices. The approach is growing in popularity as an integrative systems re-engineering method because of its ability to address multiple problem types concurrently. This paper describes a general DRE template both as an activity model and as a data model to be populated with reverse engineered data. Scenarios show how DRE has been used to (1) harness data assets to address organizational data integration problems, (2) develop organizational data migration strategies, (3) specify distributed systems architectures, and (4) implement and propagate organizational CASE-tool usage to address system maintenance problems. Selectively applied DRE can be an important first step toward eventual organization-wide data integration.

Catapults and grappling hooks: the tools and techniques of information warfare

Abstract: For years, “hackers” have broken into computer systems, and now an entire industry is dedicated to computer network security. Both hackers and computer security professionals have developed software tools for either breaking into systems or identifying potential security problems within computer networks. This software can be found on compromised systems as well as within the toolkits of legitimate “tiger” teams that operate with the consent of the network owners. This paper describes some of the current techniques and tools employed by the hacker underground in breaching the security of networked computers, focusing primarily on UNIX®-based hosts connected to TCP/IP networks.

Surf'N'Sign: client signatures on Web documents

Abstract: The emergence of World Wide Web-based systems and Web transactions has led to the need to find a mechanism that provides electronic signature capabilities as a replacement for written signatures. Such a mechanism should guarantee authentication and nonrepudiation. Many Web applications could benefit greatly from such a mechanism, e.g., banking systems, tax filing, reservation systems, and corporate procedures. This paper discusses the various approaches that could be taken to provide such a mechanism and suggests a solution that provides client commitment on Web documents by means of digital signatures. The architecture and implementation of the solution, called Surf'N'Sign, is outlined in detail. Our design of the solution gives special consideration to the semantics of such a signature and to its proper and secure use on the Web. Its prototype was implemented at the IBM Haifa Research Laboratory as a plug-in to the Netscape Navigator browser and is integrated naturally into the browsing process. It provides a signing mechanism at the client, as well as the capability to archive and preview the signed documents. Surf'N'sign lends itself to easy integration with existing applications on the Web.

The evolution of Java security

Abstract: This paper provides a high-level overview of the development and evolution of JavaTM security. Java is a maturing technology that has evolved from its commercial origins as a browser-based scripting tool. We review the various deployment environments in which Java is being targeted, some of its run-time characteristics, the security features in the current releases of the base technology, the new Java Development Kit (JDKTM) 1.2 policy-based security model, limitations of stack-based authorization security models, general security requirements, and future directions that Java security might take. IBM initiatives in Java security take into account our customers' desire to deploy Java-based enterprise solutions. Since JDK 1.2 was entering beta test at the time this paper was written, some operational changes and enhancements may result from industry feedback by the time JDK 1.2 becomes generally available.

Technical note: IMS celebrates thirty years as an IBM product

Abstract: This technical note recognizes the thirtieth anniversary of the IBM Information Management System (IMSTM) and describes the initial requirements that led to the development of IMS. It also describes how IMS has evolved over the past thirty years to implement new technology while preserving customers' application programming investments.

The WebSphere application architecture and programming model

Abstract: This paper discusses the infrastructure that IBM is providing to support the World Wide Web and to facilitate Web applications and commerce. This effort started as an architecture called the Network Computing Framework (NCF), and is now the foundation of the IBM WebSphere Application ServerTM. The WebSphere Application Server is a product IBM first delivered in June 1998. In this paper we discuss this architecture and programming model We start with a brief introduction and history of the NCF, then examine the architecture of the WebSphere Application Server. We take a close look at the core run time of the WebSphere Application Server, then delve into the JavaTM programming model that supports this architecture. We also present the reasons why Java is a prominent part of this architecture, and see what relevant technologies Java provides for this run time.

Assessing existing business data from the World Wide Web

Abstract: The World Wide Web has experienced phenomenal growth over the last few years. Although, at ifs inception, Web technology was primarily used to retrieve information stored in static documents, important current uses of the Web include retrieval of dynamically changing information and the conducting of business transactions. Such uses of the Web result in access to dynamically changing data on or through Web servers, usually stored in a database. Huge volumes of business data exist on mainframes and other mature platforms that cannot be moved to client/server or workstation-based platforms, due to cost or performance issues. Providing Web access to these legacy data, therefore, is of great commercial interest to businesses. In this paper, we survey several solutions that have been developed to access existing business data through the Web. We discuss the details of two solutions developed at IBM: DB2(R) (DATABASE 2(TM)) World Wide Web Connection and Net.Data(TM). Each of these is a pure middleware approach as opposed to approaches that are integrated with either the Web server or the database management system, which accounts for their flexibility and power.

Support for enterprise JavaBeans in component broker

Abstract: Objects were introduced as programming constructs that encapsulate data and methods. The goal was to foster software reuse and simplify the developer's concept of how a task was implemented. The developer need only know the interfaces to an object to use its functionality. Distributed objects simplified conceptualization further by removing the need to know the locality of an object. Clients invoked methods on distributed objects as if the objects existed in the client's process. Beyond this location transparency, the need arose for distributed objects to survive beyond the life of one client, to be able to support thousands or millions of clients, and to participate in transactions. To support scalability, persistence, and transactional semantics with no dependencies on platform or data store, "component models" were developed. In this paper we look at various component models, focusing on two: IBM's Component Broker and Sun's Enterprise JavaBeansTM. We show that they augment each other and propose how Enterprise JavaBeans can use the additional functions of Component Broker to provide a scalable, transactional, and persistent environment to clients of both worlds.

Java and the IBM San Francisco project

Abstract: The San FranciscoTM project establishes a new paradigm for building business applications. The product, targeted for independent software vendors (ISVs), provides a distributed object infrastructure (foundation), common business objects (CBOs), and business process components (BPCs). Together, they provide a platform-independent business application foundation, ready for extension by ISVs to produce end-customer, business-critical applications. The San Francisco project is written almost entirely in JavaTM and to our knowledge is currently the largest Java development effort in the world. This paper provides an overview of the San Francisco project, with emphasis on the Java considerations of the product's development, the lessons learned, and our recommendations for future Java language maturity.

IBM's enterprise server of Java

Abstract: IBM is exploiting Enterprise JavaBeansTM in a family of compatible JavaTM application servers conforming to IBM's Enterprise Server for Java (ESJ) specification. The ESJ provides a common set of dynamic, adaptive system services to meet today's (and tomorrow's) middleware requirements. ESJ will provide a standard programming model and set of services across major server platforms so that implementations of ESJ are differentiated not by function but by quality of service. Finally, ESJ increases productivity by enabling programmers to focus on business logic rather than on infrastructure details. This paper introduces the design of ESJ, including the attributes of the common execution environment, its interaction with other middleware, and its client/server capabilities. It provides an appreciation of the value of ESJ to application developers as a means of achieving cross-platform consistency, lower costs, and faster time to market. It also outlines the features that make ESJ the server technology base for wide-scale reuse through the "write once, run anywhere" promise of Java.

Internet messaging frameworks

Abstract: Electronic mail (e-mail) has become an important tool for companies to use to conduct their businesses. With the introduction of the World Wide Web, awareness of the existence of the Internet has exponentially increased over the last two years, and people are starting to realize that there is more to the Internet than just the Web. Companies are expanding their use of e-mail from internal to external. But the large set of proprietary, noninteroperable e-mail systems make this more of a trip through a jungle than a drive along the information highway. Most approaches to overcome the connectivity problems use gateways to convert between the proprietary format and the Internet standards. These conversions are lossy at best; hence, most proprietary system vendors are revamping their systems to base them on Internet standards. This paper summarizes the current state of the most important Internet standards related to e-mail and the general state of proprietary e-mail systems. It then introduces a set of technologies we developed to solve the complex problem of evolving from proprietary to Internet-standards-based e-mail systems. We have structured these technologies into Internet Messaging Frameworks.

An evolutionary approach to application development with object technology

Abstract: Although object-oriented programming (OOP) is not new, it has only recently begun to gain acceptance among independent software vendors. Reasons for this acceptance vary, from a need for basic data encapsulation, to the promise of code reuse, through problem abstraction as a way of dealing with complexity. Despite the advantages inherent in OOP, obstacles to integration with or replacement of existing systems are significant. This is especially true for Application System/400TM (AS/400TM) application vendors, because of a tradition begun with the System/38TM of customers demanding source code. Each independent software vendor (ISV) must determine how to make the transition from procedural to OOP languages in a cost-effective way. This must be done for both ISVs and customers, who have often invested heavily in enhancing and modifying source code to meet their business needs. Acacia Technologies has studied the problem and has adopted a strategy aimed at easing the transition by using a phased approach, starting with encapsulation of AS/400 RPG/400TM functions, continued through relocation of modules where appropriate into a multitiered client/server architecture, with a final target of object-oriented modules communicating in a networked environment. This paper will discuss our approach and the part the San FranciscoTM project is expected to play in its implementation.

IBM eNetwork host on-demand: the beginning of a new era for accessing host information in a Web environment

Abstract: This paper describes software technology that makes it possible to run host applications seamlessly in a World Wide Web environment. Web technology has opened up the potential for unprecedented access of data and applications by all types of users. Yet, the incompatibility between host technology (e.g., 3270) and Web technology (e.g., HTTP) has prevented Web users from directly accessing hundreds of thousands of host applications. The cost for re-implementing these applications would be enormous, and the effect to ongoing business would be disruptive. Host On-Demand extends Web access to reach existing host applications directly by using Java™ technology and provides a number of powerful features including: emulation functions on demand, persistent connections, customized session windows, multiple sessions, platform flexibility, and host security. This paper summarizes these features, describes Java implementation techniques, and outlines the need for some new network computing services.

Technical note: using the San Francisco frameworks with visualage for Java

Abstract: This technical note describes the advantages of using the VisualAgeTM for JavaTM (VAJ) integrated development environment when working with the IBM San FranciscoTM frameworks. It also discusses minimum system requirements, how to get started, and tips for using VAJ to exploit the frameworks. To fully utilize the material, the reader should be familiar with Java programming and with the basic concepts of integrated development environments.

Enterprise modeling advantages of San Francisco for general ledger systems

Abstract: With the advent of San FranciscoTM, object technology can seriously be considered for commercial enterprise applications. Much more work needs to be done in explaining why object technology will be important to business users. In accounting, for example, objects--and San Francisco frameworks in particular--provide elegant solutions to some of the problems encountered in conventional accounting information systems, particularly in the general ledger area. They also support an approach for generalizing accounting systems, allowing them to become models of the business enterprise rather than merely systems of accounts, ledgers, and journals. Such systems will support a much wider spectrum of management and analysis needs than conventional systems.

Enterprise knowledge sharing, activity management, and a fabric for commitment

Abstract: Line-of-business applications and contact and activity management applications have developed independently of each other. To integrate the two aspects of business communications, we need certain information structures with specific behavior that can be used by developers building either kind of application. The San Francisco frameworks provide us with the opportunities to develop these common business frameworks and make them available to other application developers. A set of object classes is described that provide a base for knowledge applications for use with San Francisco.

NetVista: growing an Internet solution for schools

Abstract: NetVista is an integrated suite of clients and servers supporting Internet access for students and teachers in kindergarten through 12th-grade schools Developed by a small team of IBM researchers, Net Vista is a prime example of using an object-oriented framework to support user-centered design and to accommodate Internet-paced changes in network infrastructure, functionality, and user expectations In this paper, we describe salient aspects of NetVista's design and development and its evolution from research project to product In particular, we discuss the factors supporting a sustained focus on end users over the life of the project, the object-oriented framework underlying Netvista, and the role of this framework in accommodating both evolutionary and radical changes to the design of the user interface and the underlying technical infrastructure

Technical overview of IBM's Java initiatives

Abstract: This paper gives an overview of some of IBM's major JavaTM efforts and sets forth a structure that relates the individual Java efforts to one another. The paper describes IBM's overall approach toward Java and describes how IBM is exploiting Java to answer customer requirements in such areas as server platforms, reusable components, and tools. This paper will serve as an introduction to some of the other papers that are included in this issue of the IBM Systems Journal and that detail individual areas of IBM's focus on Java.