- Research Group
- Advanced Web Applications as the Teaching and Research Field
- SmartCampus as an Example for an Advanced Web Application
- Service-oriented Architecture and Quality Assessment
- Identity and Access Management
Figure 1: Web Applications and Service-oriented Architectures
Figure 2: SmartCampus Application
The reservation of workspaces is one example of the services which support studying and collaboration on campus and was developed in the course of an international research project. In joint with the cooperation partner Fraunhofer Institute of Optronics, System Technologies and Image Exploitation (IOSB) concepts for the Internet of Things were analyzed and technically implemented in SmartCampus [IOSB-OpenIoT]. In cooperation with the study center for visually impaired (SZS) a SmartCampus service will be developed which provides relevant information about the access to buildings and lecture halls on campus especially for students with disabilities. In particular questions regarding accessible web are discussed in this project. [ISO-SQuRE] such as reliability, efficiency and usability. The question how to determine the quality of web applications by means of metrics and how to approach a quality, which meets its requirements, at its development stages is the main focus of the work at C&M.
In the course of software development a draft is created, which is supposed to meet certain, structural quality characteristics such as loose coupling or autonomy. A systematical procedure describing a quality-oriented draft of services was developed by the research group during a scientific work. An essential contribution of this work is the statement of metrics whereby relevant quality characteristics of drafts can be quantified. The scientific work describing the quality assessment of service-oriented architectures [Ge13] was carried on in the course of a project supported by the "EXIST-program". Thanks to this project the analyzing tool "QA82 Analyzer" was developed. By the use of this tool the quality analyzing metrics can be applied to specific, service-oriented software systems such as SmartCampus. For this purpose the tool supports the concept of the hybrid quality assessment in which automated, ascertainable knowledge is linked with manual knowledge. By carrying on the QA82 Analyzer as an Open-Source project it can be used in for research and teaching nowadays. In this context those concepts are transferred to the RESTful web services.
Software quality plays a pivotal role at the development of modern software systems, because it can have a significant impact on the future sustainability of a system. Especially the maintainability with regard to changing general conditions is an important characteristic of a software system. For this purpose, research activities are carried out to figure out how software systems can be analyzed with regard to maintainability and how analysis can be integrated to a development process. Therefore, existing tools for the quality analysis will be checked and expanded (if necessary) so that a profound evaluation of the system can be performed and immediate action can be initiated. In former activities a checklist for the quality analysis was developed (using the example of REST). With its help the web interface can be reviewed in terms of different quality characteristics [GG+15].
At the design stage architectural patterns can be used to expand the application and service design on the aspects of Identity and Access Management [DS+12]. A precise analysis is conducted to figure out how the application of security patterns can be supported during the drafting process of the architecture. In doing so two aspects will be considered primarily. Firstly, the relationship between security patterns for the IAM of web applications among each other and an appropriate representation of these relationships. Secondly, relevant influences of security patterns on quality characteristics of the draft supporting the selection process for similar security-patterns. A specific characteristic is the surface of REST-based web applications [SS+14].
The IAM plays a central role at providing end customer portals where companies increasingly offer their services and products. In this field of customer-oriented IAM (Consumer IAM) user-friendliness is the most important, which is why the "classic" IAM-solutions (Enterprise IAM) are not applicable. In an extensive survey more than 100 end customer portals of different sectors were evaluated systematically [WW+15]. The work goal was to create a framework that supports the development of solutions of Consumer IAM. The work issuing Identity and Access Management performed by the research group is closely linked to an IT-security laboratory [AR+12], which is operated by C&M in cooperation with an industrial partner. The IT security laboratory is a key component of the teaching-research cycle established by C&M and enables a practice-oriented education for the students.
|[CM-WASA]||Cooperation & Management: Web-Anwendungen und Serviceorientierte Architekturen (WASA), Vorlesungs-Kurseinheiten, Karlsruher Institut für Technologie (KIT), 2014. http://cm.tm.kit.edu/download/1-1.einfuehrung_wasa.pdf|
|[IOSB-OpenIoT]||Fraunhofer Institut für Optronik, Systemtechnik und Bildauswertung (IOSB): OpenIoT Project Consortium: KIT Campus Guide, YouTube Video, 2013. https://www.youtube.com/watch?v=VGHVwyadstQ|
|[ISO-SQuRE]||International Standards Organization: Systems and software Quality Requirements and Evaluation (SQuRE), ISO/IEC 25010:2011(en), April 2014. https://www.iso.org/obp/ui/#iso:std:iso-iec:25010:ed-1:v1:en|
|[Ge13]||Michael Gebhart: Measuring Design Quality of Service-Oriented Architectures Based on Web Services, Proceedings of the Eighth International Conference on Software Engineering Advances (ICSEA) 2013.|
|[GG+14]||Michael Gebhart, Pascal Giessler, Pascal Burkhardt, Sebastian Abeck: Requirements Engineering for Agile Development of RESTful Participation Service, International Conference on Software Engineering Advances (ICSEA), 2014.|
|[GG+15]||Michael Gebhart, Pascal Giessler, Sebastian Abeck: RESTful Webservices mit Qualität - T Teil 1: Mit Best Practices zu einem qualitätsorientierten Entwurf und Teil 2: Priorisierung von Best Practices mittels Qualitätsmerkmale, Objektspektrum, 2014, 2015.|
|[DS+12]||Aleksander Dikanski, Roland Steinegger, Sebastian Abeck: Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework, The Sixth International Conference on Emerging Security Information, Systems and Technologies, Rom, August 2012.|
|[SS+14]||Roland Steinegger, Johannes Schäfer, Max Vogler, Sebastian Abeck: Attack Surface Reduction for Web Services based on Authorization Patterns, The Eighth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2014), 2014.|
|[WW+15]||Peter Weierich, David Weich, Sebastian Abeck: Identitäts- und Zugangsmanagement für Kundenportale – Eine Bestandsaufnahme, Digital Enterprise Computing, 2015.|
|[AR+12]||Sebastian Abeck, Robert Reutter, Aleksander Dikanski, Philipp Schleier, Jürgen Biermann, Ingo Pansa: IT-Sicherheitslabor – Ein praxisorientierter Ansatz zur Zusammenarbeit von Hochschule und Industrie in der Lehre, Konferenz "Grundfragen Multimedialen Lehrens und Lernens" (GML2), Berlin, März 2012.|