A Directory Enabled Middleware Framework for Distributed Systems Jehan Wickramasuriya , Qi Han & Nalini Venkatasubramanian Dept. of Information & Computer Science University of California, Irvine, CA 92697-3425, USA {jwickram,qhan,nalini}@ics.uci.edu Abstract In order to achieve the goals of a next generation service- based Internet, we need to provide high performance, high capacity, secure and reliable services that can be rapidly scaled and managed. The ability to manage and share information on large-scale network resources with a growing number of users in a secure and efficient manner is desirable. Distributed systems allow services, endsystems and protocols to dynamically attach to and detach from the distributed environment. In turn it is desirable that these services are able to operate in a safe, concurrent manner while possibly sharing common resources; that is to say they are composable. The devel- opment of flexible, scalable and customizable directory services can be used as an enabling technology for the development of next generation composable middleware frameworks. In this paper we use an object-based access control framework as an example of a directory-enabled middleware architecture and discuss some of the trade- offs involved in obtaining consistent information from the directory in an efficient manner. We also discuss im- plementation and performance issues pertaining to the directory service, in the context of a composable, mid- dleware framework (CompOSE|Q) being developed at the University of California, Irvine. 1 Introduction In the future, large scale ubiquitous computing environ- ments will consist of diverse applications executing on heterogeneous devices, systems and networks. Manag- ing the evolution of such large scale systems requires efficient repositories of system and application level in- formation that can be used to allocate resources and ef- fectively and provide application requirements such as reliability, security and QoS. Such information reposi- tories, also termed directory services, will form the crux of effective middleware for dynamic distributed events. Directory services provide the advantage of managing resources and decreasing administrative costs by cen- tralizing the control and management of service delivery (though the content itself may be distributed). Direc- tory services hold system, user and object level infor- mation that can be used by various services such as resource-provisioning, information collection, security, and location management. Directory services provide seamless access of this information to both system com- ponents and end-users and go far beyond what are com- monly known as ’name servers’. In this paper we present a directory-enabled approach to designing distributed systems middleware. We illus- trate several examples of how DSs can be used to man- age distributed systems and networks. A key challenge of middleware for ubiquitous computing environments lies in the need to add, remove or re-locate various sys- tem components/services without interfering with on- going services and applications. Directory services play a vital role in composing the various ”ilities” (reliabil- ity, security, mobility, quality-of-service) - i.e allowing simultaneous execution of multiple protocols and ser- vices in a safe and non-interfering manner. The DS can be considered a ”core” service that provides a single point of management in accessing a possibly distributed range of content. For example, directory services can be used to provide transparent access to mobile resources regardless of where they are located. In order to pro- vide secure and efficient access to distributed resources, the DS can help track and manage user access patterns and changing security levels. This allows us to manage trust assumptions between varying security domains, fil- ter and approximate data for information collection for adequate QoS and further optimize performance. As a specific case study of how to manage several ”il- ities” using directory services, we present an adaptive security service for a mobile object environment. The directory service is a vital part of such an architecture since it becomes the repository for access control infor- mation in the system, and the timely and consistent retrieval of this information is an essential part of cor- rect execution. As such, there are tradeoffs that must be made between accuracy of directory information and update overhead costs that must be considered in engi- neering directory management protocols. For example,