��

ITEA Full Project Proposal

PEPiTA

Platform for Enhanced Provisioning of Terminal-independent Applications

Version April 4^th, 2000

ITEA COMPETENCES: Complex Systems Engineering, Communications, and Distributed Information & Services

1. Elaborated Project Description.

General goals.

More and more companies - in the telecom sector, as well as in other sectors - are starting to conduct part of their business over the Internet. The challenge is to allow efficient system and application engineering for the development of Internet application.

The complexity of application development and deployment has risen as fast as the technologies are appearing, if not faster. Therefore, there is a need to facilitate the task of application developers by the provisioning of high-level APIs that hide the underlying complexity of common tasks such as transaction, security, and network resources and management.

Java development has been repeatedly reported to significantly shorten software development time. However, Java�s benefits extend beyond improved programming efficiencies: Java�s cross platform solution allows developers to write their software for just one platform, and still run the application on all major operating systems. In addition, applications can be downloaded from server to client on demand, lowering the cost of application delivery, and ultimately also of the services that are built with those applications. The addition of a Java component model (Enterprise Java Beans) significantly lowers the application development and software management complexity and cost.

Based on the Enterprise JavaBeans specification, the PEPiTA project will offer to the application developer an attractive library set for middleware functions as well as access to services independently of the terminals (i.e. PC, PDA, STB, GSM) and access networks used (i.e. LAN, mobile, fixed, home network, satellite networks). The service components offered aim at supporting services such as electronic commerce, information retrieval and exchange, security and service remote management, etc.

Service personalisation, including security, user profiling, and directory intelligence are key cornerstones of this project. Smart card technologies will be used to provide security services, and to store personal and secret information.

For example, an end-user would be able to select a set of stocks he's� interested in from his desktop PC. While travelling, he would check this portfolio from his GSM, and notice that one asset has reached an interesting price. Using other software components, he would be able to request his bank to sell or buy the asset, with the appropriate authentication taking place seamlessly.

Besides raising productivity levels and shortening time-to-market, PEPiTA will also provide migration paths from existing products and systems towards new and future ones.

The main goals of this project are:

� To define a common architecture and APIs (Application Programming Interfaces) for a terminal independent service platform supporting advanced telecom and secure internet value-added services;

� To develop common middleware services based on state-of-the-art software technologies and common software components supporting the requirements of the telecom and Internet value-added services (security, transaction, log, etc.);

� To develop a software platform supporting specific requirements for the deployment of telecom and Internet value-added services (user profile management, middleware for electronic commerce, etc.).

� To develop software components enabling remote network access to services;

� To develop a set of validation prototypes demonstrating access from Java-enabled terminals through IP-based networks.

The corresponding PEPiTA platform will include the following main elements:

� Virtual services APIs enabling access to low level services independently of the underlying middleware technologies, terminals and access networks.

� Common middleware services providing implementations for low level virtual services supporting the requirements of the telecom and Internet value-added services (security, transaction, log, user profile management, etc.).

� EJB Platform hiding low level services to the application programmer and facilitating the automatic generation of code for the deployment of component-based services (persistence, transaction, security management, etc.).

� Universal access to services providing the required adaptations in order to enable terminal independent remote access.

� Smart Card Services providing support for running secure applications.

� Application services and integration prototypes providing high level services and validating the benefits of the PEPiTA platform.

The PEPiTA platform and corresponding tasks are illustrated by the following figure:

Tasks.�

The work breakdown structure is the following:

Work package 0: Project Management and dissemination

This work package will be in charge of the overall management of the project, including the reporting activities towards the ITEA office and the national bodies, as well as the dissemination of results, including publications and liaison activities.

Work package 1: Common architecture and virtual services APIs

This work package will collect and specify the external requirements for supporting terminal independent access to advanced telecom and Internet value-added services, define a common architecture for PEPiTA platform supporting advanced telecom and Internet value-added services, specify a set of virtual services Application Programmer Interface for enabling separation between service provisioning and network access.

Work package 2: Common middleware services

This work package identify and specify relevant state-of-the-art software technologies and list of common services (such as security, transaction, log, user profile management, etc.) for supporting the generic requirements of the telecom and Internet value-added services, develop a common middleware based on state-of-the-art software technologies and a set of common software components supporting the generic requirements of the telecom and Internet value-added services.

Work package 3: Enterprise Java Beans platform

This work package will specify and implement extensions to the open source BullSoft EJB platform in order to support specific requirements for the deployment of telecom and Internet value-added services (user profile management, middleware for electronic commerce, etc.). This platform will provide automatic code generation for applications and management services.

Work package 4: Universal access to services

This work package will specify components for the independent access to network and adaptation to various access technologies (such as PSTN, WAP, GPRS, RF systems, SkyBridge, ScreenPhone, etc.), develop software components and when relevant integrate state-of-the-art products for the independent access to network and adaptation to various access technologies and terminal capabilities. It contributes to the integration of the software network adapters application services and integration prototypes.

Work package 5: Smart Card services

This work package will develop new services on Java cards such as cryptography, security services, user profile management, etc. It will provide adapted smart card readers that integrate with the chosen end-user terminals, and will contribute to the integration of the smart cards and readers with application services and integration prototypes.

Work package 6: Application services and validation prototypes

This work package will develop a set of higher level services (as digital signature infrastructure, global resource management, security management) and integration prototypes providing telecom and value-added services to users and demonstrating the benefits of the PEPiTA platform.

Technical and strategic relevance for European software technology

The PEPiTA project fits under three ITEA competences:

� Complex Systems Engineering

The delivery of advanced services that combine state-of-the-art Internet and telecom services is require interaction between a whole set of technologies, such as smart cards, several kinds of Java Virtual Machines, web technologies, user profiles, security and network capabilities.

� Communications

The different elements described in the above global architecture are all interconnected through various telecommunication means, covering access networks, TCP/IP and Java capabilities (HTTP, LDAP, JNDI, RMI, etc)

� Distributed Information & Services

In the PEPiTA project, distribution and mobility are two key aspects of the information and service delivery chain: by using his personal smart card, the user will be capable of accessing the services he is subscribed to in the same way, independently of the terminal and local disparities.

For the realisation of these challenges at least the following underlying technologies will be needed:

� Java-enabled platforms (standard Virtual machines and corresponding development environments will be used)

� Open Java middleware (the BullSoft open-source Enterprise Java Bean platform will be contributed to the project)

� Directory and Security services (including PKI)

� Access network and TCP/IP protocols

� XML information description languages

� Smart Card technologies (the BullCP8 Java Card technology will be used within the project)��

��

The main following platform and technologies are aimed at as output:

� A set of APIs providing generic access to low level middleware services;

� A set of implementations for these common middleware services (including security services);

� �Major contributions to the BullSoft open source Enterprise Java Bean platform and associated tools for the development and deployment of component-based application;

� Technologies for universal access to services;

� A set of high level components and integration prototypes as a digital based signature infrastructure, a security manager, a global resource manager, an auction service, etc.

Market relevance and timing

Due to the changing market environment and increased competition, telecom operators are looking for new ways to offer added value to their customers. It is expected that in the near future, revenues in the telecommunications business will come mostly from services, not from transparent bit transport. Therefore, access network providers want to extend their core business and competence, access networks and protocols, towards service provisioning. In addition, their position in the network makes them the most natural choice of a single point of contact for services towards end-users. Building on this relationship with the end-users, these service providers in the edge of the network can choose from a range of strategies for service offering, whereby some services will be offered by the operator himself, while for other services, the service access platform will guide the user to third party providers.

These trends put new requirements on systems on the edge of the network. Whereas access systems in the past dealt primarily with the seamless integration of different types of access and core network technologies, they will from now on also have to provide extensive service level functionality. In other words, they will have to evolve from Network Access Servers (NAS) to Service Access Platforms (SAP). The word �platform� stresses the importance of flexibility: SAPs should offer a set of basic features, which can be easily customised and extended by access providers to meet their particular business strategy. They should also allow for rapid deployment of new services, and offer well-defined, preferably standardised, interfaces towards third party service providers.

The development of Service Access Platforms requires a thorough understanding of the network and service environment in which they will be deployed. In the domain of network protocols new requirements on quality of service, accounting and security result in new architectures, access scenarios, and protocols. In the service domain, the emerging of Internet-based voice and multimedia services is one of the key drivers towards new service architectures, and towards further integration of traditional telecommunication networks with the Internet.

The PEPiTA platform intends to secure the competitive power of the European telecom industry in the following areas:

� Increased independence of the US economy for value-added services based on telecom and Internet standards.

� Definition of open APIs that support the specific requirements of the European markets for information and communication services

� Provision of an attractive platform based on standard practices for uniform service deployments.

The knowledge and skills contributed by the partners are absolutely complementary and cannot be found within one European nation. Thereby Trans-European co-operation is a prerequisite for the successful completion of this project. The PEPiTA project is an opportunity to reinforce the European presence in the telecom industry, as well as to promote competitive European solutions in the worldwide market.

More information on the unique skills of the partners can be found in appendix A.

Competitive approaches include Microsoft's MTS/COM+ and AT&T's GeoPlex (see appendix B)

Exploitation and Dissemination of Results

The main expected exploitation of results by PEPiTA partners is the following:

Alcatel:

The service platform software will be integrated in the future generations of the Alcatel Service Management Center for Internet access. Alcatel will also adapt the Network Access components for integration into the various kinds of access networks, including the future SkyBridge satellite network.

Bantry Technologies:

The PEPiTA project allows Bantry Technologies to create a set of advanced components for future GSM and WAP products in collaboration with major European partners. The smart card services and payment platform specified by Bantry Technologies will consist in a base for products including:

Mobile services providing access to remote services from mobile phones,
Payment platform for e-commence and m-commerce,
Security-based services for mobile phone user (authentication and confidentiality).

Bull:

The BullSoft security server is planned to use EJB technology. It will provide a comprehensive set of services for applications developers. The results of PEPiTA will be used as input for the development of this product, which will offer a common security and management platform for Internet and enterprise applications. This security server will be derived from the PEPiTA experience. It will provide for customers and ISVs an integrated solution for security and security management with the following security capabilities:

� Terminal independent single sign-on capabilities and solutions answering end users requirements (secures and centrally manages user access);

� Multi-method authentication services including smart-card and public key authentication's to be integrated in new Internet based applications;

� Audit and alarm management functions;

� Security policy which helps organisations to deploy and manage an integrated, enterprise-wide security policy that reduces security risks;

� Application access control using standard PKI facility and including full certificate management capability;

� Enterprise users management functions.

The PEPiTA project will also provide major contributions to the open source BullSoft EJB platform, which will be used by Bull system integration services to answer mission critical applications requirements.

France Telecom R&D :

France Telecom R&D is investigating open component-based middleware platforms for implementing and deploying new telecommunication services. The PEPiTA platform will be used as a reference platform to fulfil three main objectives:

� It will allow conducting some benchmarking actions with respect to other existing industrial solutions.

� It should be a complete platform in order to rapidly prototype new services.

� As an open platform, it will be an ideal test-bed environment for prototyping new middleware mechanisms integrated within that platform, this approach requiring the access to the platform internals.

France Telecom R&D has launched a middleware open source initiative, in co-operation with public laboratories and universities. Indeed, it has been considered that this kind of software will be commodity software in a near future and that an open source community is a way to provide the needed synergy to build a complete middleware platform as it has occurred with Linux. The PEPiTA EJB platform will be a major contribution to this initiative.

Dissemination of results

Inside PEPiTA, the Work package 0 is explicitly charged of the co-ordination of how the results of this project will be disseminated. In particular, the dissemination activities will include:

� The dissemination within the open source community of the PEPITA EJB platform, which will be a major component of the open source middleware initiative launched by France Telecom R&D;

� The creation of a PEPiTA web server providing all the public information on the project, publication of results and participation to conferences and workshops.

PEPiTA partners will also contribute the result of the project to European and international standard organisations as ETSI (Alcatel), OMG (Alcatel, BullSoft, France Telecom) and Java standardisation groups (Alcatel, BullSoft, France Telecom).

The project results will also be disseminated by Charles, Grenoble and Valenciennes Univerties, through the publication of research papers and through applying the results in the courses taught in their corresponding departments.

Influence on employment

At this moment, the Internet and middleware arenas are almost fully under control of the United States of America, with a handful of companies like Microsoft, Netscape or Sun that are strong enough to set the rules. However, several stories have shown that innovative companies including SMEs can grow and develop by occupying niches and distributing their products through the global market that has been created by the Internet. The availability of an open source EJB platform can also be a strong leverage for SMEs (integrators, solution providers, etc.).

The PEPiTA project will contribute to the development of a European Internet service industry, by providing a terminal-independent infrastructure and platform for services. This development will influence positively the employment in the following ways:

� The participating companies will derive new competences and products from the developments they have done within the scope of the project, and will thus be able to increase their market share and staffing;

� The participation of universities and post graduate students to innovative technologies answering real market needs will be the basis for the emergence of innovative start-up companies;

The PEPiTA project provides coherent infrastructure services, which will enable companies to hire directly or indirectly staff that can construct, deploy, and advance complex telematic solutions that bring sound business returns, not only in the short term, but also continually in response to changing business conditions.

��

Complementarity to other programs

ACTS

The SCARAB project focuses on the possible roles of smart card usage in mobile environments (GSM), and investigates the security issues that this deployment raises. Results from this project will be taken into account while setting the external requirements for Internet and telecom added-value services

IWT

The NMS project that ended in May 1998 delivered a first generation Service Gateway prototype, and evaluated several attractive technologies for the realisation of a second generation Service Gateway, including an embryonic prototype based on agent technologies, and a Java interface for the System 12 telephone system. These results have not only proven the relevance of these technologies, but also indicated the most favorable directions to follow for the next efforts, including the PEPiTA project.

The coming ITA-2 project focuses on advanced methodologies for software deployment in telecom infrastructures, including advanced OO techniques such as UML and JavaBeans.

RNRT

The CORSICA project aims to provide support for intranet and Internet services to telecommunication operators. The main objective is to provide strong coupling between operator's information systems and the operational network. This project is based on Enterprise Java Beans (for the information systems) and CORBA technologies (for the operational network). The PEPiTA project will use the results of the CORSICA project, but will go further within the use Java and component technologies. It will also provided full support for security services and related management functionality.

The PAROL project has been submitted recently to the RNRT has a framework to initialise a open source community concerning CORBA/Java middleware technologies. The PEPiTA project will complement this initiative by providing an open source EJB application server platform to that community.

ITEA

The PEPiTA project is complementary to several ITEA projects as VHE-middleware, TASSC and ATHOS. The VHE-middleware will develop the middleware for virtual home environment, thus providing potential home access to services developed using the PEPiTA platform. The Java card technology developed within the TASSC project will be the basis for PEPiTA, with extensions to fulfil specific security requirements as cryptography. The ATHOS project will develop complementary technologies as Voice over IP, mobile agent technology. It is focusing on management and management services while PEPiTA is focusing on security services and management. It is expected to establish strong relationships between these projects by means of common workshops and information exchange.

2. Consortium overview

In this project a competent consortium works together consisting of the following "large companies":

� Alcatel: Alcatel Bell (Antwerp Belgium) and Alcatel CIT (Marcoussis France)

� Bull: BullSoft and BullCP8 (France)

� France Telecom R&D: Direction of Software Technologies (France)

The consortium also includes one SME:

� Bantry Technologies (Ireland)

The consortium will also benefit from the know-how of the following Universities:

� Charles University (Czech Republic)

� Katholieke Universiteit Leuven ( Belgium)

� University of Grenoble (France)

� University of Valenciennes (France)

For a detailed description of the PEPiTA consortium please refer to the appendix A.

3 Full description of work to be performed by partners

Work package 0: Project Management and dissemination

This Work package will be dedicated to management, dissemination and liaison activities:

� Management activities include adoption of a Consortium Agreement, the co-ordination between work-packages, provision of all required management reports on projects activities, relationships with ITEA office, and dissemination of project results. Reporting and progress report will be made on a quarterly basis. A plenary meeting, including a management session will be organised every three months.

� Dissemination activities include the management of a web site and contributions to standard organisations (see above the exploitation and dissemination of results section) and contributions the open source BullSoft EJB platform.

� Liaison activities include information exchange (for example by means of common workshops) with ITEA related projects, as the VHE-middleware project (individual home environments) and the ATHOS project (support for the creation, management and execution of advanced communication services) in order to ensure global coherence between these projects. Relationships will also be established with IST projects in order to promote the development of real applications on top of the PEPiTA platform.

Responsibilities will be assigned as follows:

� BullSoft: Work-package leadership, co-ordination of management activities

� All partners: Contributions to management and dissemination activities

WP0 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell	3	6	3	12
Alcatel CIT	2	6	4	12
Bantry Technologies	0	3	3	6
Bull CP8	2	6	4	12
Bull Soft	4	12	8	24
Charles University	0	1	1	2
France Telecom R&D	1	2	1	4
KUL	0,5	2	0,5	3
UoG	1	2	1	4
UoV	1	3	3	7
totals man months	14,5	43	28,5	86

Work package 1: Common architecture and Virtual services APIs

This work package will be dedicated to the following objectives:

� To collect and specify external requirements for supporting terminal independent access to advanced telecom and Internet value-added services

� To define a common architecture for a terminal independent service supporting advanced telecom and Internet value-added services

� To define a set of mandatory functionality regrouped by services and their unified and simplified high-level and low-level Application Programming Interfaces.

The virtual services hide the real implementation of services. The real services will be offer by the EJB platform or specific server. The main idea is the independence between the virtual class and the effective implementation of this service. Therefore, a developer can change a service manufacturer without modifying his own application. To achieve this functionality, the virtual services define low level interfaces for each service. The "real" services will be plugged in this low interface.

As this work package is crucial for the coherence of the project, all partners will contribute to it.

Responsibilities will be assigned as follows:

� Alcatel CIT will assume the WP1 work package leadership.

� Virtual Notification service, Virtual Logging service, Virtual Subscription service, Virtual User Profile Management service, Alcatel CIT

� Virtual Security service, BullSoft, Alcatel CIT

� Virtual Terminal service, Virtual Communication service, Alcatel Bell, K.U. Leuven

� Virtual persistence and transaction services, University of Grenoble and France Telecom R&D

� Virtual Smart Card service, BullCP8

WP1 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell	9	9	0	18
Alcatel CIT	14	25	0	39
Bantry Technologies	0	6	0	6
Bull CP8	7	14	0	21
Bull Soft	14	28	0	42
Charles University	0	3	0	3
France Telecom R&D	2	6	0	8
KUL	2	1	0	3
UoG	3	7	0	10
UoV	2	4	0	6
totals man months	53	103	0	156

Work package 2: Common middleware services

The objectives of this work package is :

� To specify services identified in W1 with intent to preserve the independence with market solutions on some services, like security, and to keep the profit of these solutions.

� To develop services in the form of generic and reusable software components, that will take in charge a part of the complexity of the application.

� These services will be very easy to use for a non-expert programmer on a particular subject such as transaction or security.

Common middleware services can be classified in basic security services, security management services and run-time services.

Basic security services

Basic security services include identification and authentication, key and certificate functions, data protection, authorisation based on user certificates.

Identification and Authentication Service

In PEPiTA Architecture. The authentication can be by login and password, smart card and PIN, or other mechanisms. Different authentication methods can be used for the same the same person, provided that the administrator has authorised them. The applications can ascertain which authentication method is used via the APIs of the workstation.

Public Key Infrastructure Service

The Provision of a Public Key Infrastructure (PKI) is the foundation for PEPiTA cryptographic service, which becomes mandatory for application communication protection (privacy, integrity, etc.) over public networks like Internet.

Data protection Service

This service provides protection of the user data exchanged between two entities, universal client and PEPiTA server application.� The mechanism is based on the establishment of security contexts supporting mutual authentication between client and server, integrity and confidentiality protection of exchanged data.

Authorisation service

For reasons of Interoperability, Security and Revocation, the Authorisation Service will be separated from the Authentication Service by the support of Attribute Certificates (AC), which contain user, group and other attribute information for a user.

In the context of PEPiTA, the Attribute Certificate provides the following benefits to the solution:

- The issuing of authorisation information can be done from a more suitable local level, with a greater knowledge of a user�s attribute requirement.

- Access control can be attribute-based, rather than identity-based. Consequently, Access Control rules can be defined more simply and be maintained more efficiently.

The solution becomes scaleable to an infinite number of users, without any change to the application.

The Authorisation Service may use AC�s in the following way: once an application has verified the identity of a user, the AC for that user will be acquired from the Authorisation Server. The application then validates the signature and expiration date of the AC and also ensures that the AC owner is the same as the user that has been authenticated. Once this has been done, the attributes present in the AC can be checked against the Access Control Rules to allow or deny access to the relevant resource.

Security management services

�Security management services include user management functions and user profile management functions to allow customisation.

Users� Management Service

PEPiTA platform will provide full�� support for user management functions.� This service allows a security administrator to define entries and to attribute for persons in a Security Information Base (SIB). The benefits of this service�� is the provision of an integrated, comprehensive and easy-to-use Single Sign On (SSO) capability for PEPiTA based application.

All information regarding user accounts and profiles is stored in a central repository on the security management server, resulting in more control while decreasing the administrative workload. The need for training the administrators on many systems and applications is reduced and more work can be delegated to less highly skilled workers. Thus, for a higher level of security, the security administrator has a tool which enforces the security policy in the organisation and which removes, in a reduced amount of time, all accounts of a terminated employee.

User Profile Management (UPM)

A User Profile is a set of data utilised for customising the relationship between the correspondent PEPiTA user and the service provider. At service execution time these data are exploited in conjunction with other information rendering virtual home environments (subscription information, service profiles, capabilities of the terminal and access network used�), in order to perform the relevant processing for service provisioning (authentication, determination of access rights and user preferences, service-to-terminal/network adaptation�).

Run-time services

Run-time services include notification service, logging service, audit and alarm functions to allow applications or security services to audit critical actions, and to report alarms on the security server.

Notification Service:

The Notification Service is a Distributed Processing Environment allowing objects to emit notifications without being aware of recipient objects. Similarly, it enables an object to receive notifications without having to interact with emitter objects. The service acts as a broker between emitters and recipients. Compared to an Event Service, a Notification service provides two major features. First, the service allows filtering notifications according to their types and values. Second, quality of service parameters is selectable.

Logging Service:

Distributed operating systems must provide tools for reliability. Logs are the greatest common divisor of most reliability mechanisms: well-known algorithms for fault tolerance, such as two-step commitment, recovery protocols and concurrency control, need reliable logs. Thus, a logging service is a basic tool for reliability in distributed systems.

Common Audit and Alarm Service

PEPiTA Audit and alarm services allow PEPiTA based applications to audit critical actions, and to report alarms on the security server. The security administrator can review events that occurred throughout the system. The administrator can define filters and criteria to sort and report the audit events. Audit records also constitute for external auditors a proof of robustness of the information system.

Responsibilities will be assigned as follows:

� Alcatel CIT will assure the WP2 work-package leadership, develop the virtual subscription, notifications, logging and user profile management services, and participate to security service implementation.

� BullSoft will develop a comprehensive set of security services including identification and authentication, audit and alarm functions, and support of Public Key Infrastructure.

WP2 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell				0
Alcatel CIT	12	72	57	141
Bantry Technologies				0
Bull CP8				0
Bull Soft	6	80	40	126
Charles University				0
France Telecom R&D				0
KUL				0
UoG				0
UoV				0
totals man months	18	152	97	267

Work package 3: Enterprise Java Beans Platform

Enterprise Java Beans (EJB) specifications define architecture and interfaces for developing and deploying distributed Java server applications based on a multi-tier architecture. EJB facilitates and normalises the development, deployment and assembling of application components (called enterprise beans); such components will be deployable on EJB platforms. The resulting applications are typically transactional, database-oriented, multi-user, secured, scalable and portable. This Work package will be dedicated to specify and implement an EJB platform and associated services that will facilitates, normalises and provides support for the development, deployment and assembling of telecom and Internet value-added services.

BullSoft will provide, as starting point for the project, its existing open source EJB platform implementation. This EJB platform will be extended in order to provide declarative support for most of the common middleware services developed within WP2 (extended persistency and transaction services, security service, notification service, etc.). The EJB platform will handle the corresponding services and generate the adequate run-time code, thus allowing the application programmer to focus on its business logic.

Charles University has started to work on an EJB Comparison Project that deals with evaluation of the compliance with the EJB 1.0 specification and benchmarking EJB. As a part of the project, several EJB implementations (GemStone/J, NetDynamics, WebLogic, WebSphere) have been evaluated and compared. The experience from this comparison project will be very valuable for the development of the JOnAS application server. In the first phase of work, results, experiences and knowledge gathered in the EJB comparison project will be used to create evaluation and benchmarking suites for new versions of the EJB specifications. These suites will be applied to JOnAS. In the second phase, enhancements of the EJB component and transaction models will be specified. Charles University's knowledge of component software architectures will allow us to propose and implement enhanced features for the JOnAS architecture, especially where the component model and the advanced transaction models are concerned.

Responsibilities will be assigned as follows:

� BullSoft will assure the WP3 work-package leadership, and will provide, as starting point for the project, its existing open source EJB platform implementation. BullSoft will contribute to the enhancement of this platform in order to support common middleware services.

� Charles University will contribute mainly in the following areas:

- �� Development of benchmarking tests

- �� Evaluating conformance of JOnAS with new versions of EJB specifications

- Benchmarking of JOnAS

- Analysis of the performance data

- �� Enhanced model features (extensions of JonAS): component model (multiple interfaces, provides/requires interfaces, versioning, asynchronous calls, etc.) and advanced transaction models.

� France Telecom R&D will also contribute to the enhancement of the platform on persistence and transaction features.

� University of Grenoble: specifications and implementation of services aiming at adapting dynamically the overall client-server interaction to the specific requirements of the network environment and terminal capabilities.

� University of Valenciennes will extend persistence and transactional support within the EJB platform.

WP3 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell				0
Alcatel CIT				0
Bantry Technologies				0
Bull CP8				0
Bull Soft	2	54	16	72
Charles University	0	18	15	33
France Telecom R&D	4	36	8	48
KUL				0
UoG	10	30	22	62
UoV	1	3	2	6
totals man months	17	141	63	221

�Work package 4: Universal Access To Services

This work package will be dedicated to the following objectives:

� To study services and protocols used for terminal access and to specify functional requirements to be supported by the system.

� To specify a generic architecture for a service platform supporting dynamic communication protocols.

� To specify and implement components for the independent access to network and adaptation to various access technologies (such as PSTN, WAP, GPRS, RF systems, Skybridge, ScreenPhone, etc.).

� To specify and develop service components being able adapting dynamically the client-server interaction to different network environments and terminal capabilities.

The main challenge of this work package is to bridge the gap between network layer functionality and protocols on the one hand and services on the other hand. Indeed, the focus of the tasks is on the borderline between the network layer and the service layer. With the ever-faster evolution of network technologies, architectures, and protocols, this work package faces the challenge of adapting functionality to an ever-wider range of environments. It will investigate how to select and/or adapt protocols to optimally meet the restrictions and requirements of a given network environment. The combination of �selecting� and �adapting� is crucial here. Indeed, some of the lower level protocols are typically embedded in the operating system of a terminal or network node, and an application has only limited control over these. This means that the application will have to select the most appropriate protocol or access scheme for a given environment.

In order to be able to select the correct protocol, the set of available protocols on the given terminal or network node has to be detected, as well as the configuration of the surrounding network. For example, if a terminal is directly connected to a network access server of a service provider, then the Point-to-Point Protocol (PPP) may be used. On the other hand, if several routers are involved, then the tunnelling approach (e.g. PPTP) may be more appropriate. Once the available protocol stacks and the network environment have been detected, a set of rules has to be applied to select the most appropriate one. This may involve the negotiation of protocol stacks between different network elements involved. Hence, models are needed to specify the protocol requirements of a given services, to describe protocol stacks that may or may not be available on a given network element, and to describe the network environment and role of a given element.

Protocols situated at a slightly higher layer (e.g. just above TCP/IP) are typically embedded in the service or application software. Consequently, at this level, there is an additional degree of freedom, more specifically, the service has the possibility to adapt the protocol to its needs. Obviously, this brings up additional challenges, such as how to model and implement this flexibility into the protocol stacks, how to negotiate the protocol parameters between different network elements involved, etc.

In addition, whereas these protocols are today typically embedded in the application SW, a more modular approach should be developed, where the protocol stacks are implemented as separate components. This will allow customising the protocols separately from the core functionality of the service. It will also allow upgrading protocol versions smoothly, with minimal impact on the service functionality. This is an important asset, as protocols are currently evolving extremely fast. Therefore, mechanisms have to be developed through which protocol components can be upgraded to a new version of the given protocol, or even replaced by a next generation protocol.

Finally, an important challenge is related to the distribution of the service access platform functionality over the CPE and access network architecture. Unlike a classical environment for distributed computing, one of the difficulties in this particular context is that the different network elements involved are typically completely different in nature (different HW and SW environment). In other words, it can probably not be assumed that each element runs the same DCE platform software. Rather, distribution of SW components over the different elements will have to take into account the specific characteristics of each element, and the SW components will have to adapt to this.

The way of communication between an arbitrary client terminal and the PEPiTA server should not be limited to a restricted set of communication protocols. An open protocol stack (in Java), easily extensible with new protocols (even dynamically!) should be defined. At the service side, we will define and implement basic reusable components for the benefit of a high-level service creation environment releasing the service developer of infrastructure details of the service access platform.

We will define a limited, but functional infrastructure component set for generic use. The functionality will include logging, monitoring, user subscription, and system administration at the one side and VPN management at the other hand. Due to their broad scope, VPN services can be considered as a framework in which other services can be positioned. The most important feature to be probed is Closed User Group (CUG) Management.

We will also investigate the specification of a service software management framework.

The convergence of video, voice and data in unified networks will demand new, more active service management. Next generation application management solutions will be based on dynamic, component-based architectures, enabling just-in-time deployment of new service management components. Consumers will benefit from a higher quality of services, thanks to a more effective and more transparent management of software components in network appliances.

Mechanisms for building service packages and efficient downloading of service components to the terminal and other network elements will be studied. The applicability of a service gateway as a mediator between the end user and the service provider will be investigated. Technically, a service gateway is an embedded server that is inserted into the network to connect the external Internet to service subscribers, thereby facilitating the deployment of services.

On top of the developed framework for service management and access, specific service control management components will also be identified, enabling the initiation of communication sessions between members of a VPN Closed User Group.

Responsibilities will be assigned as follows:

� Alcatel Bell: Work-package leadership; investigation & specifications of functional requirements for a distributed service access platform and definition of components (protocol functionality, management, VPN, session control); specifications and implementation of components of the software network adapters and integration with PEPiTA demonstrators.

� K.U. Leuven: Specification and development of a generic architecture for a terminal supporting dynamic communication protocols.

WP4 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell	36	72	36	144
Alcatel CIT				0
Bantry Technologies				0
Bull CP8				0
Bull Soft				0
Charles University				0
France Telecom R&D				0
KUL	5,5	20	1,5	27
UoG				0
UoV				0
totals man months	41,5	92	37,5	171

Work package 5: Smart cards services

This work package will be dedicated to the development of services related to Java cards and particularly for security and user profile storage.

The Java card is both a secure portable token and a secure computing device and has to be considered as such in this security architecture.

In this environment, the secure computing device aspect is turned mainly around the cryptographic capabilities of the smart card such as public-key algorithms for authentication, signature and key exchange purposes. Furthermore, other applications could be advantageously added on the Java Card such as campus-related applications (e.g. electronic purse, ID information, physical access control, etc.).

The secure portable token aspect is directly related to the storage of the user profile and cryptographic elements such as keys, certificates and PEPITA profiles. The user must be able to connect to any device with only his/her smart card to gain access to the different services provided in the PEPiTA architecture.

The Java Card target for PEPiTA is a new generation of smart card based on a RISC processor and with at least 64KB EEPROM memory. This technology gives both higher performance and above all higher storage space than today's smart cards.

The development required for this work package can be decomposed into four main parts:

� Java Card Application Development

� Terminal Application Development

� Java Card Deployment

� Wireless-oriented Services

1. Java Card Application Development

This new high-end Java Card requires a complete environment development suite in order to develop, debug and simulate Java Card applications. This is dedicated first to the PEPiTA relative Java Card applications but also to the added value Java Card applications. This is to be developed on a workstation within the Open Card Framework (OCF: Java-based framework to develop smart card-aware applications).

With this development workbench, Java Card applications can be developed for PEPiTA. The first type of applications is dedicated directly to the security infrastructure with a public-key based Java Card application and with key and certificate storage. This will enable authentication and key exchange for session encryption capabilities. The second type of application is related to user profile storage.

2. Terminal Application Development

The counterpart of the Java Card applications has to be developed on the card-accepting device such as a PC. In workstation environment, OCF is the basis of the development and the framework will be enhanced to support PEPiTA requirements. Technology such as proxy objects should be necessary in order to hide lower level protocols such as APDU transmission as Java language is present both on smart card and terminal side. On smaller terminals, an approach closer to Visa Open Platform Terminal (OPTF: Open Platform Terminal Framework - Java-based framework focused on card technology and independence of terminal peripherals such as user interface and communication mean) is more suitable for small footprint Java environment.

3. Java Card Deployment

In order to deploy Java Cards, a personalization system is necessary for the card issuance. First, this is essential to download Java Card applications but this is also linked to graphic and other kind of personalization. Secondly, this has to be in relation with the data initialisation of the Java Card applications for user specific data. This includes, at least, key and certificate initialisation (generation and storage) and user profile storage. This phase, which is in fact part of the Java Card life cycle management, is linked to the security server.

4. Wireless-oriented services

The four main following wireless-oriented services will be provided:

� Authentication:

The WIM module is a smart card application containing the user�s security profile. This module provides WAP or non-WAP applications with authentication services such as signature of messages, PIN code verification, and handshakes. Non-WAP terminals or WAP terminals through WML Script applications can use these authentication services.

� Confidentiality:

The Wireless Transport Layer Session (WTLS) layer takes in charge the confidentiality between a WAP mobile phone and networked services like Secure Session Layer (SSL) for web browser terminals. The WAP 1.2 norm defines a standard for WTLS or SSL layers to perform cryptographic operations from user�s security data stored in a WIM application. The transport security layers will use the WIM module to secure the link between the user and networked services.

� Security Service for Smart Card Applications:

The WAP Forum specifies only how an external client (from the smart card viewpoint) can use a WIM application, not how a smart card application can do it. The proposal allows applets to access WIM security services through an internal interface (called Java Card shareable interface). This interface enables these applets to perform security commands according to the user�s security profile. A Java Card applet having to internally sign or cipher a message is able to delegate this service to the WIM application according to user�s keys.

� Customisation:

This Java Card service provides users with personal data. These data consist in customisation data to personalize a system environment, an access network or services. The Java Card service provides data or references to data to a client application located on the terminal or on the network. An interface located in the terminal in a transparent manner manages the request to this Java Card service. Consequently, the client application is not aware of the real data location (in the smart card or on the network through a reference). This interface may be a JNDI implementation in the case of wired terminal or a downloaded WML Script component for WAP terminals. Access to data stored on the card or on the network is protected through authentication and confidentiality provided by the WIM application.

Responsibilities will be assigned as follows:

� Bull CP8: Work-package leadership, specifications and implementation of software for smart cards and terminals (+ hardware provision) and integration with PEPiTA demonstrator

� Alcatel Bell: Application of Java smart card technology and features to enhance service scenarios of the PEPiTA demonstrator.

� Bantry Technologies will provide wireless-oriented services. These services will be based on the Wireless Identity Module (WIM) specified by a WAP Forum norm and built on Bull CP8 Java Cards.

WP5 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell		6	6	12
Alcatel CIT				0
Bantry Technologies		30	30	60
Bull CP8	3	80	28	111
Bull Soft				0
Charles University				0
France Telecom R&D				0
KUL				0
UoG				0
UoV				0
totals man months	3	116	64	183

Work package 6: Application services and Integration prototypes

This work-package is concerned with the development of high-level application services and integration prototypes intended to validate the benefit of the PEPiTA platform. The aim is to build application services components and a set of complementary prototypes, each of them focusing on a particular subset of the services provided buy the PEPiTA platform. The prototypes development feedback will help us to design PEPiTA tutorials. These tutorials will be used to train developers to the different features of PEPiTA.

An electronic payment application will also be provided. The services will be based on the Common Electronic Purse Standard (CEPS) widely supported by VISA and EUROPAY. It will demonstrate a payment operation based on a CEPS card inserted in the second slot of a mobile phone. To do so, a dual-slot mobile phone will be used or simulated. The overall architecture will include:

� The dual-slot mobile phone,

o A STK card inserted in the main slot. The applet will be a Bull CP8 Rock�n Tree Java Card 2.1 STK applet,

o A CEPS card inserted in the second slot. The applet will be a Bull CP8 Odyssey Java Card 2.1 applet.

� The gateways,

o The issuer gateway,

o The merchant gateway. For both gateways, the applications will be based on the use of EJBs created for Pepita (transactional, payment, communication, user profile, security, etc.)

� The card issuer,

� The acquirer bank.

Responsibilities will be assigned as follows:

� Alcatel CIT: development of PEPiTA-based prototypes for online subscription management and for online user profile management. Access to these facilities will make use of underlying security mechanisms defined in WP1.

� Alcatel Bell: prototype validating universal access to subscribed services using instances of virtual terminals. This will be demonstrated using traditional network access, accessing network configuration with additional intelligence at CPE side and low bandwidth access network (WAP).

� BullSoft: development of a component-based security server that will provide simple, safe, and consistent management of PEPITA resources (including systems resources, services, and registration forms). It will provide management support for users, groups, roles, certificates, registration, access control, etc.

� K.U. Leuven will co-operate with Alcatel Bell in the construction of the prototype validating universal access to subscribed services.

� University of Grenoble: development of a Global Resource Management prototype that shows how network and terminal services provided within PEPiTA can be exploited to adapt dynamically the structure of a multimedia application to external parameters such as the current network workload, the terminal capabilities and the user profile.

� University of Valenciennes: development of a PEPiTA-based web service of auction sales (e.g. for stock exchange). The user can consult the current bids, overbid, and is also notified of lost bids so that he can overbid in turn. During one sale session, the subscriber can join and leave several times from several terminals (PC, GSM, PDA, etc.) with the same secure identity.

� Bantry Technologies: development of the electronic payment application. In terms of prototyping, the work will be divided into two phases. Phase 1 will be purely STK, non-WAP compliant. Phase 2 will provide migration to WAP, with the use of the WIM application for ensuring data security.

Depending on the phase, the confidentiality will be ensured by different means. However, the final objective remains the same. Securing the over-the-air communication between the mobile phone and the gateway. Symmetric data encryption will be used to protect the transmission. In phase 1, specific Secure Access Modules located at various places in the architecture will ensure data security. In phase 2, the WIM could be a considerable add-on to the protection of data at the mobile level.

WP6 manpower allocation	1999	2000	2001	*totals*
Alcatel Bell		15	15	30
Alcatel CIT		24	24	48
Bantry Technologies		36	36	72
Bull CP8				0
Bull Soft	2	30	16	48
Charles University				0
France Telecom R&D				0
KUL	1	4	10	15
UoG		4	4	8
UoV	2	8	7	17
totals man months	5	121	112	238

5. Overall effort and project duration

Start of project (beginning of Y1):�� 01.09.1999

End of project (end of Y2):�� 31.12.2001

Overall effort:

Total project	1999	2000	2001	*total*
Alcatel Bell	4	9	5	18
Alcatel CIT	2,333	10,58	7,083	20
Alcatel subtotal	6,333	19,58	12,08	38
Bantry Technologies	0	6,25	5,75	12
BullCP8	1	8,333	2,667	12
BullSoft	2,333	17	6,667	26
Bull subtotal	3,333	25,33	9,333	38
Charles University	0	1,833	1,333	3,167
France Telecom R&D	0,583	3,667	0,75	5
KUL	0,75	2,25	1	4
UoG	1,167	3,583	2,25	7
UoV	0,5	1,5	1	3
Total project man years	12,67	64	33,5	110,2

Effort per year for the project in person year per country

Manpower per country	1999	2000	2001	total
France	7,92	44,67	20,42	73
Belgium	4,75	11,25	6	22
Czech Republic	0	1,83	1,33	3,17
Ireland	0,00	6,25	5,75	12,00
Total	12,67	64,00	33,50	110,17

Yearly financial effort for the project

Effort in million euros	1999	2000	2001	*total*
Alcatel Bell	0,499	1,122	0,624	2,245
Alcatel CIT	0,372	1,709	1,165	3,246
Alcatel subtotal	0,871	2,831	1,789	5,491
Bantry Technologies	0,000	0,902	0,830	1,732
Bull	1,318	3,258	0,981	5,557
Charles University	0,000	0,024	0,021	0,045
France Telecom R&D	0,099	0,619	0,127	0,845
KUL	0,096	0,176	0,048	0,320
UoG	0,039	0,226	0,147	0,412
UoV	0,077	0,145	0,082	0,304
Total	2,499	8,182	4,024	14,705

Financial effort per country	1999	2000	2001	total
France	1,905	5,957	2,502	10,364
Belgium	0,595	1,298	0,672	2,565
Czech Republic	0,000	0,024	0,021	0,045
Ireland	0,000	0,902	0,830	1,732
Total	2,499	8,182	4,024	14,705

Financial effort per category	1999	2000	2001	total
Universities	0,212	0,571	0,298	1,081
SMEs	0,000	0,902	0,830	1,732
Word companies	2,287	6,709	2,896	11,892
Total	2,499	8,182	4,024	14,705

6. Master milestones/deliverables

The following planning is proposed for the duration of the project:

	T0	T0+3	T0+6	T0+9	T0+12	T0+15	T0+18	T0+21	T0+24
WP0
WP1
WP2
WP3
WP4
WP5
WP6

As the duration of the project is a very short it is necessary to achieve a maximum of parallelism between WPs. This is made possible by the availability, at the beginning of the project, of the open source EJB platform provided by BullSoft. This allows, after a 3-month common work on the global architecture, to start all WPs in parallel. As the EJB platform provide an intermediate layer between low level services and application programmers, it is possible to start the implementation of high level application services and even some parts of the application prototypes before the availability of the implementation of the low level common middleware services.

The master milestones and deliverables are the followings:

Work package	Deliverable	Date	Title
WP0			Project Management
WP1			Common architecture and virtual services APIs
	D11S	T0 +3	Global architecture specification
	D12S	T0 + 6	Virtual services APIs specifications (draft)
		T0 + 9	Virtual services APIs specifications
WP2			Common middleware services
	D21P	T0 + 12	Common middleware service prototypes
WP3			EJB Platform and services
	D31	T0 + 6	Extended EJB Platform specifications (draft)
		T0 + 9	Extended EJB Platform specifications V1
	D32	T0 + 10	Compliance and benchmark suites V1
	D33	T0 + 15	Extended EJB Platform prototype V1
	D34	T0 + 15	Results of compliance and benchmark suites V1
	D35	T0 + 18	Extended EJB Platform specifications V2
	D36	T0 + 24	Extended EJB Platform prototype V2
WP4			Universal access to services
	D41	T0 + 6	Specifications of universal access to services (draft)
		T0 + 9	Specifications of universal access to services
	D42	T0+ 15	Prototypes of universal access to services
WP5			Smart cards services
	D51S	T0+ 6	Smart cards services specifications (draft)
		T0+ 9	Smart cards services specifications
	D51P	T0+ 15	Smart cards services prototype
	D52P	T0 + 12	WIM prototype
	D53S	T0 + 15	Wireless customisation specifications
	D53P	T0 + 21	Wireless customisation prototype
WP6			Integration and validation prototypes
	D61S	T0 + 12	On line subscription and User Profile management specifications
	D61P	T0 + 24	On line subscription and User Profile management prototype
	D62S	T0 + 12	UMTS access to services specifications
	D62P	T0 + 24	UMTS access to services prototype
	D63S	T0 + 12	Security Manager specifications
	D63P	T0 + 24	Security Manager prototype
	D64S	T0 + 12	Digital Signature Infrastructure specifications
	D64P	T0 + 24	Digital Signature Infrastructure prototype
	D65S	T0 + 12	Global Resource Manager specifications
	D65P	T0 + 24	Global Resource Manager prototype
	D66S	T0 + 12	Auction sales specifications
	D66P	T0 + 24	Auction sales prototype
	D67S	T0 + 12	STK payment specifications
	D67P	T0 + 15	STK payment prototype
	D68S	T0 + 18	WAP payment specifications
	D68P	T0 + 24	WAP payment prototype

7. Organisational information

	WP structure
Project Manager	Bull Software

Work package	Co-ordination by
0	BullSoft
1	Alcatel CIT
2	Alcatel CIT
3	BullSoft
4	Alcatel Bell
5	Bull CP8
6	Bantry Technologies

8. Rationale for funding

With the rising popularity and usage of the Internet and related technologies, developing a secure and scalable middleware providing support for the development, deployment and management of component-based applications � is of primary importance. The PEPiTA project is an opportunity to provide a European platform answering these requirements.

The knowledge and skills contributed by the partners are absolutely complementary and cannot be found within one European nation. Thereby Trans-European co-operation is a prerequisite for the successful completion of this project. More information on the unique skills of the partners can be found in appendix A.

The PEPiTA project will capitalise on the result of previous projects such as IWT NMS, ACTS SCARAB, ReTina and ACTranS, and establish co-operation with related projects, including RNRT (CORSICA and PAROLE projects) and ITEA (TASSC, ATHOS and Middleware for VHE). PEPiTA proposes to take the leadership to set-up common workshops between these projects, in order to allow a maximum of synergy and to provide the basis for closer technical co-operations.

Contact persons:

Main contact person:

Bull Software�� Hatem Trabelsi, Hatem.Trabelsi@bull.net��

�� 47 rue Jean-Jaur�s - 78430 Les Clayes sous Bois

�� tel. +33 1 30806109, fax. 33 1 30807563�

Other contact persons:

Alcatel Bell�� Luk Overmeire, overmelu@rc.bel.alcatel.be

�� F. Wellesplein 1, B-2018 Antwerp, Belgium

�� tel. +32 3 240 7266, fax. +33 1 240 8485

�� Christophe Vermeulen, Christophe.Vermeulen@alcatel.be
�� F. Wellesplein, 1, B-2018 Antwerp, Belgium
�� tel. +32 3 240 8942, fax +32 3 240 8485

Alcatel CIT�� Guy Fouquet, Guy.Fouquet@alcatel.fr
�� Route de Nozay, F-91461 Marcoussis, France
�� tel. +33 1 69.63.18.05, fax +33 1 69.63.17.89

�� Nicolas Mercouroff, Nicolas.Mercouroff@alcatel.fr

�� Bruno Ceccaldi, Bruno.Ceccaldi@alcatel.fr

�� Laurent Ballester, Laurent.Ballester@alcatel.fr

Bantry Technologies�� David Carlier, david.carlier@bantry-technologies.com

�� Patrick Trane, patrick.trane@bantry-technologies.com

�� Embassy House, Ballsbridge, Dublin 4, Ireland

�� Tel: +353 1 663 20 30 (ext. 208 for David, and 205 for Patrick)

�� Fax: +353 1 663 20 50

BullSoft �� G�rard Vand�me, Gerard.Vandome@bull.net
�� Rue de Provence, 1, F-38432 Echirolles
�� tel. +33 4 76.29.75.67� fax +33 4 76.29.76.00
Bull CP8�� Martine Schiavo, Martine.Schiavo@bull.net
�� Route de Versailles, 68 F-78430 Louveciennes
�� tel. +33 1 39.66.42.41, fax +33 1 36.66.43.51

Charles University�� Prof. Frantisek Plasil, plasil@nenya.ms.mff.cuni.cz

�� Malostranske namesti 25, 110 00 Prague 1

�� phone:(+420 2) 2191 4267, fax: (+420 2) 2191 4323

�� http://nenya.ms.mff.cuni.cz/thegroup

France Telecom R&D�� Alexandre Lefebvre, Alexandre.Lefebvre@francetelecom.fr

�� 28, chemin du vieux ch�ne � BP98

�� 38243 Meylan Cedex (France)

�� tel. +33 4 76 76 44 16, fax. +33 4 76 76 45 57

K.U. Leuven�� Pierre Verbaeten, pierre.verbaeten@cs.kuleuven.ac.be
�� Celestijnenlaan, 200a, B-3000 Leuven
�� tel. + 32 16 32 75 66� fax +32 16 32 79 96

�� Wouter Joosen, wouter.joosen@cs.kuleuven.ac.be

U. of Grenoble�� Roland Balter, roland.balter@inrialpes.fr
�� ZIRST, 655, avenue de l�Europe, F-38330 Montbonnot
�� tel. +33 4 76 61 52 56,� fax +33 4 76 61 52 52

UVHC�� Didier Donsez, donsez@univ-valenciennes.fr
�� LAMIH - Le Mont Houy BP 311 F-59304 Valenciennes
�� tel: +33 3 27 14 85 20�� fax: +33 3 27 14 11 83

9. Appendices

APPENDIX A: Consortium Description

Alcatel Bell (Antwerp, Belgium)

Alcatel Bell is the Belgian arm of the Alcatel group. It has proven its leadership position in various fields of telecommunication, including fixed, mobile and broadband networks. Inside the Corporate Research Center, the Service Deployment project covers the areas of Java integration in telecom networks, protocols and service issues in access networks, UMTS and smart card usage, service business models, and intelligent agents for telecom services.

Alcatel CIT (Marcoussis, France)

Alcatel CIT, Marcoussis is the French main body Research Center of the Alcatel group. The site works on network and software research including object architecture, security, and user profile management. The teams involved are particularly working on security for distributed environments, as well as services for user profile management and online subscription. They follow different standardisation bodies (TINA, OMG) related to these topics. Moreover, they participate to the ALMAP Security module enhancement for the related Business Divisions and they are investigating several risk analyses on different Alcatel Products.

Bantry Technologies (Ireland)

Bantry Technologies was established in Dublin, Ireland, in 1999. The general aim of Bantry Technologies is to provide innovative smart card solutions and bespoke development services in the e-commerce and m-commerce industries. To address the growing convergence of telecom, content services, and payment systems, Bantry Technologies' management team was put together to merge expertise in technologies such as JavaCard, WAP and SIM Toolkit, and hands-on experience in telecom and banking industries, including EMV payment and CEPS e-purse systems.

BULL (France)

BullSoft is a division of Bull SA, in charge of Bull software products and technologies. The main BullSoft products are related to management and security� (OpenMaster, AccessMaster and SecurWare product lines). BullSoft has also a high expertise in distributed objects and Java technology, and will provide its implementation of the Enterprise Java Beans specifications to the project.

BullCP8 is an affiliate of Bull SA, in charge of the marketing and development of smart cards and terminals.

Charles University (Czech Republic)

Founded in 1348, Charles University is the oldest university in Central Europe. The School of Computer Science consists of the following departments: Laboratory of Software and Education in Computer Science, Applied Mathematics, Mathematical Logic and Philosophy of Mathematics, Software Engineering, Theoretical Informatics, Institute of Formal and Applied Linguistics. For more than 20 years, among other conferences and other scientific events, the School of Computer Science has been involved in co-organizing of the international conference "Mathematical Foundations of Computer Science" and the conference SOFSEM on the current trends in theory and practice of computer science. The research activities of the School of Computer Science involve complexity theory, automata theory, logic, combinatorics, computational geometry, parallel and distributed algorithms, neural networks, computer graphics, formal linguistic, philosophy of mathematics, databases and information systems, distributed systems, operating systems, software engineering.

Being a part of the Department of Software Engineering, the Distributed Systems Research Group focuses mostly on research in object-oriented components and frameworks. This interest is reflected in the SOFA/DCUP project, dealing with a distributed component model, component updates at runtime, and electronic market with software components. The group is also involved in the CORBA Comparison Project and the EJB Comparison Project. The projects deal with specifying a comprehensive set of criteria for evaluating functionality and performance, and evaluate selected implementations of CORBA and EJB respectively. Recently, the group was also involved in the TOCOOS Copernicus project, with our goal being to design and implement some of the CORBA object services (e. g. the Persistent Service and the Relationship Service.) The group, headed by Prof. Frantisek Plasil, consists of 11 Ph.D. students, one assistant professor, and one associate professor.

France Telecom R&D (France)

France Telecom R&D is the France Telecom research center. The division involved in the PEPiTA project is the Direction of Software Technologies represented by its ASR department working on distributed systems architecture. ASR�s activities include the development of new middleware architectures and middleware components for large scale, dependable, distributed systems, and their application to the development of information networks. In the last 5 years, ASR has worked in particular on the development of flexible, real-time, CORBA-compliant distributed object-oriented platforms (ORBs) and on the development of information network architecture (TINA). ASR has lately been involved in the Eurescom projects P508 on the evolution of intelligent networks towards TINA, and P715 on the trial and experimentation of the TINA architecture. ASR has also been involved in several European projects, and is currently involved in the ReTINA and Miami ACTS projects.

Katholieke Universiteit Leuven (Belgium)

Distrinet is a research group of the department of computer science of the K.U.Leuven. The general aim of Distrinet is to build distributed object support platforms for advanced applications, using state-of-the-art software technology. Its policy is to develop open systems with generic parts shared by many applications, as well as customised parts that are specialised for particular application areas, for individual applications and even for particular executions of applications. Two domains where this policy is currently applied are advanced communication and security.

University of Grenoble (France)

SIRAC (Syst�mes Informatiques R�partis pour Applications Coop�ratives) is a joint laboratory between the University of Grenoble and Inria (Unit� de Recherche Rh�ne-Alpes). For many years, the Sirac laboratory has been involved in active research on distributed systems and applications. Our current activities deal mainly with component programming and flexible Java infrastructures for adaptable applications.

University of Valenciennes et du Hainaut-Cambresis (France)

LAMIH (Laboratoire d'Automatique et de M�canique Industrielles et Humaines) is a research laboratory of the Universit� de Valenciennes et du Hainaut-Cambresis (UVHC). This laboratory gathers 200 researchers in the fields of mechanic, automatism and computer sciences. The team taking involved in the project has a high expertise in the security of the transactional systems.

APPENDiX B: Background Technical Information

As operating systems have evolved from proprietary to open systems, the middleware is also evolving from proprietary solutions to standard solutions. By these, programming by components is becoming a reality. It is now possible to develop components, which are not only independent of the underlying system, but also of the underlying middleware.� As this fully answer the middleware provider independence required by users, the market is quickly evolving in this direction.

Component Technologies

Software Component Technology is receiving a huge amount of attention in the IT world nowadays. Software components are expected to bring object technology to relevant levels of abstraction and greatly simplify the development and deployment of applications. JavaBeans is the de facto standard for the development and assembly of platform independent software components that can run on a variety of operating systems and hardware platforms, ranging from high-end servers to zero-administration terminals at the end-user�s premises. Enterprise JavaBeans is a specification for a portability layer on top of mission-critical application servers. An EJB server provides Containers that can encapsulate Java object and components and which provide runtime services such as persistence, load balancing, transaction management and fault tolerance.� Hence, the EJB technology seems to be a viable candidate to deploy terminal-independent applications that mainly deal with short client-to-database transactions.

Enterprise JavaBeans Platform Capabilities

The SunSoft Enterprise JavaBeans specification defines architecture and interfaces for developing and deploying distributed Java server applications based on a multi-tier architecture. This specification intends to facilitate and normalise the development, deployment and assembling of applicative components (called enterprise beans); such components will be deployable on EJB platforms. The resulting applications are typically transactional, database-oriented, multi-user, secured, scalable and portable. More precisely, this EJB specification describes two kinds of information:

� The first is the runtime environment, called EJB server, which provides the execution environment together with the transactional service, the distribution mechanisms, the persistence management and the security

� The second is some kind of programmer's guide and user's guide explaining how an enterprise bean should be developed, deployed and used.

Not only will an enterprise bean be independent of the platform and operating system (since written in Java), but also of the EJB platform.

Two kinds of enterprise beans are defined in the specification:

� Session beans are objects associated with only one client, short-lived (one method call or a client session), that represent the current state of the client session. They can be transaction-aware, stateful or stateless.

� Entity beans are objects that represent data in a database. They may be shared by several clients and are identified by means of a primary key. An EJB environment is responsible for managing the persistence of such objects

Enterprise JavaBeans and the competition

The main alternative to the EJB component model is the Microsoft proprietary component model called COM+. COM+ is derived from COM (the Microsoft Component Object Model which defines a binary standard for component interoperability), and from DCOM (which provides distribution support within COM). COM+ introduces the Microsoft Transaction Server (MTS) and declarative transaction management. COM+ doesn't provide EJB advanced features as declarative persistence management and load balancing. COM+ is also very dependent of the NT operating system, even if some partial porting can be found on some UNIX systems.

AT&T Labs put together a network software development platform that will make it easier for communications companies to develop services that can operate on different types of networks. The development platform, code-named GeoPlex, will sit in the net�work between the services and the IP transport hardware and software and provide an Applications Programming Interface that will facilitate third-party applications deve�lop�ment. The idea is to give service software developers building blocks that enable them to focus only on their service content. GeoPlex will include the network software, a software developers' kit and an application developers' kit. Java-based tools enable rapid application development.

Finally, GeoPlex supports a diverse set of end-point devices in addition to the standard personal computers and workstations. These devices include telephones, personal digital assistants (PDAs), network computers (NCs), pagers, set-top boxes, cellular phones, fax, and others.

Tasks.�

Market relevance and timing

Identification and Authentication Service

Public Key Infrastructure Service

Data protection Service

Authorisation service

Users� Management Service

User Profile Management (UPM)

Notification Service:

Logging Service:

Common Audit and Alarm Service

�Work package 4: Universal Access To Services

Work package 6: Application services and Integration prototypes

Michel RIVEILL

Laboratoire I3S Polytech - Nice - Sophia 930 Route des Colles BP 145 F-06903 Sophia Antipolis CEDEX

Email : riveill at unice.fr

G�n�ralit�

Ressources en lignes

Laboratoire I3S
Polytech - Nice - Sophia
930 Route des Colles
BP 145
F-06903 Sophia Antipolis CEDEX