National Science Foundation
The dynamic nature of markets wherein business relationships are established and dissolved continuously demands systems that can cope with constant change, and do so with security paramount. These relationships are reified as services that are offered by organizations and used within a spectrum of domains and use contexts. Current service technologies fail to meet the requirements, however; interfaces are rigid, non-secure, and “one-size-fits-all solutions” which hardly meet the demands of any of its users. COAST, a novel architectural style based on code mobility and capability-based security, has been created as a response to these dynamic contexts, enabling the design and development of decentralized systems which are composed of flexible, secure, and on-demand services.
The World Wide Web evolved from humble beginnings to become a cornerstone of many facets of modern society, embracing activities as diverse as finance, communications, entertainment, and commerce. Our research lab has made fundamental contributions to the design and evolution of the Web, including the Representational State Transfer (REST) architectural style, the HTTP/1.1 protocol, WebDAV distributed authoring mechanisms, the ARRESTED family of REST-derived styles, as well as work on the Apache Web Server and the Subversion configuration management system.
As Web technologies evolved, however, innovations like Ajax, mashups, and Web Services pushed web applications beyond the constraints of REST, the style which captured the architecture of the web and which provided theoretical and practical guidance to system developers. Responding to this disparity, a set of theoretical principles called Computational REST (CREST) where articulated, which explained and extended the emerging importance of computational activity and transfer—as opposed to content exchange—between clients and services.
Through initial exploratory prototyping, it became clear that CREST was a distinct architectural style suitable for novel resilient, adaptive and decentralized systems. Our work on CREST evolved into COmputAtional State Transfer (COAST), which provides comprehensive principles founded on computational exchange to support the design of openly secure decentralized applications.
Decentralized systems are systems-of-systems whose services are governed by two or more separate organizations under distinct spheres of authority. Coordinated evolution of the various elements of a decentralized system may be difﬁcult, if not impossible, as individual organizations evolve their service offerings in response to organization and service-speciﬁc pressures, including market demand, technology, competitive and cooperative interests, and funding. Consequently, decentralized services offer unique challenges for evolution and adaptation that reach well beyond any one single organizational boundary. Decentralization is then precisely at the heart of COAST principles, where parties communicate asynchronously through messages and security is a core aspect of every COAST system.
In decentralized ecosystems, efforts on the part of service providers to vary, evolve, and tailor content-based service interfaces and semantics in favor of particular service consumers simply will not scale. Thus client-driven service customization and tailoring is a powerful tool for meeting conﬂicting, independent client demands in an environment where disorderly and uneven service evolution predominates. COAST combines mechanisms from software architecture, cryptography, security, and programming languages, granting application architects ﬂexible provisioning of their core assets and services while protecting them from attack and misuse. Providers create ﬁne-grained and general service interfaces and consumers orchestrate those interfaces to produce exactly the services they require.
Services and communication which span organizational boundaries demand that security be everywhere always. COAST relies on two security principles: the Principle of Least Authority (POLA)—security is a cross-product of the authority and the rights given to a principal—and capability-based security—where unforgeable references confer both authority and rights. Security in COAST is provided through unforgeable references to services that include access control semantics along with contained and autonomous environments hosted by the service provider to serve disparate (in nature, authority, and rights) service requests.
Principled System Design
In COAST, all services are computations whose sole means of interaction is the asynchronous messaging of closures, continuations, and binding environments (a map of name/value pairs). All computations are confined by some execution site <E,B> where E is an execution engine and B a binding environment. All computations are named by Capability URLs (CURLs), an unforgeable, untamperable cryptographic structure that conveys the authority to communicate. Therefore, computation x may deliver a message to computation y if and only if x holds a CURL uy of y. The interpretation of the message delivered to y via CURL uy is uy-dependent.
To facilitate the construction of COAST applications, we provide a platform which consists of MOTILE—a mobile code language which enforces key constraints on the use and migration of capability—and ISLAND—a peering infrastructure for MOTILE computations. MOTILE provides the mechanisms to create computations—implemented as actors—the CURLs which reference those computations, and the binding environments that provide the lexical scope for COAST computations. ISLAND is a peering infrastructure to host, locate, protect, and execute MOTILE computations.
In practice, MOTILE and ISLAND support the creation and use of services by independent parties by allowing computations—service users and service providers—to securely exchange messages that may include closures to be executed within the boundaries of the provided service. These closures may be composed—and therefore customized—based on the bindings (functions, data structures, and primitive values) provided by the service. CURLs along with which messages are sent provide the service access semantics that any given user is entitled to.
COAST is appropriate for building applications in any domain so long as people and organizations depend on each other to obtain services and co-operate, benefiting the most those which are highly dynamic and critical. Examples of such domains are disaster response, e-commerce, supply chain management, automated negotiation, financial services, adaptive robotics, and so on.
We have created COASTcast, a prototype application for sharing and manipulating real-time decentralized HD video streams which demonstrates that COAST can be used to distribute real-time data throughout a service topology that may be dynamically reconfigured via computation exchange. COASTcast implements high-definition video streams, from camera to display, as collaborating video services. A single stream may cross multiple organizations: real-time HD video cameras, encoders, decoders, publication/subscription relays, user interfaces, and displays may reside and be moved across many distinct islands, each potentially managed by a separate organization.
In addition, we are in the process of building COASTmed, a notional electronic health record management system which explores the balance between user-side service customization and providers’ discretionary, customer-dependent openness to their services. On one hand users such as patients, doctors, government agencies, an other parties in the domain may access and manipulate the information they are entitled to for different purposes. On the other, providers are empowered to protect medical information from malicious parties and from those who simply do not have the authority to access certain information by issuing diverse CURLs to users that convey different rights and authority to use services.