Service Brokers for the Internet

May 8th, 1998

Juhana Räsänen
Laboratory of Telecommunications Software and Multimedia
Department of Computer Science
Helsinki University of Technology
Juhana.Rasanen@tcm.hut.fi

Abstract

The requirements and the increasing commercial nature of the new types of services are calling for solutions that integrate user authentication as well as billing, access and resource control onto single platform. Such a platform would act as a middleman, or broker, between customers and service providers: service providers deploy the services to the broker platform, where the users are able to access them. This paper analyses the requirements for a broker platform and compares two approaches to the problem: MBroker(TM) by More Magic Software Inc. and Calypso platform by TCM Laboratory of Helsinki University of Technology.

1. Introduction
2. Service provision in the Internet
3. MBroker(TM) platform
4. Calypso platform
5. Conclusions
Glossary
References

1. Introduction

The heart of the Internet as of today is the worldwide connectivity provided by the Internet Protocol (IP), the ability to reach any part of the network in an unassured (UDP) or assured (TCP) manner. A number of application level protocols have been built on top of the TCP/IP protocol suite to implement different elementary services, such as e-mail, FTP, netnews, World Wide Web, etc. These services and their global nature have been the key factor in the success of the Internet.

The situation is changing, however. While the Internet is expanding and its bandwidth is increasing (even available bandwith per user), new kinds of commercial services are being introduced. These services differ from the elementary services mentioned above in the sense that they typically include user authentication, pay-per-use billing and need for QoS guarantees. This is a strong contrast to the "traditional" Internet, in which basically everything is accesible as soon as there is a connection to the network. This paper analyses the requirements for introducing such services and compares two different service broker platforms.

1.1. Definition of service

Service is definitely an overloaded word in the communications context. It can be used to mean various things, such as the service provided by a protocol layer to an upper layer (eg. assured data transfer), the service provided by a physical line in terms of bandwidth (eg. 1.5 Mbit/s T1 line) or the services provided by the Intelligent Networks (eg. freephone), for example. Thus it is necessary to define the meaning of service within the context of this paper.

The approach in this paper is end-user-oriented rather than network technology oriented, consequently also services are considered from the users' point of view. This means that the word service in this context means some useful application that - as the word itself implies - serves the user somehow and for which the user is willing to pay for. As an example, a 10 Mbit/s connection is not a service as such, but TV channel transmission over a 10 Mbit/s multicast connection would be a service. In other words, the user perceived service is the ability to access the content in question, not the bits themselves.

1.2. Examples of the emerging services

What are the new services outlined above? Many of them have already the first operational prototypes in the Internet, while some others are still on the idea level due to technological or economical reasons. Some examples are listed below, and while the list is by no means complete, some common properties can be seen, which are analysed in the next chapter.

Point-to-point calls: This includes both ordinary voice calls (Internet telephony) and video calls as the broadband version. Telephony over the Internet is becoming more popular as the available bandwidth begins to reach acceptable level. The immediate benefit comes from the fact that Internet connectivity is "free": customers pay flat rate or per-minute rate for the Internet access, but it remains typically the same regardless of the destination. In practise this means that any place of the world can be reached with the same fee - which is most likely much cheaper than the international call rates.
Media on demand: Media on demand is a wide category of services that range from digital newspaper delivery to video on demand. VoD has been a common service pilot in the broadband access network trials, but usually it has not won the acceptance of the customers - it is difficult to compete with a big video rental store in a limited scale trial. However, some other services like WWW newspapers and video clips have been more successful, and there is also potential in music delivery over the Internet. There are already a nubmer of commercial or freely available services offering news, music video and movie trailer video clips, eg. [2].
Multicasting: Multicast on the Internet trial (MBone) has been operational since 1992 and there is an IETF working group that concentrates on the deployment of Internet multicasting [3]. Currently MBone has mostly only experimental audio, video and whiteboard content, but it has proven the feasibility of a global-scale IP multicast network.
Multiuser games: Multiuser games are quite popular in the Internet today, and it is reasonable to expect them to become even more popular when households start to have broadband access to the Internet and the content of the games can include high quality graphics, sound and video. Although the purpose of the games is more often leisure and entertainment than serious use, their economical importance must not be underestimated. Also education especially in the foreign languages could benefit a lot of global multiuser games, because it is easy to find native speakers of almost any major language in the Internet.

2. Service provision in the Internet

Service creation and deployment in the Internet is currently an area under development. There is a plethora of all kinds of services available in the World Wide Web, but often they are relatively simple, even clumsy. They are also often selling tangible goods rather than digital content, which is a different market altogether. There is no standard way to advertise and market the services to the customers and there is no widespread electronic commerce standard for charging. One problem is also that the Internet today supports only best-effort traffic without any QoS guarantees, so demanding multimedia services suffer from inferior quality, which naturally affects the commercial feasibility.

These problems make the wide-scale deployment of the new services difficult, if not impossible. In this chapter the common properties and requirements of the future services are considered to create an idea of what kind of functionality a service broker platform would have to include.

2.1. Common properties of the services

All of the services in the above list have some properties that make them different from the elementary Internet services such as e-mail:

Charging: The new services are commercial in nature, which means that the service providers must be able to charge the customers for the service use. Charging flat rate or per-minute fee for the Internet access is not enough, but the third party service providers should also be able to charge the users.
Quality of Service: The new services almost invaribaly contain delivery of multimedia data that requires QoS guarantees for bandwidth, delay and delay variation. The QoS guarantees must be given for per-application flows, which requires connection oriented communication means over the Internet.
User interface: It is a clear trend that most services become available through World Wide Web using a browser rather than a custom application for each service. Especially the access to the service is carried out through WWW, even if the service itself would require a special plug-in application for the browser.

2.2. Service requirements

The properties above immediately imply some requirements for the service creation, deployment and execution environments:

Because the services are to be charged for, there must be an electronic commerce system that can be used for billing the users. There are various ways how the payment can be organised, such as purchasing the access rights in advance, billing the customer on a monthly basis or invoking an on-line electronic transaction at the time of the actual service access. It is desirable that the system is as widerspread as possible, so that the customers are able to purchase all services within a single system rather than having a number of different electronic wallets, for example.
The user authentication must be tied to the electronic commerce systems securely, so that using the service without payment or by paying from another user's account would be impossible. The authentication system should be as general as possible as well, because it is tedious to have a number of different electronic identities (such as username-password pairs or public cryptosystem keypairs). Ideally everything could be carried out using a single identity, such as a cryptographically strong identity key stored on a smart card.
The underlying network must be able to give QoS guarantees, such as fixed bandwidth for multimedia data, bounded delay for interactive applications and bounded delay variation for video and audio transmission. It must be possible to open service sessions that could be defined as virtual connections with desired QoS through the network, or the QoS must be guaranteed some other way (such as using priority classes for different types of traffic).
All of the above must be accessible from a browser-based interfaces. That is, it must be possible to carry out the purchase, payment, user authentication and QoS negotiations from a Java applet, for example.

2.3. TINA-C business model and service brokers

The notion of service brokers rises from the business model that is expected to develop in the future broadband networks. One description of such a model can be found in the TINA-C documentation [4]. The TINA-C business model describes different business roles, such as Consumer, 3rd Party Service Provider, Connectivity Provider, Retailer and Broker. Of these the interesting one is the Retailer, who acts as a middleman between Consumers and 3rd Party Service Provides. Note that the TINA-C term is Retailer, but in this paper the role in question is described as Service Broker. The TINA-C Broker role is somewhat different, providing all other business roles equal access to information that allows them to find services and other stakeholders.

Although it can be argued that the TINA-C architecture as a whole is overly complicated, telecommunications oriented and all-encompassing to be very useful in the Internet context, the business model and the role of the Retailer serves us well. The TINA-C documentation identifies the need for the Retailer coming from the fact that service production (such as producing a digital TV channel) and service offering for the customers requires different business setup and technical skills. The role of the Retailer is to take the burden of the technical service deployment from the service and content providers, to let them concentrate on their core business, the production of the actual service. In a way, the Retailer can be thought of as a supermarket of services.

The TINA-C business model lists a number of high-level requirements for the Retailer business role. These include authorization, user profile management, service connection and session management as well as billing data gathering. It can be seen that these match closely to the ones identified in section 2.2. above, thus the TINA-C Retailer role corresponds closely to the service broker. The technical implementation of the service broker is referred to as service broker platform. It is defined here as the programming environment in which the services are implemented and executed. The next two chapters describe two different broker platforms, one commercial and one from an academic research project.

3. MBroker(TM) platform

MBroker is a product concept of More Magic Software Inc. a software company in Innopoli, Espoo. The company is a spin-off from a research project CARDHU carried out in Telecommunications Software and Multimedia Laboratory of Helsinki University of Technology during 1996-1997. Their first product release is expected in the second quarter of 1998.

Although the documentation on the web page of MMS is rather scarce, it can be deduced that their product concept fits into the definition of a service broker platform outlined in the previous chapter. According to their product description MBroker implements the four essentials of electronic commerce: authentication, access control, billing interface and mass customization of the services. [5]

The authentication component of the MBroker binds the services to the existing user databases and authentication mechanisms, such as the Intelligent Network of the telecommunications world and RADIUS protocol framework used for the Internet access.
The access control component protects the actual service and ensures secure communications only for properly authenticated users.
The billing component provides various ways for billing the customer. It can be based on traffic metering, service usage time or service generated events.
The customization of the services is based on the user authentication, so that the service is able to customize its behaviour or offered content on a per-user basis, using the user identifier provided by the MBroker platform. The basic user profile, including preferred payment method and credit limit, is stored by MBroker and is delivered to the service. The idea of customized services is roughly the same as in the cookies generated by the World Wide Web servers, which enable the server to identify users. However, MBroker brings this idea further by linking the user identification to the stored user profiles of billing and payment information.

On the whole, the MBroker platform can be described as a network device of its own, placed in front of the actual server offering the content to the users. One possible configuration is to use the MBroker as an intelligent web proxy server capable on integrating user authentication, access control and billing to the web service. Another possibility is that an Internet Service Provider offers 3rd party service providers an unified platform for offering their services for the users of the ISP.

If these uses of the MBroker are related to the business model described above, it can be concluded that only the second case corresponds to the service broker business role, in which the broker and the service providers are distinct organizations. MBroker can be used also by the service providers themselves, but in this case they must be capable of managing the technology themselves. On the other hand, also the users lose some benefit, because from their point of view all service providers have their own access control to the service, and there is no single marketplace of services, which would be created by the service broker acting as a supermarket of services.

4. Calypso platform

Calypso in an ongoing research project in the Laboratory of Telecommunications Software and Multimedia of the Helsinki University of Technology. Its aim is to build a service execution platform for broadband access networks as well as to experiment with different kinds of services. The focus has not been exactly on service provision in the Internet, but as Calypso depends heavily on protocols and software developed for the Internet, the ideas of Calypso should be readily applicable in a pure Internet environment as well. [6]

The idea of Calypso is to bring the service execution close to the customers. It is expected that the introduction of broadband network access for the household consumer market will create a new kind of access network, the control architecture of which is the subject of interest in Calypso [7]. It is assumed in Calypso that the access network will be some kind of switched network -- whether this is ATM or fast routed IP with the concept of per-application flows is so far unclear, but in the prototype ATM has been used. The architecture itself is not ATM dependent however, so for example no ATM signalling is needed.

In Calypso the functionality of a service can be distributed freely between the actual server, service client running in the end user's terminal device and service agent executed in the access network node. The service components connect to each other using TCP/IP protocol stack as a transport, which enables the usage of almost any kind of distributed computing method, such as CORBA, Java RMI, etc. The need for the different components, especially the service agent, comes from the assumption that the network must be controlled on a per-service basis, that is, the resources must be reserved separately for each connection and access control must be employed prior to the opening of the connection. The Calypso architecture aims at keeping the user components as simple as possible, basically having only the visible user interface to the service. The logic of the service is contained in the service agent that is executed in the network nodes.

The principle of resource reservation prior to the session is not familiar in the traditional Internet environment, but the idea is currently being studied within IETF RSVP project [8]. Traditionally the resource reservation is done using a signalling protocol, but the problem with this is that the protocol itself limits things that can be expressed with it. Calypso solves this problem by defining only a generic transport protocol (IP) between the client and the agent, and the agent is given a broader API to the network. This way the agent can implement any kind of control functions and the interface between the client and the agent can be completely service-spesific.

4.1. Calypso TV distribution service

The services in the Calypso architecture are best described using an example. Calypso project has implemented two prototype services during 1997, the TV channel delivery service and the ISP service. The former is a method for delivering digital TV channels as multicast over a broadband network and the latter is a method for an ISP to offer Internet connectivity service for the Calypso customers.

The prototype of the Calypso TV distribution service is described in Figure 1.

Figure 1 The Calypso TV distribution service

The prototype consists of three components: the server that sends the TV programs, end user terminal that is used to view the programs and the ATM switch in between that is the Calypso access node. The TV "channels" are implemented as unidirectional point-to-multipoint ATM virtual channels that are used to carry MPEG encoded video streams directly over ATM AAL5.

The viewers may join and leave the streams at will. When the viewer application is started in a client machine, it connects to the service agent running in the Calypso switch controller. The service agent opens a virtual channel in the client's link and starts waiting for channel selections made by the user. When the user requests a channel, the agent joins the client's VC as a leaf to the multicast tree of that channel. When the user changes channel, the agent prunes the client's VC from the old channel and joins it to the requested channel; from the client's point of view only the content of the incoming VC changes. The client and the agent connect to each other using Java RMI (Remote Method Invocation) interface.

The TV service agent is executed in the Calypso Service Execution Environment (SEE) that is an object-oriented framework used to implement the different services. The framework provides the basic APIs that allow the services control the underlying network, in this case the TV service agent is able to allocate an ATM VC from the access switch. The central idea in the Calypso framework is that service providers would be able to implement their services using the programming environment defined by the Calypso architecture and that new services could be installed dynamically to the Calypso access nodes, after which they are available for the customers. Naturally a Calypso platform in a real-life environment would include billing and service management interfaces, but they are not implemented in the research prototype.

4.2. Calypso as a service broker platform

In Calypso the service execution platforms are assumed to be connected to the access nodes of the network, for example the ADSL concentrators or ATM switches closest to the customers. This is because the services executing in the Calypso nodes must be able to control the network (for example open connections) directly, and due to reliability and load balancing reasons it is better to distribute the service control functionality to the edges of the network rather than having a single point of failure and congestion. When this is related to the TINA-C business model, it is seen that the Calypso platform serves as a service broker platform, but the owner of the platform in the service broker business role is the network operator rather than some independent organization. This means that the service providers must comply with the environment defined by the network operator to be able to provide services for the customers of that particular operator. This may be a problem, but on the other hand, the access network operator always has a strict control over what kind of services are provided in its network. However, this doesn't prevent the service providers operating in the Internet from offering their services as before, but if they want to benefit from the authentication, access control and billing infrastructure offered by the network operator, they must naturally make a contract with the operator.

5. Conclusions

A need for a service broker was discovered. The purpose of the broker is to offer a unified platform for end user authentication, access control, connection resource reservation for QoS aware applications and billing data gathering to remove the burden of these technical details from the service and content providers. Two platforms fitting into this category were described.

MBroker(TM) is a commercial platform that is oriented to the electronic commerce in the Internet. It offers a way to protect a service in the Internet (such as a web site) by adding user authentication, secure access control and billing into the access of the service. The service providers are able to set up a MBroker server themselves or an ISP could offer the MBroker as a common platform for service providers. However, because MBroker is designed for the Internet of today, it cannot perform resource reservation for services requiring QoS guarantees. However, this is a property of the best-effort based Internet rather than the MBroker itself. Another property of the MBroker is that from the user's point of view there will not be a single marketplace for services, if there is a separate MBroker installation for each service provider. If the ISP offers the MBroker service for the service providers, the situation is different, however.

Calypso is a research project in which the purpose is to create a platform for service based network control. The idea is that the services are not controlled through a signalling protocol, but the functionality is distributed and the active entities in the network (service agents) are given an APIs to the network, so that they can set up and manage service sessions themselves.

When MBroker and Calypso are compared, it can be concluded that MBroker is a solution for adding authentication and billing to the current Internet services, whereas Calypso is a new way to distribute the intelligence of services to the network elements. MBroker can be seen as an access control oriented platform, but Calypso has a broader concept of flexible service session management in a connection oriented environment.

Glossary

AAL: ATM Adaptation Layer
ADSL: Asymmetric Digital Subscriber Line
API: Application Programming Interface
ATM: Asynchronous Transfer Mode
CORBA: Common Object Request Broker Architecture
FTP: File Transfer Protocol
IETF: Internet Engineering Task Force
MoD: Media on Demand
MPEG: Moving Pictures Experts Group
PSTN: Public Switched Telephone Network
QoS: Quality of Service
RADIUS: Remote Authentication Dial-In User Service
RSVP: ReSerVation Protocol
TCP: Transmission Control Protocol
TINA-C: Telecommunications Information Networking Architecture Consortium
UDP: User Datagram Protocol
VC: Virtual Channel
VoD: Video on Demand

References

[1]: Internet Telephony Consortium <http://itel.mit.edu/itel/>, March 1998
[2]: Sonera Medianet <http://www.medianet.tele.fi/>
[3]: MBONE Deployment Working Group <http://antc.uoregon.edu/MBONED/>, August 1996
[4]: Telecommunications Information Networking Architecture Consortium. TINA Business Model and Reference Points, Version 4.0 <http://www.tinac.com/97/bm_rp.ps> TINA Consortium, May 1997
[5]: More Magic Software Inc. MBroker product description <http://www.moremagic.com/products.html>, April 1998
[6]: Helsinki University of Technology, Laboratory of Telecommunications Software and Multimedia. <http://www.tcm.hut.fi/Research/CALYPSO/> Calypso project home page, March 1998
[7]: Koponen P., Räsänen J., Martikainen O. Calypso Service Architecture for Broadband Networks. Proceedings of the 2nd IFIP Conference on Intelligent Networks and Intelligence in Networks, (Gaiti D., ed.), pp. 73-82, September 1997, Paris, France
[8]: RSVP Project <http://www.isi.edu/div7/rsvp/>, April 1998