\chapter{Service Management} \label{ch: servicemanagement} \section{Services in the Network} \label{sec:services_network} Today Internet has many services, such as files transfer with ftp, WWW-pages, IP telephony, multimedia services etc. In the future the amount of services will increase, for example Video on Demand (VoD) services will become available and easy to use; mobile need will become important. \subsection{Services} \label{subsec:services} According to Kong, Chen and Hussain: "A service is anything that a service provider determines that customers will wish to purchase and that the service provider is willing to supply." ~\cite{c10} Another service definition: "A service is a set of functions offered to a user by an organisation." ~\cite[page 889]{c16} More service definitions: "A service is an application with a well-defined interface and functionality." ~\cite{c4} Service is defined in ITU-T and ISO systems management documents: "An abstract concept that includes the behaviour of a service provider as seen by a service user. Alternatively, the service definition includes a set of capabilities provided to a service user by a service provider. Service definition does not include the internal behaviour of a service provider." ~\cite[pages 82--83]{c34} Massive IP network gets more customers, because more services will be available for customers. This has raised the importance of service management. In history the technology orientation has placed products and equipment ahead of the services. Today customers want reliable and easy use of services. For example, the customers do not want to use different login names and passwords when connecting to services. Microchips cards could be a method used to identification and authentication. \subsection{Massive IP Network and Convergence in Telecommunications} \label{subsec: Massive IP Network and Convergence in Telecommunications} Internet is popular as the basic infrastructure in providing world-wide distributed services to end-users. The Internet is open and distributed environment which allows different types of service providers to provide different types of services on the network~\cite[page 22]{c10}. Massive IP network includes the Internet, but also Cable television (CATV), telecommunication networks, such as Public Switched Telecommunications Network (PSTN), Integrated Services Digital Network (ISDN), Intelligent Network (IN), and mobile systems. However there are two other important network technologies which make new services available: wireless transmission on radio frequencies, and microwave satellite transmission. Telephone companies are interested in delivering non-telephone services to end-users. CATV providers are interested in telephone and Internet services as well as Video on demand (VoD) services. These companies believe that cost savings are possible through value-added services. Also, the number of end users is increasing. These users have unique interests, and because of their interests, they require different services from the service providers. ~\cite[page 129]{c13} The CATV industry is migrating to a digital transmission technology, in order to increase the number of TV channels and services available to the end users. To provide new services, such as VoD and interactive TV, the CATV industry is designing bi-directional networks. End-users are connected to video servers, and they can select the video program, and the video program is sent over the network to the user~\cite[pages 16--19]{b3}. The differences between telephone, computer, and CATV networks are still great. However, each type of network is now able to provide services that were originally from other networks. This tendency is convergence~\cite[page 20]{b3}. Media industry, telecommunication industry and computer industry are converging. Media industry produces the content, for example entertainment and publishing. Computer industry produce equipment and applications, which can make this content available for everyone. Telecommunication industry, both fixed and mobile, produces the connections to networks. See Figure~\ref{fig:convergence} ~\cite{c25} \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/convergence} \caption{Convergence~\cite{c25}} \label{fig:convergence} \end{center} \end{figure} \subsection{Service Providers} \label{subsec:service Providers} Service providers here are companies that provide services as a business on the network. Service providers operate on the network, or they integrate the services of other provides in order to deliver services to their customers. Service providers are increasingly using Service Level Agreements (SLAs) to define agreements for sharing resources with partners, as well as for offering service quality guarantees to customers. These SLAs contain details of information that is shared and service level guarantees that are offered by the service provider~\cite{c2}. Service providers offering reliable services in a cost-efficient way will succeed. Service users do not use services that are not operating properly. Cost-efficiency means that service providers can easily add new services or update old services. \subsection{Service users} \label{subsec:services users} Service users are often called end-users or customers. Service providers have to fulfil end-user needs before the end-user uses any services. The service users want that the user interfaces of the services are logical and easy to use. They also expect that the connection and the billing are reliable, installations are easy and software products are good. \section{ Telecommunications Networks} \label{sec: Telecommunications Networks} Telecommunication networks are mentioned here as background for hybrid services. Hybrid services are services available from different networks. In chapter ~\ref{subsec: hybrid } is written more about hybrid services. \subsection{ TMN service platforms} \label{subsec: TMN service platforms} According to Udupa~\cite[pages 4--5]{b34} Telecommunication Management Network (TMN) has an expanding role when telecommunications, computers, and TV are integrating. More services are being added to the traditional telephone services by telephone service providers. This complex and diverse equipment makes controlling networks and resources difficult. TMN specifies a layered architecture for management of telecommunications networks. TMN is concerned with the monitoring, control, and coordination of resources in telecommunications networks. Resources are components of the system that provides services. These resources can be software, hardware or customers. The telecommunications networks include the advanced intelligent networks (AIN) as well~\cite[page 6]{b34}. TMN layers are~\cite[pages 19--20]{b34}: \begin{itemize} \itemBusiness management layer \item Service management layer \item Network management layer \item Network element management layer \item Network element layer \end{itemize} The focus of this thesis is on the service management layer. The service management layer provides the customer interface. It performs functions such as service provisioning, opening and closing accounts, resolving customer complaints, including those related to billing, fault reporting, and maintaining data on quality of service (QoS). The service management layer functions do not include the management of physical layer~\cite[page 20]{b34}. \subsection{ Intelligent Network Service Platforms} \label{subsec: intelligent_network} Modern switches in the telephone networks are programmable computers, which makes them very flexible. A configuration of the switch can be modified by sending instructions to the switch. In modern switches, the control is separated from the hardware that executes the elementary switching operations. This separation of control and basic operations is also in the other network elements. The separation enables telephone companies to develop their own services and implement them on switches and other network elements~\cite[pages 181--182]{b3}. Intelligent Network (IN) is the name given to this network of programmable elements, organised to facilitate introduction of new services. Telephone companies have implemented their own version of IN. Also wireless network operators have implemented IN for mobile subscribers. The capability to implement new services that IN offers to a telephone company can in part be delegated to customers who can use the capability to design their own services~\cite[pages 181-182]{b3}. A simple example of service in the IN is the plain old telephone service (POTS). POTS is the basic telephone call service. Another example is the call forwarding service, which allow customer to instruct to mobile phone instead of the dialled phone. This instruction is stored in the database. The database responds to request by providing the instructions that switch must follow to handle the call. The telephone network can implement such services because the controls are separated from the actual operations of the switches~\cite[pages 181--182]{b3}. \subsection{ TINA-Compliant Service Management Platform} \label{subsec: tina-compliant} Telecommunication companies are coming to new business areas like the Internet and multimedia. New technology is emerging, and this is putting a lot of pressure on service providers to deploy new services quickly and to keep up with customers expectations. Introduction of new services in the existing telecommunication networks can be very difficult~\cite{c18}. The Telecommunications Information Networking Architecture (TINA) was developed to allow service providers to build, deliver and manage new multimedia services quickly and easily. This architecture includes generic software components, which should allow software reuse, and specified interfaces should enable interoperability across a range of platforms. The reuse of generic software components allows faster service creation in this service management platform~\cite{c18}. TINA is a software architecture for provision of telecommunication and information services. It has a number of parts, one of which is the definition of a business model. The business model breaks down into roles: consumers, retailers and service providers. A consumer uses PC to contact a retailer for any service which is desired, for example a video-on-demand service, electronic shopping or video conference. The retailer provides the service which may be obtained from a third party service provider~\cite{c18}. In the TINA architecture business domains interact at standard reference points. These reference points are carefully specified. The reference point between the consumer and the retailer needs to be standardised to enable consumers to select any retailer of their choice, to have the option of using more than one retailer at a time, and to move to another retailer at some future time. The retailer reference point is called Ret. Ret describes interactions which can take place between the consumer and the retailer. See figure 4~\cite{c18}. \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/simplified_tina} \caption{ Simplified TINA business model~\cite{c18}} \label{fig: simplified_tina} \end{center} \end{figure} The TINA service architecture defines a set of concepts and principles for the design, implementation, usage and operation of telecommunication services. Services are based on sessions. TINA defines an access session, usage session and other sessions. The reference point Ret is divided into two parts: Ret access and Ret usage. Ret access initiates a dialogue between the consumer and the retailer, establishes a secure association, exchanges domain information to make sure that the appropriate equipment and software are available for using services and allows services to be requested according to a subscription contract. Ret usage allows the end user to use any selected service~\cite{c18}. \section{Service Management} \label{sec: servicemanagement} Growing services (such as e-commerce, web hosting etc.) are being deployed over an infrastructure that spans multiple control domains. These end-to-end services require co-operation in internetworking between multiple organizations, systems and entities. Service providers need to deploy interoperability, distributed scaleable architectures, integration and automation of network management systems. The management system must make management easy and flexible to service providers. The management system must also make service providers operations and end goals easier~\cite{c2}. Service providers need to find new and effective ways to~\cite{c4}: \begin{itemize} \item Deploy services more quickly \item Deliver guaranteed services through service-level agreements (SLA) \item Evolve from reactive network management to proactive service management \item Reduce costs by automating network and service management. \end{itemize} Currently, there are no standard mechanisms to share selective management information between the various service providers or between service providers and their customers. Such mechanisms are necessary for end-to-end service management and diagnosis as well as for ensuring the service level obligations between a service provider and its customers or partners~\cite{c2}. \subsection{Security management} \label{subsec:securitymanagement} Basic security services that are defined in ITU-T (International Telecommunication Union - Telecommunication standards) Recommendation X.800 are: \begin{itemize} \item \textbf{Access control} The property of controlling network and computer resources in such way that only legitimate users can access them within their limits. One approach is to attach to an object a list which explicitly contains the identity of all permitted users (an Access Control List (ACL))~\cite{rfc2196}. Access control tools are discussed on page~\pageref{subsec:accesscontroltools}. \item \textbf{Authentication} The property of knowing that the data received is the same as the data that was sent and that the claimed sender is in fact the actual sender. Several authentication techniques have been developed, for example technologies that provide passwords that are only used once (commonly called one-time passwords), and Kerberos. Kerberos is software designed and developed at Massachusetts Institute of Technology (MIT) to perform distributed authentication in an open network environment. \item \textbf{Confidentiality} The property of communicating so that the intended recipients know what was being sent but unintended parties cannot determine what was sent. Encryption is commonly used to provide confidentiality. \item \textbf{Integrity} The property of ensuring that data is transmitted from source to destination without undetected alteration. One way to provide integrity is to produce a checksum of the unaltered file, store that checksum offline, and periodically (or when desired) check to make sure the checksum of the online file hasn't changed (which would indicate the data has been modified)~\cite{rfc2196}. \item \textbf{Non-repudiation} The property of a receiver being able to prove that the sender of some data did in fact send the data even though the sender might later desire to deny ever having sent that data~\cite{rfc1825}. \end{itemize} Effective security management must be involved in all steps of data storage and transfer process. Logs are important security tools and therefore security management is involved with the collection, storage and examination of the audit records and security logs. Increasing the level of network security will affect to the openness of the system and to the cost of maintaining the network. \subsection{Authentication and authorization} Almost all applications utilize user information and presume an authentication of users. Authorization is determining whether an identity is permitted to perform some action, such as accessing a resource~\cite{b15}. Passwords, smart cards and certificates are used to authenticate a user. A user may have a right to use more than one name and identities established by multiple organizations (such as universities and scholarly societies). There might be an advantage if all the user information is available in same directory. All the applications could then use the same information. Users have to log in only once to be able to use all the services and resources~\cite{b17}. There are some basic requirements for authentication~\cite{b15}: \begin{itemize} \item Access management solution needs to work at a practical level, \item The solution needs to be secure \item It should make access easier, minimizing redundant authentication interactions and providing user-friendly information resources, \item It needs to scale, \item It needs to be robust, for example, a forgotten password should not be an intractable problem, \item It must be able to recognize the need for a user to access a resource independent of his or her physical location (for example, a user must be able to connect to the internet via a commercial ISP, a mobile IP link, or a cable television Internet connection from home), and \item There should be a simple and well-defined (standard) interface between resource operator and licensing institution. \end{itemize} The basic access management problem is licensing agreements for networked information resources. The situations where institutions agree to share limited access are difficult. There is a need for fine-grained access control where institutions want to limit resource access to only individuals registered for a specific class, for example, when a class may be offered to students at multiple institutions. At present, most access to network information resources is not controlled on a fine-grained basis. There is a danger that by accommodating all the needs for fine-grained access management into the basic access management mechanisms will produce a too complex and costly system~\cite{b15}. Management data represents a problem in the current access framework. The problem is the conflict between private and public data. Most of the data has to be sorted out at the institutional policy level and it may involve making sacrifices in order to ensure privacy. Some institutions may be legally limited in their ability to collect certain management data. Proxies and credential-based authentication (the user presents a credential to the operator as evidence that he or she is a member of the user community) schemes seem to be viable. Proxy servers will become a focal point for policy debates about privacy, accountability and the collection of management information. Successful operation of a proxy server means that the user trusts the licensee institution to behave responsibly and to respect privacy. A cross-organizational authentication system based on a credential approach has the advantage of greater transparency. Resource operators can have a higher level of confidence in the access management mechanisms and a greater ability to monitor irregular access patterns. Privacy, accountability and collection of management statistics must be taken up for discussion among a larger group of parties. An institution might choose to manage access by IP source address. IP source filtering means that packets are filtered on the basis of their source address. It does not seem to be a viable solution for access management. However, it may be very useful for some niche applications, such as supporting public workstations. It could be used more widely, although it cannot support remote users flexibly in its basic form. Most real-world access management systems are going to have to employ multiple approaches and IP source address filtering is likely to be one of them~\cite{b15}. \subsection{Security problems of Internet} The list below describes the security problems in the current Internet. \begin{itemize} \item \textbf{Weak authentication} Passwords on the Internet can be cracked by a number of different ways. The two most common methods are cracking the encrypted form of the password, and monitoring communications channels for password packets. Another problem with authentication results from some TCP or UDP services being able to authenticate only to the granularity of host addresses and not to specific users. For example, an NFS (UDP) server cannot grant access to a specific user on a host, it must grant access to the entire host. The administrator of a server may trust a specific user on a host and wish to grant access to that user, but the administrator has no control over other users on that host and is thus forced to grant access to all users (or grant no access at all). \item \textbf{Ease of spying/monitoring} When a user connects to his or her account on a remote host using TELNET or FTP, the user's password travels across the Internet unencrypted. Another method to break into systems is to monitor connections of IP packets bearing a username and password, and then use them to login normally. If an administrator-level password is captured, the job of obtaining privileged access is made much easier. Electronic mail, as well as the contents of TELNET and FTP sessions, can be monitored and used to learn information about a site and its business transactions. Most users do not encrypt e-mail, yet many assume that e-mail is secure and thus safe for transmitting sensitive information. The increasingly popular X Window System is also vulnerable to spying and monitoring. The system permits multiple windows to be opened at a workstation. Intruders can sometimes open windows on other systems and read keystrokes that can contain passwords or sensitive information. \item \textbf{Host-based security does not scale} Host-based security does not scale well: as the number of hosts at a site increases, the ability to ensure that security is at a high level for each host decreases. Secure management of just one system can be demanding, managing many such systems could easily result in mistakes and omissions. A contributing factor is that the role of system management is often short-changed and performed in haste. As a result, some systems will be less secure than other systems, and these systems could be the weak links that will break the overall security chain~\cite{b40}. \end{itemize} \subsection{Customer Care and Billing} \label{subsec:ccb} Customer care and billing (CCB) processes have been traditionally kept as a back ground process. Those have not been taken as the key function in the business. Today customer care and billing are one important part of making profit. Good customer care and billing make able to get more profit, better customer relationships, and competition advantage. Today succeeding in the market depends more on the quality of product and service than just the price. 1980's was product oriented time in the telecommunication and data transfer market, while now customer orientation is leading. Marketing to the customers is one of the key component to success as well as the ability to sell more and the ability to high quality customer care. Also it is important to get the products quickly to the market, and to be able to support existing and new services. A good customer care and billing system has to be flexible enough to fulfil these criterions~\cite{c7}. Even electronic commerce depends on customer relationships says Lester Wanninger, professor at the University of Minnesota. It is important to teach how to make good customer relations for people going to start electronic commerce. Also in electronic commerce a company and a customer should handle all the communication channels. Electronic commerce has to implement functional processes of the company, information systems, databases, and other channels. It is important customer gets the same service from any service channel of the company. Easy use brings more value to the customer. Also, in electronic commerce the customer buys again only if the customer gets what was promised. WWW-pages can have effect on attitudes, intends, and shopping habits. High quality information, easy use, and new experiences, binding customers to services. Traditional media, such as TV, radio, and printed media are good in getting new customers, while the Internet is good in keeping old customers~\cite{c9}. \textbf{Customer Care} Customer care means maintaining customer services and customer relationships and answering routines, for example Help desk functions. Customer care links to the level of the offered service and the connection with the service level and the price of the service~\cite{c26}. Customer care deals with processes needed to deliver services to customers, such as order handling, problem solving, performance reporting, and billing. Good customer care system makes able to provide current and accurate information to the customers. It helps in delivering services when promised and resolving problems quickly and keeping customers informed of the status, for example order. It also makes able to meet stated service level agreements (SLAs) for performance and availability, and providing accurate billing in a format that customer wants. This all ensures that the customer gets good service from the service provider. The automation of customer care enables better services and cost savings. The service provider's Help desk can see all the information needed quickly, and then he or she can answer to the customer. Also new services can be implemented and delivered to the customers easily when customer care processes are automated. Service providers can use the same methods to all services, when customer care processes are automated. \textbf{Billing} Internet is becoming able to support heterogeneous applications and services to a diverse user community. Delivered services must be billed. In the future we want to know, who is using the network, what the network is being used for and when the network is being used~\cite{c11}. Pricing mechanism will be necessary in order to manage the quality of services (QoS). Accounting and billing systems must be reliable, scaleable and have high performance, and offering flow-through operation from the other systems. According to Busse~\cite{c3} accounting system should fulfil the basic requirements: \begin {itemize} \item cost effective, performant, transparent \item up-to-date information \item customer configurable \item secure \end{itemize} To be cost effective, the accounting system should be highly automated, based on standards, and easy to interact with. It should provide a reasonable response time. The whole accounting process should be transparent to the customer. The accounting system should provide up-to-date information, i.e. it has to minimize the time needed to process the usage information from the network elements or other service providers. This is important especially when real-time information should be provided to the customer order status. The accounting system should be configurable according to customer preferences for example with respect to the tariff, the billing cycle, the details of the bill, local currency and taxes, the format in which the bill is expected, and the method of payment. The accounting system should fulfil strong security requirements: identification, authentication, access control, confidentiality, integrity, and auditing. \textbf{Accounting process} (see figure 3): \begin{itemize} \item \textbf{Tariff negotiation} The customer and the service provider negotiate the tariff during the subscription and service profile configuration phase. Usually the customer picks one of the standard tariff offered by the service provider. \item \textbf{Usage metering} The service provider meters the usage of the resources during the operational phase. This includes the orders of the customers and the actual usage of the network. Counters are collected from the network resources. \item \textbf{Charging} The tariff and usage information are combined and the charge is computed. This can be done directly after the connection was released, or regularly in order to prepare the bill. \item \textbf{Billing} The customer usually gets regular bills, e.g. once a month. The charging information of the period is collected and combined in a bill. Taxes are added. The customer will then be notified and the invoicing process will be triggered. \item \textbf{Invoicing} Within the invoicing process the system keeps track of the payment status of the bills of each customer. The customer can pay the bill how he/she wants. \end{itemize} \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/ Accounting_process} \caption{Accounting process~\cite {c3}} \label{fig: accounting_process} \end{center} \end{figure} \textbf{Payment mechanisms} Internet payment mechanisms can be grouped into three classes: electronic currency systems, credit-debit systems and systems based on secure presentation of credit card numbers~\cite{c14}. Collecting and rating usage, tracking services, managing inventories and reconciling invoices are key features of accounting systems~\cite{c11}. The safety issues are under discussion. Some payment mechanisms are totally anonymous and payers can not be tracked (such as E-cash -- electrical purse, where you load money and pay with it). The principal advantage of electronic currency is its potential for anonymity. The disadvantage is the need to maintain a large database of past transactions to prevent double spending. In the credit-debit model (like NetCheque system), customers are registered with accounts on payment servers. Customers authorize charges against those accounts. The credit-debit model is audible. Once a payment instrument has been deposited, the owner of the debited account can determine who authorized the payment, and that the instrument was accepted by the payee and deposited~\cite{c14}. Some payment mechanisms are based on credit cards (such as CyberCash). Information is often shared with owner of the credit card, payment service provider and the credit card company. The owner of the credit card does not need to give his credit card number to the merchant without encrypting it. A customer's credit card number is encrypted using public key cryptography. The merchant has a message that it cannot read completely but which authorizes the purchase. The merchant adds his identification information and sends it to the CyberCash server. The entire message is digitally signed by the merchant to prevent tampering in transit. The CyberCash server unwraps the message and creates a standard credit card authorization request. The CyberCash server then forwards the request to the appropriate bank or processing house for authorization and returns the result to the merchant. The advantage is that the customer does not need to be registered with a network payment service; all that is needed is the credit card number~\cite{c5}. \textbf{Demands of electronic payment} Internet payment system should be secure, reliable, scalable, anonymous, acceptable, flexible, convertible, effective, easy to integrate with applications and ease to use. An anonymity is more important in some communities or for certain kinds of transactions, than they are in other communities~\cite{c14}. \begin{itemize} \item \textbf{Security} The infrastructure must be usable and resistant to attacks in an environment where modification of messages is easy. \item \textbf{Reliability} The infrastructure must be available and should avoid failures. \item \textbf{Scalability} The payment infrastructure must be able to handle the addition of users without suffering loss of performance. \item \textbf{Anonymity} For some transactions, the identity of the parties to the transaction should be protected. Where anonymity is important, the cost of tracking a transaction should outweigh the value of the information that can be obtained by doing so. \item \textbf{Acceptability} A payment instrument must be accepted widely. \item \textbf{Customer base} The acceptability of the payment mechanism affects the size of the customer base. \item \textbf{Flexibility} Alternative forms of payment are needed. The payment infrastructure should support several payment methods including credit cards, personal checks, cashier's checks and anonymous electronic cash. \item \textbf{Convertibility} There will be several forms of payment, providing different trades. \item \textbf{Efficiency} Royalties for access to information may generate frequent payments for small amounts. Applications must be able to make these "micropayments" without noticeable performance deterioration. \item \textbf{Ease of integration} Applications must be modified to use the payment infrastructure in order to make a payment service available to users. \item \textbf{Ease of use} Users should not be constantly interrupted to provide payment information and most payments should occur automatically. Users should be able to limit their losses and monitor their spending. \end{itemize} Threats of misusing electronic currency can lead for example to dept (unpaid bills), forgeries, unauthorized payments on behalf of another person, double purchases (order twice -- pay once), refusal of payments and unsuccessful deliveries. \textbf{Future billing requirements} Some of the requirements of the new billing systems include~\cite{c24}: \begin{itemize} \item Real-time react to market activities \item Flexible billing formats and media to meet customer demands \item Flexible rating engine that allows discounting \item Integrated billing, which includes charges from third-party providers \item Well-defined interfaces to allow easy integration and data sharing between business systems and the billing system. \item Pre-paid services: Customers change to pre-paid service, so customers' loyalty to service provider will become more difficult to check. Customers can easily change the service provider, because they can easily buy new pre-paid services from any other service providers. \item Fraud and bad dept: Cheating and lost income remains a problem. CCB systems can help to get over and to prevent cheating. \item New technologies such as certificate based authentication will open more accurate and faster charging for the services. \end{itemize} \subsection{Accounting management} \label{subsec:accountingmanagement} Accounting management deals with information that concerns individual users, including following issues: \begin{itemize} \item \textbf{Usage measurement} Usage measurement is collecting data for charging, and processing the data. It has to be reliable, and sometimes it has to be done in real time. \item \textbf{Tariffing/pricing} A tariff is a set of data used to determine the charges for services used. It depends on the service, origination and destination, tariff period, and day. \item \textbf{Collections and finance} This includes administration of customer accounts, informing customers, payment dates, payment amount, and collection of payments. \item \textbf{Enterprise control} Enterprise control is responsible for proper financial management of an enterprise. It includes identifying and ensuring financial accountability of officers. Also checks and balances needed for financial operation of an enterprise are included~\cite[pages 64--66]{b34}. \end{itemize} A system, which generates data for accounting purposes, is called an accounting management agent. Accounting managers are systems, which interrogate accounting management data or obtain it in other ways. If accounting management is distributed across various systems, all systems may be required to control their own area themselves. Furthermore, a system may request information from other systems in order to square its accounts~\cite[pages 188--189]{b42}. Accounting data is sensitive information. The collector must provide confidentiality at the point of collection, through transmission and up to the point where the data is delivered. The delivery function may also require authentication of the origin and the destination and provision for connection integrity (if connections are utilized). Security services can be provided for example by SNMPv3\footnote{See section~\ref{sec:snmp} for Simple Network Management Protocol (SNMP).}. \subsection{Internet pricing} Internet pricing contains four basic elements (see figure~\ref{fig:pricing}). An access-fee is usually a monthly charge for using an access link of the network. The price depends on the capacity of the link. Setting up connections or making reservations can be charged separately. Usage-fee can be used to charge services on time-, volume-, or QoS-basis. This fee determines the actual resource usage of a customer. Content-fee depends on the application content. It may be omitted (e.g., telephony, fax, e-mail services where the content is provided by the user), billed separately (e.g., Helsingin Sanomat on-line edition), or integrated into the telecommunications charging system (e.g., commercial 0900 numbers in Finland)~\cite{b47}. \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/pricing} \caption{Components of Internet pricing~\cite{b47}} \label{fig:pricing} \end{center} \end{figure} The current pricing model is based on an assumption of a single best-effort service model that provides similar service to all customers. Service provider and customer do not have a direct control over the actual service in terms of parameters determining volume, connection time\footnote{Connection time for connectionless communications would be difficult to measure (except for dialup access).}, and QoS. Accounting is usually based on mechanisms offered by commercially available routers and switches. The most commonly used approach employs packet filtering and statistical sampling. However, it is difficult to charge for usage-based traffic since the granularity of these methods is too coarse and the measurement overhead significant~\cite{b47}. Another problem concerning accounting data collection in routers is whether packets should be counted on entry to or on exit from a router\footnote{The nature of IP is that not every packet received by a router is actually passed to an output port, but can be discarded for example at times of congestion.}~\cite{rfc1272}. For volume measurements the IETF Real-time Traffic Flow Measurement (rtfm) working group has proposed standards to meter flows and to distribute this accounting information via SNMP~\cite{b47}. The Remote Authentication Dial-In User Service (RADIUS) is a protocol specified by the IETF radius working group. It helps managing the Internet access links. Since these links are sensitive to security and accounting, a protocol is provided to authenticate dial-in users and negotiate configuration data. RADIUS services are implemented by most router manufactures. Accounting data can be collected on a time-, packet-, or octet-basis for a particular service~\cite{b47}. \subsection{Managing New Services} \label{subsec: new_services} Managing new services means development of new services and taking care of the economic use of the network. For example implementing a cost-effective service quickly, and guaranteeing the specified service level to all end-users. End-to-end service process automation improves the accuracy and speed of a task while also freeing personnel from routine jobs. The advantages of automating end-to-end service process are in cost reduction and in improved customer service. Today all service providers have to create their own services in the Internet. Same services are created in many different ways, because there does not exist any one method to create new services in a way these services can be reused and modified. \subsection{ Problems in Service Management } \label{subsec: problems} There are unresolved questions in service management: \begin{itemize} \item How can management information be shared across administrative domain boundaries in a secure way? This capability is important when a service is composed of components from several service providers. \item How to get measurable aspects from Service Level Agreements (SLAs)? It is unclear how a legal service level agreement document is translated into a measurable specification that can be automatically monitored for compliance. \item How to define metrics and their bounds for service compliance? There are no recommendations and policies to define what metrics are and how their values are computed. \end{itemize} \section{Service Provision} \label{sec: service_provision} Competition is increasing in service provision. Customer satisfaction is becoming important for service providers. One of the most critical problems faced by service providers today is managing of changes. The ability to focus deployment of new services and network technologies requires a new level of management flexibility to support a new level of customer care. Competitive advantage for service providers will depend on the ability to rapidly deliver end-to-end service solutions. A key management question is to meet these challenges. Service providers have to optimize their service management to meet business and customer needs~\cite[page 701]{c6}. \subsection{Life Cycle of Services} \label{subsec: lifecycle} Services are usually implemented when needed in IP networks. Service providers do not have reusable service platform models, so they have to implement services always again. Service providers have their own service processes, which can be incompatible with other service providers systems and might be made with incompatible software, for example Java applets can cause problems. \subsection{WWW Service Platforms} \label{subsec:platforms} The World Wide Web (WWW) is an architecture for sharing information. The WWW provides a hypertext system linking people, computers, and information around the world. The WWW consists of information servers and client browser programs, linked together by a set of standards and agreements. The user runs the browser to access WWW servers, which deliver information to the requesting browser~\cite[pages 87--88]{c23}. The key components of the WWW architecture are the Uniform Resource Locator (URL), the Hypertext Transfer Protocol (HTTP), and the Hypertext Markup Language (HTML)~\cite[page 88]{c23}. URLs provide standardized specifications for objects or resources located on a network, detailing both the network address of the object and the protocol to be used to interact with that object. For example, the URL for various types of resources look like this: \begin {table}[htb] \begin {tabular}{|c|c|}\hline \textit{Service} & \textit{Uniform Resource Locator (URL)}\\\hline \textit{Anonymous File Transfer} & \textit{ftp://ftp.frack.com}\\\hline \textit{Hypertext Transfer} & \textit{http://www.frack.com}\\\hline \textit{Remote Login} & \textit{telnet://frack.com}\\\hline \textit{Gopher Retrieval} & \textit{gopher://gopher.frack.com}\\\hline \textit{Wide-Area Info Service} & \textit{wais://wais.frack.com}\\\hline \textit{Usenet News} & \textit{nntp://news.frack.com}\\\hline \end {tabular} \end {table} The URL is an enhanced Internet address. WWW clients use the URL to find an object on the network and select the proper protocol for interacting with that object~\cite[pages 88--89]{c23}. The HTTP is a connection-oriented protocol designed for the rapid transport of files consisting of a mixture of text and graphics. HTTP uses an object-oriented protocol consisting of simple commands that support negotiation between the client and the server. This negotiation allows WWW browsers and servers to develop independently of emerging technologies because the negotiation process established a common basis of communication between the client and the server~\cite[page 89]{c23}. A universally understood language is needed when publishing information for global distribution. The publishing language used by the World Wide Web (WWW) is HyperText Markup Language (HTML)~\cite{c28}. HTML is a standardized document tagging language, based on the Standardized Generalized Markup Language (SGML) ~\cite[pages 89--90]{c23}. HTML gives authors the means to: \begin {itemize} \item Publish online documents with headings, text, tables, lists, photos, etc. \item Retrieve online information via hypertext links, at the click of a button. \item Design forms for conducting transactions with remote services, for use in searching for information, making reservations, ordering products, etc. \item Include spread-sheets, video clips, sound clips, and other applications directly in their documents. ~\cite{c28} \end{itemize} HTML documents work well across different browsers and platforms. Achieving interoperability lowers costs to content providers since they must develop only one version of a document. If the effort is not made, there is much greater risk that the Web will devolve into a proprietary world of incompatible formats, ultimately reducing the Web's commercial potential for all participants~\cite{c28}. HTML has been developed with the vision that all manner of devices should be able to use information on the Web: PCs with graphics displays of varying resolution and colour depths, cellular telephones, hand held devices, devices for speech for output and input, computers with high or low bandwidth~\cite{c28}. HTML 4.0 extends HTML with mechanisms for style sheets, scripting, frames, embedding objects, improved support for right to left and mixed direction text, richer tables, and enhancements to forms, offering improved accessibility for people with disabilities~\cite{c28}. HTML now offers a standard mechanism for embedding generic media objects and applications in HTML documents. The object element provides a mechanism for including images, video, sound, mathematics, specialized applications, and other objects in a document. It also allows authors to specify a hierarchy of alternate renderings for user agents that don't support a specific rendering~\cite{c28}. \textbf{Problems} HTML based pages embedded with images, sounds and video clips are easy to create, but they can be uninteresting and do not allow true interactivity~\cite[page 5]{c22}. Communication between client programs (browsers) and servers is done using non-ideal paradigms (HTML and sockets). Instead of that, it should be done in an object-oriented manner, in order to reduce development time and increase ease of maintenance. Internet service developers find it difficult that support systems have to be hand-built for each service and each system must often be managed separately~\cite[page 6]{c22}. The use of services is often based on registration at the providers site. So a user of several services has a multitude of login names and passwords. Also, payment for these services goes directly to each provider, normally with Credit Card. It is risky to send credit card numbers over the web and the user may not have any knowledge of how trustworthy the service provider is~\cite[page 6]{c22}. Today incompatible pages, usually made by Java script, have become a problem. These pages do not work perfectly with different browsers. \textbf{Directories} Directories are logical data repositories to save and to search for information. Directory services are important in helping users to find information on the network. Directory services must be reliable and secure in performance. Directories are used for example in saving personal data with telephone numbers and e-mail addresses. Data is often saved in logical tree form. Special programs on the Internet have basic directory functions (mapping names to addresses and visa versa). The Domain Name System (DNS) provides these directory services on the Internet by mapping domain names to IP addresses and providing e-mail routing information for domain names. A directory is a logical place for usernames and passwords as well as for public-key data such as certificates and keys. Another use of directories is yellow-pages functions, where searches find all entries in the directory where attributes satisfy some search criteria. Policy-based networks (PBNs) and guaranteed Quality of Service (QoS) applications are also driving the demand for directories~\cite{c12}. There is a need to consolidate directory data. When intranet systems are expanded to extranet systems, there is a problem of combining different types of directories and databases. A standardized model of directories will help this integration. Decreasing the number of directories means cost savings, higher data quality and lower security hazards (LDAP 1998). Development of an application is also easier if all the information is available in directories using standardized protocols~\cite{c17}. \subsection{ Quality of Services Mechanisms in Internet } \label{subsec: qos} New demand on the Internet service is to guarantee the Quality of Service (QoS). Internet Protocol (IP) based applications have used best-effort method in order to approach QoS. Current Internet architecture does not support QoS guarantees. Multimedia applications, such as internet telephony, Video on Demand, video conferencing, groupware, distance education, and remote health care, are examples of applications which have QoS requirements. QoS requirements of applications and services will lead to policies used to manage IP based networks, and specify Service Level Agreements (SLAs) with Internet Service Providers (ISPs)~\cite[page 813]{c1}. The Internet Engineering Task Force (IETF) has put a lot of effort in defining a scalable Quality of Services (QoS) architecture for the Internet. So far, no consistent solution has been reached, but there is a lot of useful building blocks. There are at least three approaches being taken to meet QoS issues in the IP networks: \begin {itemize} \item Classes of Services (CoS) \item Resource Reservation Protocol (RSVP) \item Policies \end {itemize} CoS is included to the work of IETF Differentiated Services (DiffServ) working group. RSVP is included to the work of IETF Integrated Services (IntServ). While policies can belong to both DiffServ and IntServ. \textbf{Integrated Services} The Integrated Services working group in the Internet Engineering Task Force (IETF) has developed an enhanced Internet service model called Integrated Services that includes best-effort service and enhanced best-effort service~\cite{rfc1633}~\cite{rfc1889}~\cite{rfc1890}. The enhanced best-effort service will enable IP networks to provide quality of service to multimedia applications. Resource ReServation Protocol (RSVP), together with Real-time Transport Protocol (RTP), Real-Time Control Protocol (RTCP), and Real-Time Streaming Protocol (RTSP), provide a working foundation for real-time applications~\cite{rfc1633}~\cite{rfc1889}~\cite{rfc1890}. Integrated Services allows applications to configure and manage a single infrastructure for multimedia applications and traditional applications. It is a comprehensive approach to provide applications with the type of service they need and in the quality they choose. RSVP is the network control protocol that allows data receiver to request a special end-to-end quality of service for its data flows. Real-time applications use RSVP to reserve necessary resources at routers along the transmission paths so that the requested bandwidth can be available when the transmission actually takes place. RSVP is a main component of the future Integrated Services Internet which can provide both best-effort and enhanced best-effort services~\cite{rfc1633}~\cite{rfc1889}~\cite{rfc1890}. \textbf{Differentiated Services} Internet users have diverse needs. Differentiated Services (DiffServ) is a new way to satisfy those needs by providing QoS in the Internet. The basic idea in DiffServ is to get rid of the complex per-flow treatment in the core network and instead offer only a small number of service classes (CoS). The core routers do not need to keep state, because CoS of each packet is encoded within the IP header. This is done in the field Type of Service (ToS)~\cite[page 5]{c8}. Classification to CoS is simple, because ToS field is short and fixed. The first 6 bits of the ToS byte are defined as a DiffServ field, and the value of the field is interpreted as a DiffServ code point. The code point is mapped at each router to a certain per hop forwarding behavior (PHB), i.e. traffic class~\cite[page 5]{c8}. It is important to know how much traffic is allowed to each PHB classes. Marking the packets, as well as policing and shaping the individual flows, is performed at each DiffServ domain boundary according to the service level agreements (SLAs) between the customers and the service providers~\cite[pages 5--6]{c8}. DiffServ is able to provide both qualitative and quantitative end-to-end services. Quantitative services can be offered by limiting the maximum amount of traffic in a certain PHB class and giving the class adequate resources at each link in the core. Quantitative service is simplest to offer in a point-to point fashion so that the required resources can easily be calculated~\cite[pages 5--6]{c8}. The advantages of DiffServ over IntServ are: \begin {itemize} \item Packet forwarding is simpler and more saclable \item Requires less from routers \item Is easier to deploy. )~\cite{c29} \end {itemize} \subsection{Future service platforms} \label{subsec:future} Current architectures in service management are based on management protocols like Simple Network Management Protocol (SNMP) and Common Management Information Protocol (CMIP) or trouble ticketing interface~\cite[page 167]{c3}. \textbf{Web-based Architecture} In the Web-based architecture the customer downloads an applet that communicates with a proxy server in the service providers domain. The proxy server interacts with the actual inter-domain management system. It is possible to use standard gateways like IBM Webbin or build a service specific solutions in order to simplify the funtionality at the customer site. This makes download time shorter and code is needed less~\cite[page 167]{c3}. The inter-domain management system implements the interactions with co-operating service providers. Requests to the local domain are processed by the intra-domain management system and then forwarded down the hierarchy to the network managers and finally to the network element managers~\cite[page 167]{c3}. Security restrictions in browsers do not allow an applet to interact with local resources, i.e. with the file system or local network nodes. In Netscape Communicator the security restrictions can be configured based on the right to trust relationships with the applet provider. Signed applets can be given the right to access the local network. This provides also a network management solution for customer premises network~\cite[page 167]{c3}. In the figure~\{fig:web-based} there is a web-based service management architecture. CPN is Customer Premises Network and PN is Public Network. \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/web-based} \caption{ Web-based service management architecture~\cite[page 167]{c3}} \label{fig:web-based} \end{center} \end{figure} This prototype has been developed providing a web based interface covering subscription management, configuration management, alarm surveillance, trouble ticketing as well as accounting management. The usage of the web and Java (applets) simplifies the service interaction between the customer and the service provider. It will reduce the cost on both sides. For service provider it is important to automate the customer care process in order to cut the costs to survive in the emerging competitive market~\cite[page 168]{c3}. \textbf{Demands for Future Service platforms} The convergence wave is coming. Mobile, fixed and Internet networks converge and create needs among consumers and business to access any service from any network. The same functionality and service provision is expected of all terminal devices; telephones, computers, cable televisions and other equipment. In the market convergence the telecommunications industry, the computer industry and the media industry are melting together. This creates new rules for service provisioning, branding and pricing, and opens new business opportunities for agile players, one being the provision of solutions that tie different networks or protocols together. In the future service platforms follow these demands: \begin {itemize} \item provide extensive network services for converging networks \item enable fast time to market for new services \item provide ease of deployment, configuration, and management \item use the open, modular, distributed and standardised architecture \item ensure application-independent high quality of service and fault tolerance \item enable the use of advanced charging mechanisms \item make use of commercially available hardware and software components \item ensure high usability and appropriate diagnostics \end {itemize} \subsection{ Hybrid Services} \label{subsec:hybrid} Future services will span many communication infrastructures. Users will be able, for example, to generate telephone calls from their Web browsers. These services are called hybrid services. Hybrid services span different network technologies, for example the public switched telephone network (PSTN) and the Internet. Data networks do not offer much support in enabling such hybrid services other than transport and delivery. Most of the support for switching, billing, and access control of the calls is done in the switched network~\cite[page 167]{c27}. The demand for hybrid services is becoming more important, because cellular networks are already well integrated with the PSTN. So these networks have wide penetration. This makes purely Internet-based solutions impractical. Taken separately, the PSTN and Internet are far from being an ideal ground for developing future hybrid services; however, if coupled together they can complement each other effectively~\cite[page 9]{c30}. The PSTN includes a powerful service creation and provision platform called Intelligent Network (IN). The design of IN follows a simple principle: separation of service-specific software from basic call processing. Before IN services were incorporated in the network switches in a manner that was specific to each manufacturer. Introducing new services required the modification of software in every switch in the network. It took years to complete such a process, and it made network operators dependent on their equipment suppliers. The IN reduced a great deal of this dependency by moving service-specific software~\cite[page 9]{c30}. The Internet has no global service creation and provision framework. New services can be created by any user that can afford a server. Creating new services implies developing a distributed application that must be installed and executed in the terminals and servers. Internet applications take advantage of intelligent terminals and powerful user interfaces~\cite[page 9]{c30}. Hybrid services are expected to play a very important role in the years to come. This is due to both the desire of users to integrate the ways they communicate and the willingness of service providers to differentiate their offers from their competitors. Also smart cellular phones are expected to fuel the integration of services~\cite[pages 9--10]{c30}. There has been extensive work toward validation of services in the IN or TINA services, bur there has not been much work on the application of formal methods of Internet to the development of Internet services or hybrid services~\cite[page 134]{c31}. There are main questions: \begin {itemize} \item Are Internet services and hybrid services any different from other telecommunication services? \item What do the differences mean for the application of formal techniques? \end {itemize} \textbf{Interworking of Connect-Oriented and Connectionless Services} Hybrid services combine connection-oriented and connectionless techniques. There is no commonly accepted call model for hybrid services. Telecommunications industry use formal methods based on specific call models, such as those used in the IN. Formal methods were applied to standardized architectures such as the IN in which all services were structured in a similar way by using service-independent building blocks, the application and reuse of formal approaches was significantly easier~\cite[page 134]{c31}. The lack of a common call model for hybrid services implies that most of the work of applying formal techniques to telecommunication systems has to be revised and checked to see whether and how it can be reused and adapted for hybrid services~\cite[page 134]{c31}. \textbf{Integration of Network-Centric and Terminal-Centric Service Control Mechanisms} In the Internet services are implemented in end users systems, while the telecommunications community normally has a network-centric vision where services are implemented in the network. These two different views of service control may convergence to a service-centric vision for the deployment of hybrid services~\cite[page 134]{c31}. For the use of formal methods in development of hybrid services, it is necessary to consider software running at the user's site and in the network~\cite[page 134]{c31}. \textbf{Decreased Service Lifetime and Time to Market} Introducing new services in a telephone or cellular network was a slow process, and the deployed of services were offered for a rather long period. Compared to typical telecommunication services, the time to market of Internet and hybrid services is significantly redused. As market pressure increases and time to market decreases, increased development time using formal techniques on the development of hybrid services is hardly acceptable. It seems to be more promising to formally express single properties with which a service should comply, rather than developing large abstract service specifications~\cite[pages 134--135]{c31}. \textbf{Significantly Increased Heterogeneity} An example of the impact of heterogeneity is the problem of service interactions. A service interaction occurs when the addition of a new feature to a system disrupts the existing services. In most cases it is wanted that the behaviour of a service does not change other services~\cite[page 135]{c31}. Whereas in homogeneous environments the assumptions are relatively easily defined and checked, this is rarely true for telecommunications systems, and definitely not true for hybrid services. As heterogeneity increases in the environment which hybrid services run, more time has to be spent to check whether the implemented service behaves correctly in its environment~\cite[page 135]{c31}.