\chapter{Service Management} \label{ch: servicemanagement} \label{ch:service} This chapter discusses service management. Section~\ref{sec:services_network} describes what kind of services can be in networks, who uses and who offers these services. Section~\ref{sec:accountingmanagement} discusses accounting as enterprice level, while section~\ref{sec:ccb} studies customer care and billing processes. Section~\ref{sec:service_provisioning} studies service platforms and hybrid services. \section{Introduction} \label{sec:introduction} Growing services (such as e-commerce, web hosting etc.) are being deployed over an infrastructure that spans multiple control domains. These \index{end-to-end services}end-to-end services require co-operation in internetworking between multiple organizations, systems and entities. \index{service providers}Service providers need to deploy interoperability, distributed scaleable architectures, integration and automation of network management systems. The management system must make management easy and flexible to service providers. The management system must also make service providers operations and end goals easier~\cite{c2}. \index{service providers}Service providers need to find new and effective ways to~\cite{c4}: \begin{itemize} \item Deploy services more quickly \item Deliver guaranteed services through \index{service-level agreements|see{SLA}}service-level agreements \index{SLA}(SLA) \item Evolve from reactive network management to proactive service management \item Reduce costs by automating network and service management. \end{itemize} Currently, there are no standard mechanisms to share selective management information between the various service providers or between service providers and their customers. Such mechanisms are necessary for end-to-end service management and diagnosis as well as for ensuring the service level obligations between a service provider and its customers or partners~\cite{c2}. \section{Services in the Network} \label{sec:services_network} Today, Internet has many services, such as filetransfer with \index{FTP}FTP, \index{WWW}WWW-pages, \index{IP telephony} IP telephony, multimedia services etc. In the future, the amount of services will increase, for example \index{Video on Demand|see{VoD}} Video on Demand \index{VoD|textbf}(VoD) services will become available and easy to use; mobility will become important. \subsection{Services} \label{subsec:services} According to Kong, Chen and Hussain: ``A service is anything that a \index{service providers}service provider determines that customers will wish to purchase and that the service provider is willing to supply.'' ~\cite{c10} Another service definition: ``A service is a set of functions offered to a user by an organisation.'' ~\cite[page 889]{c16} More service definitions: ``A service is an application with a well-defined interface and functionality.'' ~\cite{c2} Service is defined in \index{International Telecommunication Union --- Telecommunication standards|see{ITU-T}}International Telecommunication Union --- Telecommunication standards \index{ITU-T}(ITU-T) and \index{ISO}ISO systems management documents: ``An abstract concept that includes the behaviour of a service provider as seen by a service user. Alternatively, the service definition includes a set of capabilities provided to a service user by a service provider. Service definition does not include the internal behaviour of a service provider.'' ~\cite[pages 82--83]{b34} \index{IP}IP network gets more customers, because more services will be available for customers. This has raised the importance of service management. In the past, technology orientation has placed products and equipment ahead of the services. Today, customers want reliable and easy use of services. For example, customers do not want to use different login names and passwords when connecting to services. Microchips cards could be a method used for identification and authentication. \subsection{IP Networks and Convergence in Telecommunications} \label{subsec:Massive_IP_Network} Internet is popular as the basic infrastructure in providing world-wide distributed services to end-users. The Internet is an open and distributed environment which allows different types of service providers to provide different types of services on the network~\cite[page 22]{c10}. Massive \index{IP}IP network might include the Internet, but also \index{Cable television}Cable television \index{CATV}(CATV), telecommunication networks, such as \index{Public Switched Telecommunications Network|see{PSTN}}Public Switched Telecommunications Network \index{PSTN}(PSTN), \index{Integrated Services Digital Network|see{ISDN}}Integrated Services Digital Network \index{ISDN}(ISDN), \index{Intelligent Network|see{IN}}Intelligent Network \index{IN}(IN), and mobile systems. However, there are two other important network technologies which make new services available: wireless transmission on radio frequencies, and microwave satellite transmission. Telephone companies are interested in delivering non-telephone services to end-users. \index{CATV}CATV providers are interested in telephone and Internet services as well as Video on demand \index{VoD}(VoD) services. These companies believe that cost savings are possible through value-added services. Also, the number of end users is increasing. These users have unique interests, and because of their interests, they require different services from the service providers. ~\cite[page 129]{c13} The \index{CATV}CATV industry is migrating to a digital transmission technology, in order to increase the number of TV channels and services available to the end users. To provide new services, such as \index{VoD}VoD and interactive TV, the CATV industry is designing bi-directional networks. End-users are connected to video servers, and they can select the video program, and the video program is sent over the network to the user~\cite[pages 16--19]{b3}. The differences between telephone, computer, and CATV networks are still great. However, each type of network is now able to provide services that were originally created for other networks. This tendency is convergence~\cite[page 20]{b3}. Media industry, telecommunications industry and computer industry are converging. Media industry produces the content, for example entertainment and publishing. Computer industry produces equipment and applications, which can make this content available for everyone. Telecommunications industry, both fixed and mobile, produces the connections to networks. See Figure~\ref{fig:convergence} ~\cite{c25} \begin{figure}[htb] \begin{center} \epsfxsize.7\textwidth \epsfbox{kuvat/convergence} \caption{Convergence~\cite{c25}} \label{fig:convergence} \end{center} \end{figure} \subsection{Service Providers} \label{subsec:service Providers} By \index{service providers}service providers we means companies that provide services as a business on the network. Service providers operate on the network, or they integrate the services of other provides in order to deliver services to their customers. Service providers are increasingly using Service Level Agreements \index{SLA|textbf}(SLAs) to define agreements for sharing resources with partners, as well as for offering service quality guarantees to customers. These SLAs contain details of information that are shared, and service level guarantees that are offered by the service provider~\cite{c2}. Service providers offering reliable services in a cost-efficient way will succeed. Service users do not use services that are not operating properly. Cost-efficiency means that service providers can easily add new services or update old services. \subsection{Service users} \label{subsec:services_users} Service users are often called end-users or customers. \index{service providers}Service providers have to fulfil end-user needs before the end-user uses any services. The service users want that the user interfaces of the services are logical and easy to use. They also expect that the connection and the billing are reliable, installations are easy and software products are good. \section{Security management} \label{sec:securitymanagement} Basic security services that are defined in \index{ITU-T}ITU-T Recommendation \index{X.800}X.800 are: \begin{itemize} \item \textbf{Access control} \index{access control}Access control is the property of controlling network and computer resources in such way that only legitimate users can access them within their limits. One approach is to attach to an object a list which explicitly contains the identity of all permitted users (an Access Control List (ACL))~\cite{rfc2196}. Access control tools are discussed on page~\pageref{subsec:accesscontroltools}. \item \textbf{Authentication} \index{authentication}Authentication is the property of knowing that the data received is the same as the data that was sent and that the claimed sender is in fact the actual sender. Several authentication techniques have been developed, for example technologies that provide passwords that are only used once (commonly called one-time passwords), and Kerberos. Kerberos is software designed and developed at Massachusetts Institute of Technology (MIT) to perform distributed authentication in an insecure network environment. \item \textbf{Confidentiality} \index{confidentiality}Confidentiality is the property of communicating so that the intended recipients know what was being sent but unintended parties cannot determine what was sent. Encryption is commonly used to provide confidentiality. \item \textbf{Integrity} \index{integrity}Integrity is the property of ensuring that data is transmitted from source to destination without undetected alteration. One way to provide integrity is to produce a checksum of the unaltered file, store that checksum offline, and periodically (or when desired) check to make sure the checksum of the online file hasn't changed (which would indicate the data has been modified)~\cite{rfc2196}. \item \textbf{Non-repudiation} \index{non-repudiation}Non-repudiation is the property of a receiver being able to prove that the sender of some data did in fact send the data even though the sender might later desire to deny ever having sent that data~\cite{rfc1825}. \end{itemize} Effective security management must be involved in all steps of data storage and transfer process. Logs are important security tools and therefore security management is involved with the collection, storage and examination of the audit records and security logs. Increasing the level of network security will affect to the openness of the system and to the cost of maintaining the network. \section{Authentication and authorization} Almost all applications utilize user information and presume an \index{authentication}authentication of users. \index{authorization}Authorization is determining whether an identity is permitted to perform some action, such as accessing a resource~\cite{b15}. Passwords, smart cards and certificates are used to authenticate a user. A user may have a right to use more than one name and identities established by multiple organizations (such as universities and scholarly societies). There might be an advantage if all the user information is available in same directory. All the applications could then use the same information. Users have to log in only once to be able to use all the services and resources~\cite{b17}. There are some basic requirements for \index{authentication}authentication~\cite{b15}: \begin{itemize} \item Access management solution needs to work at a practical level, \item The solution needs to be secure \item It should make access easier, minimizing redundant authentication interactions and providing user-friendly information resources, \item It needs to scale, \item It needs to be robust, for example, a forgotten password should not be an intractable problem, \item It must be able to recognize the need for a user to access a resource independent of his or her physical location (for example, a user must be able to connect to the internet via a commercial \index{Internet Service Provider|see{ISP}}Internet Service Provider \index{ISP}(ISP), a mobile \index{IP}IP link, or a cable television Internet connection from home), and \item There should be a simple and well-defined (standard) interface between resource operator and licensing institution. \end{itemize} The basic access management problem is licensing agreements for networked information resources. The situations where institutions agree to share limited access are difficult. There is a need for fine-grained access control where institutions want to limit resource access to only individuals registered for a specific class, for example, when a class may be offered to students at multiple institutions. At present, most access to network information resources is not controlled on a fine-grained basis. There is a danger that by accommodating all the needs for fine-grained access management into the basic access management mechanisms will produce a too complex and costly system~\cite{b15}. Management data represents a problem in the current access framework. The problem is the conflict between private and public data. Most of the data has to be sorted out at the institutional policy level and it may involve making sacrifices in order to ensure privacy. Some institutions may be legally limited in their ability to collect certain management data. Proxies and credential-based authentication (the user presents a credential to the operator as evidence that he or she is a member of the user community) schemes seem to be viable. Proxy servers will become a focal point for policy debates about privacy, accountability and the collection of management information. Successful operation of a proxy server means that the user trusts the licensee institution to behave responsibly and to respect privacy. A cross-organizational authentication system based on a credential approach has the advantage of greater transparency. Resource operators can have a higher level of confidence in the access management mechanisms and a greater ability to monitor irregular access patterns. Privacy, accountability and collection of management statistics must be taken up for discussion among a larger group of parties. An institution might choose to manage access by \index{IP}IP source address. IP source filtering means that packets are filtered on the basis of their source address. It does not seem to be a viable solution for access management. However, it may be very useful for some niche applications, such as supporting public workstations. It could be used more widely, although it cannot support remote users flexibly in its basic form. Most real-world access management systems are going to have to employ multiple approaches and IP source address filtering is likely to be one of them~\cite{b15}. \section{Security problems of Internet} The list below describes the security problems in the current Internet. \begin{itemize} \item \textbf{Weak authentication} Passwords on the Internet can be cracked by a number of different ways. The two most common methods are cracking the encrypted form of the password, and monitoring communications channels for password packets. Another problem with authentication results from some \index{TCP}TCP or \index{UDP}UDP services being able to authenticate only to the granularity of host addresses and not to specific users. For example, an \index{NFS}NFS (UDP) server cannot grant access to a specific user on a host, it must grant access to the entire host. The administrator of a server may trust a specific user on a host and wish to grant access to that user, but the administrator has no control over other users on that host and is thus forced to grant access to all users (or grant no access at all). \item \textbf{Ease of spying and monitoring} When a user connects to his or her account on a remote host using \index{TELNET}TELNET or \index{FTP}FTP, the user's password travels across the Internet unencrypted. A method to break into systems is to monitor connections of \index{IP}IP packets bearing a username and password, and then use them to login normally. If an administrator-level password is captured, the job of obtaining privileged access is made much easier. Electronic mail, as well as the contents of TELNET and FTP sessions, can be monitored and used to learn information about a site and its business transactions. Most users do not encrypt e-mail, yet many assume that e-mail is secure and thus safe for transmitting sensitive information. The increasingly popular X Window System is also vulnerable to spying and monitoring. The system permits multiple windows to be opened at a workstation. \item \textbf{Host-based security does not scale} Host-based security does not scale well: as the number of hosts at a site increases, the ability to ensure that security is at a high level for each host decreases. Secure management of just one system can be demanding, managing many such systems could easily result in mistakes and omissions. A contributing factor is that the role of system management is often short-changed and performed in haste. As a result, some systems will be less secure than other systems, and these systems could be the weak links that will break the overall security chain~\cite{b40}. \end{itemize} \section{Customer Care and Billing} \label{sec:ccb} \index{customer care and billing|see{CCB}}Customer care and billing \index{CCB}(CCB) processes have been traditionally kept as a background process. CCB processes have not been the key functions in the business. Today, customer care and billing are an important part of making profit. Good customer care and billing enables getting more profit, better customer relationships, and competition advantage. Today, succeeding in the market depend more on the quality of products and services than just the prices. 1980's was product oriented time in the telecommunication and data transfer market, while customer orientation is leading now. Marketing to the customers as well as the ability to sell more and the ability to high quality customer care are one of the key components to success. Also, it is important to get the products quickly to the market, and to be able to support existing and new services. A good customer care and billing system has to be flexible enough to fulfil these criteria~\cite{c7}. Even electronic commerce depends on customer relationships, says Lester Wanninger, professor at the University of Minnesota. It is important to teach how to make good customer relations for people going to start electronic commerce. Also, in electronic commerce a company and a customer should handle all the communication channels. Electronic commerce has to implement functional processes of the company, information systems, databases, and other channels. It is important that a customer gets the same service from any service channel of the company. Ease of use brings more value to the customer. Also, in electronic commerce, the customer buys again only if the customer gets what was promised. \index{WWW}WWW-pages can have effect on attitudes, intends, and shopping habits. High quality information, easy use, and new experiences, binding customers to services. Traditional media, such as TV, radio, and printed media are good in getting new customers, while the Internet is good in keeping old customers~\cite{c9}. \subsection{Customer Care} \label{subsec:cc} Customer care means maintaining customer services and customer relationships and answering routines, for example Help desk functions. Customer care links to the level of the offered service and the connection with the service level and the price of the service~\cite{c26}. Customer care deals with processes needed to deliver services to customers, such as order handling, problem solving, performance reporting, and billing. Good customer care system enables providing current and accurate information to the customers. It helps in delivering services when promised and resolving problems quickly and keeping customers informed, of the status of their orders. It also enables meet stated service level agreements \index{SLA}(SLAs) for performance and availability, and providing accurate billing in a format that customer wants. This all ensures that the customer gets good service from the \index{service providers}service provider. A automation of customer care enables better services and cost savings. The service provider's Help desk can see all the information needed quickly, and then he or she can answer to the customer. Also, new services can be implemented and delivered to the customers easily when customer care processes are automated. Service providers can use the same methods to all services, when customer care processes are automated. \subsection{Billing} \label{subsec:billing} Internet is becoming able to support heterogeneous applications and services to a diverse user community. Delivered services must be billed. In the future we want to know who is using the network, what the network is being used for and when the network is being used~\cite{c11}. Pricing mechanism will be necessary in order to manage the quality of services \index{QoS}(QoS). Accounting and billing systems must be reliable, scaleable and have high performance, and offer flow-through operation from the other systems. According to Busse~\cite{c3}, an accounting system should fulfil some basic requirements; it should be \begin {itemize} \item cost effective, performant, transparent, \item up-to-date information, \item customer configurable, and \item secure. \end{itemize} To be cost effective, the accounting system should be highly automated, based on standards, and easy to interact with. It should provide a reasonable response time. The whole accounting process should be transparent to the customer. The accounting system should provide up-to-date information, i.e. it has to minimize the time needed to process the usage information from the network elements or other service providers. This is important especially when real-time information should be provided to the customer order status. The accounting system should be configurable according to customer preferences for example with respect to tariff, billing cycle, details of the bill, local currency and taxes, the format in which the bill is expected, and the method of payment. The accounting system should fulfil strong security requirements: identification, authentication, access control, confidentiality, integrity, and auditing. \textbf{Accounting process} (see figure~\ref{fig:accounting_process}): \begin{itemize} \item \textbf{Tariff negotiation} The customer and the \index{service providers}service provider negotiate the tariff during the subscription and service profile configuration phase. Usually the customer picks one of the standard tariffs offered by the service provider. \item \textbf{Usage metering} The \index{service providers}service provider meters the usage of the resources during the operational phase. This includes the orders of the customers and the actual usage of the network. Readings are gathered from the network resources. \item \textbf{Charging} The tariff and usage information are combined and the charge is computed. This can be done directly after the connection was released, or regularly in order to prepare the bill. \item \textbf{Billing} The customer usually gets regular bills, e.g. once a month. The charging information of the period is collected and combined in a bill. Taxes are added. The customer will then be notified and the invoicing process will be triggered. \item \textbf{Invoicing} Within the invoicing process the system keeps track of the payment status of the bills of each customer. The customer can pay the bill in the way he or she wants. \end{itemize} \begin{figure}[htb] \begin{center} \epsfxsize.75\textwidth \epsfbox{kuvat/accounting_process} \caption{Accounting process~\cite {c3}} \label{fig:accounting_process} \end{center} \end{figure} \textbf{Payment mechanisms} Internet payment mechanisms can be grouped into three classes: electronic currency systems, credit-debit systems and systems based on secure presentation of credit card numbers~\cite{c14}. Collecting and rating usage, tracking services, managing inventories and reconciling invoices are key features of accounting systems~\cite{c11}. The safety issues are under discussion. Some payment mechanisms are totally anonymous and payers can not be tracked (such as E-cash -- electrical purse, where you load money and pay with it). The principal advantage of electronic currency is its potential for anonymity. The disadvantage is the need to maintain a large database of past transactions to prevent double spending. In the credit-debit model (like NetCheque system), customers are registered with accounts on payment servers. Customers authorize charges against those accounts. The credit-debit model is audible. Once a payment instrument has been deposited, the owner of the debited account can determine who authorized the payment, and that the instrument was accepted by the payee and deposited~\cite{c14}. Some payment mechanisms are based on credit cards (such as CyberCash). Information is often shared with the owner of the credit card, payment service provider and the credit card company. The owner of the credit card does not need to give his credit card number to the merchant without encrypting it. A customer's credit card number is encrypted using public key cryptography. The merchant has a message that it cannot read completely but which authorizes the purchase. The merchant adds his identification information and sends it to the CyberCash server. The entire message is digitally signed by the merchant to prevent tampering in transit. The CyberCash server unwraps the message and creates a standard credit card authorization request. The CyberCash server then forwards the request to the appropriate bank or processing house for authorization and returns the result to the merchant. The advantage is that the customer does not need to be registered with a network payment service; all that is needed is the credit card number~\cite{c5}. \textbf{Demands of electronic payment systems} Internet payment system should be secure, reliable, scalable, anonymous, acceptable, flexible, convertible, effective, easy to integrate with applications and ease to use. An anonymity is more important in some communities or for certain kinds of transactions, than they are in other communities~\cite{c14}. \begin{itemize} \item \textbf{Security} The infrastructure must be usable and resistant to attacks in an environment where modification of messages is easy. \item \textbf{Reliability} The infrastructure must be available and should avoid failures. \item \textbf{Scalability} The payment infrastructure must be able to handle the addition of users without suffering loss of performance. \item \textbf{Anonymity} For some transactions, the identity of the parties to the transaction should be protected. Where anonymity is important, the cost of tracking a transaction should outweigh the value of the information that can be obtained by doing so. \item \textbf{Acceptability} A payment instrument must be accepted widely. \item \textbf{Customer base} The acceptability of the payment mechanism affects the size of the customer base. \item \textbf{Flexibility} Alternative forms of payment are needed. The payment infrastructure should support several payment methods including credit cards, personal checks, cashier's checks and anonymous electronic cash. \item \textbf{Convertibility} There will be several forms of payment, providing different trades. \item \textbf{Efficiency} Royalties for access to information may generate frequent payments for small amounts. Applications must be able to make these ``micropayments'' without noticeable performance deterioration. \item \textbf{Ease of integration} Applications must be modified to use the payment infrastructure in order to make a payment service available to users. \item \textbf{Ease of use} Users should not be constantly interrupted to provide payment information; most payments should occur automatically. Users should be able to limit their losses and monitor their spending. \end{itemize} Threats of misusing electronic currency can lead for example to dept (unpaid bills), forgeries, unauthorized payments on behalf of another person, double purchases (order twice -- pay once), refusal of payments and unsuccessful deliveries. \textbf{Future billing requirements} Some of the requirements of the new billing systems include~\cite{c24}: \begin{itemize} \item Real-time react to market activities \item Flexible billing formats and media to meet customer demands \item Flexible rating engine that allows discounting \item Integrated billing, which includes charges from third-party providers \item Well-defined interfaces to allow easy integration and data sharing between business systems and the billing system. \item Pre-paid services: Customers change to pre-paid service, so customers' loyalty to \index{service providers}service provider will become more difficult to check. Customers can easily change the service provider, because they can easily buy new pre-paid services from any other service providers. \item Fraud and bad dept: Cheating and lost income remains a problem. CCB systems can help to get over and to prevent cheating. \item New technologies such as certificate based authentication will open more accurate and faster charging for the services. \end{itemize} \section{Accounting management} \label{sec:accountingmanagement} Accounting management deals with information that concerns individual users, including following issues: \begin{itemize} \item \textbf{Usage measurement} Usage measurement is collecting data for charging, and processing the data. It has to be reliable, and sometimes it has to be done in real time. \item \textbf{Tariffing/pricing} A tariff is a set of data used to determine the charges for services used. It depends on the service, origination and destination, tariff period, and day. \item \textbf{Collections and finance} This includes administration of customer accounts, informing customers, payment dates, payment amount, and collection of payments. \item \textbf{Enterprise control} Enterprise control is responsible for proper financial management of an enterprise. It includes identifying and ensuring financial accountability of officers. Also, checks and balances needed for financial operation of an enterprise are included~\cite[pages 64--66]{b34}. \end{itemize} A system that generates data for accounting purposes is called an accounting management agent. Accounting managers are systems, which interrogate accounting management data or obtain it in other ways. If accounting management is distributed across various systems, all systems may be required to control their own area themselves. Furthermore, a system may request information from other systems in order to square its accounts~\cite[pages 188--189]{b42}. Accounting data is sensitive information. The collector must provide confidentiality at the point of collection, through transmission and up to the point where the data is delivered. The delivery function may also require authentication of the origin and the destination and provision for connection integrity (if connections are utilized). Security services can be provided for example by \index{SNMP}SNMPv3\footnote{See section~\ref{sec:snmp} for Simple Network Management Protocol \index{SNMP}(SNMP).}. \subsection{Internet pricing} Internet pricing contains four basic elements (see figure~\ref{fig:pricing}). An accessfee is usually a monthly charge for using an access link of the network. The price depends on the capacity of the link. Setting up connections or making reservations can be charged separately. Usagefee can be used to charge services on time-, volume-, or \index{QoS}QoS-basis. This fee determines the actual resource usage of a customer. Contentfee depends on the application content. It may be omitted (e.g., telephony, fax, e-mail services where the content is provided by the user), billed separately (e.g., Helsingin Sanomat on-line edition), or integrated into the telecommunications charging system (e.g., commercial 0900 numbers in Finland)~\cite{b47}. \begin{figure}[htb] \begin{center} \epsfxsize.75\textwidth \epsfbox{kuvat/pricing} \caption{Components of Internet pricing~\cite{b47}} \label{fig:pricing} \end{center} \end{figure} The current pricing model is based on an assumption of a single best-effort service model that provides similar service to all customers. \index{service providers}Service provider and customer do not have a direct control over the actual service in terms of parameters determining volume, connection time\footnote{Connection time for connectionless communications would be difficult to measure (except for dialup access).}, and \index{QoS}QoS. Accounting is usually based on mechanisms offered by commercially available routers and switches. The most commonly used approach employs packet filtering and statistical sampling. However, it is difficult to charge for usage-based traffic since the granularity of these methods is too coarse and the measurement overhead significant~\cite{b47}. Another problem concerning accounting data collection in routers is whether packets should be counted on entry to or on exit from a router\footnote{The nature of \index{IP}IP is that not every packet received by a router is actually passed to an output port, but can be discarded for example at times of congestion.}~\cite{rfc1272}. For volume measurements the IETF \index{Real-time Traffic Flow Measurement|see{RTFM}}Real-time Traffic Flow Measurement \index{RTFM}(RTFM) working group has proposed standards to meter flows and to distribute this accounting information via \index{SNMP}SNMP~\cite{b47}. The \index{Remote Authentication Dial-In User Service|see{RADIUS}}Remote Authentication Dial-In User Service \index{RADIUS}(RADIUS) is a protocol specified by the IETF radius working group. It helps managing the Internet access links. Since these links are sensitive to security and accounting, a protocol is provided to authenticate dial-in users and negotiate configuration data. RADIUS services are implemented by most router manufactures. Accounting data can be collected on a time-, packet-, or octet-basis for a particular service~\cite{b47}. \section{Managing New Services} \label{sec:new_services} Managing new services means development of new services and taking care of the economic use of the network. For example implementing a cost-effective service quickly, and guaranteeing the specified service level to all end-users. End-to-end service process automation improves the accuracy and speed of a task while also freeing personnel from routine jobs. The advantages of automating end-to-end service process are in cost reduction and in improved customer service. Today all \index{service providers}service providers have to create their own services in the Internet. Same services are created in many different ways, because there does not exist any one method to create new services in a way these services can be reused and modified. \section{ Problems in Service Management } \label{sec:problems} There are unresolved questions in service management: \begin{itemize} \item How can management information be shared across administrative domain boundaries in a secure way? This capability is important when a service is composed of components from several service providers. \item How to get measurable aspects from Service Level Agreements \index{SLA}(SLAs)? It is unclear how a legal service level agreement document is translated into a measurable specification that can be automatically monitored for compliance. \item How to define metrics and their bounds for service compliance? There are no recommendations and policies to define what metrics are and how their values are computed. \end{itemize} \section{Service Provisioning} \label{sec:service_provisioning} Competition is increasing in service provision. Customer satisfaction is becoming important for service providers. One of the most critical problems faced by service providers today is managing of changes. The ability to focus deployment of new services and network technologies requires a new level of management flexibility to support a new level of customer care. Competitive advantage for service providers will depend on the ability to rapidly deliver end-to-end service solutions. A key management question is to meet these challenges. Service providers have to optimize their service management to meet business and customer needs~\cite[page 701]{c6}. \subsection{Service Life Cycle} \label{subsec: lifecycle} Services are usually implemented when needed in \index{IP}IP networks. Service providers do not have reusable service platform models, so they must always implement services from gratch. Service providers have their own service processes, which can be incompatible with other service providers systems and might be made with incompatible software, for example Java applets can cause problems. \subsection{WWW Service Platforms} \label{subsec:platforms} The \index{World Wide Web|see{WWW}}World Wide Web \index{WWW}(WWW) is an architecture for sharing information. The WWW provides a hypertext system linking people, computers, and information around the world. The WWW consists of information servers and client browser programs, linked together by a set of standards and agreements. The user runs the browser to access WWW servers, which deliver information to the requesting browser~\cite[pages 87--88]{c23}. The key components of the WWW architecture are the \index{Uniform Resource Locator|see{URL}} Uniform Resource Locator \index{URL}(URL), the \index{Hypertext Transfer Protocol|see{HTTP}}Hypertext Transfer Protocol \index{HTTP}(HTTP), and the \index{Hypertext Markup Language|see{HML}}Hypertext Markup Language \index{HTML}(HTML)~\cite[page 88]{c23}. URLs provide standardized specifications for objects or resources located on a network, detailing both the network address of the object and the protocol to be used to interact with that object. See table~\ref{tab:url}. \begin {table}[htb] \small \begin {tabular}{|c|c|}\hline \textit{Service} & \textit{Uniform Resource Locator (URL)}\\\hline \textit{Anonymous File Transfer} & \textit{ftp://ftp.frack.com}\\\hline \textit{Hypertext Transfer} & \textit{http://www.frack.com}\\\hline \textit{Remote Login} & \textit{telnet://frack.com}\\\hline \textit{Gopher Retrieval} & \textit{gopher://gopher.frack.com}\\\hline \textit{Wide-Area Info Service} & \textit{wais://wais.frack.com}\\\hline \textit{Usenet News} & \textit{nntp://news.frack.com}\\\hline \end {tabular} \caption{The URLs for various types of resources} \label{tab:url} \end{table} The \index{URL}URL is an enhanced Internet address. \index{WWW}WWW clients use the URL to find an object on the network and select the proper protocol for interacting with that object~\cite[pages 88--89]{c23}. The HTTP is a connection-oriented protocol designed for the rapid transport of files consisting of a mixture of text and graphics. HTTP uses an object-oriented protocol consisting of simple commands that support negotiation between the client and the server. This negotiation allows WWW browsers and servers to develop independently of emerging technologies because the negotiation process established a common basis of communication between the client and the server~\cite[page 89]{c23}. A universally understood language is needed when publishing information for global distribution. The publishing language used by the World Wide Web \index{WWW}(WWW) is HyperText Markup Language \index{HTML}(HTML)~\cite{c28}. HTML is a standardized document tagging language, based on the \index{Standardized Generalized Markup Language|see{SGML}Standardized Generalized Markup Language \index{SGML}(SGML) ~\cite[pages 89--90]{c23}. According to W3~\cite{c28}, \index{HTML}HTML gives authors the means to: \begin {itemize} \item Publish online documents with headings, text, tables, lists, photos, etc. \item Retrieve online information via hypertext links, at the click of a button. \item Design forms for conducting transactions with remote services, for use in searching for information, making reservations, ordering products, etc. \item Include spread-sheets, video clips, sound clips, and other applications directly in their documents. \end{itemize} HTML has been developed with the vision that all manner of devices should be able to use information on the Web: PCs with graphics displays of varying resolution and colour depths, cellular telephones, hand held devices, devices for speech for output and input, computers with high or low bandwidth. HTML now offers a standard mechanism for embedding generic media objects and applications in HTML documents. The object element provides a mechanism for including images, video, sound, mathematics, specialized applications, and other objects in a document. It also allows authors to specify a hierarchy of alternate renderings for user agents that don't support a specific rendering~\cite{c28}. \textbf{Problems} \index{HTML}HTML based pages embedded with images, sounds and video clips are easy to create, but they can be uninteresting and do not allow true interactivity~\cite[page 5]{c22}. Communication between client programs (browsers) and servers is done using non-ideal paradigms (HTML). Instead of that, it should be done in an object-oriented manner, in order to reduce development time and increase ease of maintenance. Internet service developers find it difficult that support systems have to be hand-built for each service and each system must often be managed separately~\cite[page 6]{c22}. The use of services is often based on registration at the providers site. A user of several services has a multitude of login names and passwords. Also, payments for these services go directly to each provider, normally using credit cards. It is risky to send credit card numbers over the web and the user may not have any knowledge of how trustworthy the \index{service providers}service provider is~\cite[page 6]{c22}. Today incompatible pages, usually made by Java script, have become a problem. These pages do not work perfectly with different browsers. \textbf{Directories} Directories are logical data repositories to save and to search for information. Directory services are important in helping users to find information on the network. Directory services must be reliable and secure in performance. Directories are used for example in saving personal data with telephone numbers and e-mail addresses. Data is often saved in logical tree form. Special programs on the Internet have basic directory functions (mapping names to addresses and visa versa). The \index{Domain Name System|see{DNS}}Domain Name System \index{DNS}(DNS) provides these directory services on the Internet by mapping domain names to \index{IP}IP addresses and providing e-mail routing information for domain names. A directory is a logical place for usernames and passwords as well as for public-key data such as certificates and keys. Another use of directories is yellow-pages functions, where searches find all entries in the directory where attributes satisfy some search criteria. \index{policy-based networks|see{PBN}} Policy-based networks \index{PBN}(PBNs) and guaranteed Quality of Service \index{QoS}(QoS) applications are also driving the demand for directories~\cite{c12}. There is a need to consolidate directory data. When intranet systems are expanded to extranet systems, there is a problem of combining different types of directories and databases. A standardized model of directories will help this integration. Decreasing the number of directories means cost savings, higher data quality and lower security hazards (LDAP 1998). Development of an application is also easier if all the information is available in directories using standardized protocols~\cite{b17}. \subsection{Future service platforms} \label{subsec:future} Current architectures in service management are based on management protocols like Simple Network Management Protocol \index{SNMP}(SNMP) and \index{Common Management Information Protocol|see{CMIP}}Common Management Information Protocol \index{CMIP}(CMIP) or trouble ticketing interface~\cite[page 167]{c3}. \textbf{Web-based Architecture} In the \index{web-based architecture}Web-based architecture the customer downloads an applet that communicates with a proxy server in the \index{service providers}service providers domain. The proxy server interacts with the actual inter-domain management system. It is possible to use standard gateways like IBM Webbin or build a service specific solutions in order to simplify the funtionality at the customer site. This makes download times shorter and there is less need for code~\cite[page 167]{c3}. The inter-domain management system implements the interactions with co-operating service providers. Requests to the local domain are processed by the intra-domain management system and then forwarded down the hierarchy to the network managers and finally to the network element managers~\cite[page 167]{c3}. Security restrictions in browsers do not allow applets to interact with local resources, i.e.\ with the file system or local network nodes. In Netscape Communicator, the security restrictions can be configured based on the right to trust relationships with the applet provider. Signed applets can be given the right to access the local network. This provides also a network management solution for customer premises network~\cite[page 167]{c3}. Figure~\ref{fig:web-based} shows a index{web-based service management architecture}web-based service management architecture. CPN is Customer Premises Network and PN is Public Network. \begin{figure}[htb] \begin{center} \epsfxsize.5\textwidth \epsfbox{kuvat/web_based} \caption{ Web-based service management architecture~\cite[page 167]{c3}} \label{fig:web-based} \end{center} \end{figure} This prototype has been developed providing a web based interface covering subscription management, configuration management, alarm surveillance, trouble ticketing as well as accounting management. The usage of the web and Java (applets) simplifies the service interaction between the customer and the \index{service providers}service provider. It will reduce the cost on both sides. For service provider it is important to automate the customer care process in order to cut the costs to survive in the emerging competitive market~\cite[page 168]{c3}. \textbf{Demands for Future Service platforms} The convergence wave is coming. Mobile, fixed and Internet networks converge and create needs among consumers and business to access any service from any network. The same functionality and service provision is expected of all terminal devices; telephones, computers, cable televisions and other equipment. In the market convergence the telecommunications industry, the computer industry and the media industry are melting together. This creates new rules for service provisioning, branding and pricing, and opens new business opportunities for agile players, one being the provision of solutions that tie different networks or protocols together. In the future service platforms follow these demands: \begin {itemize} \item provide extensive network services for converging networks \item enable fast time to market for new services \item provide ease of deployment, configuration, and management \item use the open, modular, distributed and standardised architecture \item ensure application-independent high quality of service and fault tolerance \item enable the use of advanced charging mechanisms \item make use of commercially available hardware and software components \item ensure high usability and appropriate diagnostics \end {itemize} \subsection{ Hybrid Services} \label{subsec:hybrid} Future services will span many communication infrastructures. Users will be able, for example, to generate telephone calls from their Web browsers. These services are called hybrid services. \index{hybrid services}Hybrid services span different network technologies, for example the public switched telephone network \index{PSTN}(PSTN) and the Internet. Data networks do not offer much support in enabling such hybrid services other than transport and delivery. Most of the support for switching, billing, and access control of the calls is done in the switched network~\cite[page 167]{c27}. The demand for \index{hybrid services}hybrid services is becoming more important, because cellular networks are already well integrated with the \index{PSTN}PSTN. These networks have wide penetration. This makes purely Internet-based solutions impractical. Taken separately, the PSTN and Internet are far from being an ideal ground for developing future hybrid services; however, if coupled together they can complement each other effectively~\cite[page 9]{c30}. The PSTN includes a powerful service creation and provision platform called Intelligent Network \index{IN}(IN). The design of IN follows a simple principle: separation of service-specific software from basic call processing. Before IN services were incorporated in the network switches in a manner that was specific to each manufacturer. Introducing new services required the modification of software in every switch in the network. It took years to complete such a process, and it made network operators dependent on their equipment suppliers. The IN reduced a great deal of this dependency by using service-specific software~\cite[page 9]{c30}. The Internet has no global service creation and provision framework. New services can be created by any user that can afford a server. Creating new services implies developing a distributed application that must be installed and executed in the terminals and servers. Internet applications take advantage of intelligent terminals and powerful user interfaces~\cite[page 9]{c30}. \index{hybrid services}Hybrid services are expected to play a very important role in the years to come. This is due to both the desire of users to integrate the ways they communicate and the willingness of service providers to differentiate their offers from their competitors. Also, smart cellular phones are expected to fuel the integration of services~\cite[pages 9--10]{c30}. There has been extensive work toward validation of services in the IN or \index{TINA}TINA services, bur there has not been much work on the application of formal methods of Internet to the development of Internet services or hybrid services~\cite[page 134]{c31}. There are main questions: \begin {itemize} \item Are Internet services and \index{hybrid services}hybrid services any different from other telecommunication services? \item What do the differences mean for the application of formal techniques? \end {itemize} \textbf{Interworking of Connect-Oriented and Connectionless Services} \index{hybrid services}Hybrid services combine connection-oriented and connectionless techniques. There is no commonly accepted call model for hybrid services. Telecommunications industry use formal methods based on specific call models, such as those used in the IN. Formal methods were applied to standardized architectures such as the IN in which all services were structured in a similar way by using service-independent building blocks, the application and reuse of formal approaches was significantly easier~\cite[page 134]{c31}. The lack of a common call model for hybrid services implies that most of the work of applying formal techniques to telecommunication systems has to be revised and checked to see whether and how it can be reused and adapted for hybrid services~\cite[page 134]{c31}. \textbf{Integration of Network-Centric and Terminal-Centric Service Control Mechanisms} In the Internet services are implemented in end users systems, while the telecommunications community normally has a network-centric vision where services are implemented in the network. These two different views of service control may converge to a service-centric vision for the deployment of hybrid services~\cite[page 134]{c31}. For the use of formal methods in development of \index{hybrid services}hybrid services, it is necessary to consider software running at the user's site and in the network~\cite[page 134]{c31}. \textbf{Decreased Service Lifetime and Time to Market} Introducing new services in a telephone or cellular network was a slow process, and the deployed of services were offered for a rather long period. Compared to typical telecommunication services, the time to market of Internet and hybrid services is significantly reduced. As market pressure increases and time to market decreases, increased development time using formal techniques on the development of \index{hybrid services}hybrid services is hardly acceptable. It seems to be more promising to formally express single properties with which a service should comply, rather than developing large abstract service specifications~\cite[pages 134--135]{c31}. \textbf{Significantly Increased Heterogeneity} An example of the impact of heterogeneity is the problem of service interactions. A service interaction occurs when the addition of a new feature to a system disrupts the existing services. In most cases it is wanted that the behaviour of a service does not change other services~\cite[page 135]{c31}. Whereas in homogeneous environments the assumptions are relatively easily defined and checked, this is rarely true for telecommunications systems, and definitely not true for hybrid services. As heterogeneity increases in the environment which \index{hybrid services}hybrid services run, more time has to be spent to check whether the implemented service behaves correctly in its environment~\cite[page 135]{c31}.