Secure Communication Layer for Scalable Networks of Learning Object Repositories

  • Marek Hatala
  • Griff Richards
  • Timmy Eap
  • Ashok Shah
Part of the Advanced Information and Knowledge Processing book series (AI&KP)


The eduSource Communication Layer (ECL) defines a set of services, middleware, and communication conventions that enable repositories and tools to communicate with each other. ECL was designed and implemented within the scope of the recommendations in the IMS DRI specification. The ECL has been deployed worldwide and connects repositories in Canada, the United States, Australia, the United Kingdom, and Europe. In this chapter we describe the design of ECL, its architecture, and its middleware components. We also describe novel ECL security infrastructure (ECL-SI) for Web services that provide the security framework for object repositories based on a trust federation. The security solution defines security profiles, infrastructure services, and middleware component for a low-barrier adoption by existing repositories. Although this infrastructure can scale to large networks; it is particularly sensitive to the needs of medium-sized and small organizations, which have complex attributes and accessing policies.


Scalable Network Simple Object Access Protocol Security Assertion Markup Language Simple Object Access Protocol Message Federate Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ACM. (1998) The ACM Computing Classification System 1998 version. http://www. Scholar
  2. 2.
    Arms, W.Y., Hillmann, D., Lagoze, C., et al. (2002) A spectrum of interoperability: the site for science prototype for the NSDL. D-Lib Magazine, 8(1). http://dx.doi.ord/10.1045/jamlorg2002-arms.Google Scholar
  3. 3.
    Bhargavan, K., Fournet, C., Gordon, A.D. (2004) Verifying policy-based security for web services. CCS’ 04: Proceedings of the 11th ACM conference on Computer and Communications Security. Washington, DC, USA: ACM Press, pp. 268–277.Google Scholar
  4. 4.
    Box, D., Ehnebuske, D., Kakivaya, G., et al. (2000) Simple Object Access Protocol (SOAP) 1.1.Google Scholar
  5. 5.
    Carmody, S., Erdos, M., Hazelton, K., et al. (2005) InCommon Technical Requirements and Information.Google Scholar
  6. 6.
    Carmody, S., Erdos, M., Hazelton, K., (2005) Shibboleth-Architecture v09.Google Scholar
  7. 7.
    Dalziel, J.R., Vullings, E. (2005) MAMS and Middleware: the easily solved authentication, authorisation, identity, single sign-on, federation, trust, security, digital rights and automated access policy cluster of problems. Educause Australasia.Google Scholar
  8. 8.
    DDC Dewey Decimal Classification.Google Scholar
  9. 9.
    Della-Libera, G., Hallam-Baker, P., Hondo, M., et al. (2002) Web services security policy language (WS-SecurityPolicy).Google Scholar
  10. 10.
    Gamma, E., Helm, R., Johnson, R. and Vlissides, J. (1995) Design Patterns. Reading, MA: Addison-Wesley.zbMATHGoogle Scholar
  11. 11.
    Gibbs, K., Goodman, B.D., Torres, E. (2003) Create Web services using Apache Axis and Castor. IBM Developer Works.Google Scholar
  12. 12.
    Gordon, A.D. and Pucella, R. (2002) Validating a Web service security abstraction by typing. XMLSEC’ 02: Proceedings of the 2002 ACM workshop on XML security. ACM Press, pp. 18–29.Google Scholar
  13. 13.
    Guttman, J.D., Herzog, A.L. (2005) Rigorous automated network security management, International Journal of Information Security, 4(1–2):29–48.CrossRefGoogle Scholar
  14. 14.
    Hatala, M., Richards, G., Thorne, S., Merriman, J. (2004) Closing the interoperability gap: connecting open service interfaces with digital repository interoperability. Proceeding of the Ed-Media Conference, pp. 78–83.Google Scholar
  15. 15.
    Hatala, M., Richards, G. (2002) Global vs. community metadata standards: empowering users for knowledge exchange. In: Proceedings of the First International Semantic Web Conference on the Semantic Web. New York: Springer-Verlag, pp. 292–306.Google Scholar
  16. 16.
    IEEE. (2004) 1484.12.1: IEEE Standard for Learning Object Metadata, IEEE Learning Technologies Standards Commitee.Google Scholar
  17. 17.
    IMS. (2003) IMS Digital Repositories Interoperability—Core Functions Information Model.Google Scholar
  18. 18.
    Koper, R., Tattersall, C. (Eds.) (2005) Learning Design: A Handbook on Modelling and Delivering Networked Education and Training. New York: Springer-Verlag.Google Scholar
  19. 19.
    Lukell, S., Hutchison, A. (2003) Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework. Proceedings of the Southern African Telecommunications Networks and Applications Conference.Google Scholar
  20. 20.
    McCarthy, J. (2003) Reap Benefits of Document Style Web Services. IBM Developer Works.Google Scholar
  21. 21.
    Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K. (2004) Federated security: the shibboleth approach. Educause Quaterly, 4:12–17.Google Scholar
  22. 22.
    Nadalin, A., Kaler, C., Hallam-Baker, P., Monzillo., R. (2004) OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004).Google Scholar
  23. 23.
    Nejdl, W., Wolf, B., Qu, C., et al. (2002) EDUTELLA: a P2P networking infrastructure based on RDF. Proceedings of the Eleventh International Conference on World Wide Web. ACM Press, pp. 604–615.Google Scholar
  24. 24.
    Pozza, D., Sisto, R., Durante, L. (2004) Spi2Java: Automatic Cryptographic Protocol Java Code Generation from spi calculus. AINA’ 04: Proceedings of the 18th International Conference on Advanced Information Networking and Applications Volume 2IEEE Computer Society, pp. 400–405.Google Scholar
  25. 25.
    Richards, G., Hatala, M. (2004) POOL, POND and SPLASH: portals for online objects for learning. In: McGreal, R. (ed.) Online Education Using Learning Objects, London: Routledge Falmer.Google Scholar
  26. 26.
    Richards, G., Hatala, M. (2004) Semantic cobblestones: an interoperability mechanism for learning object repositories. In: McGreal, R. (ed.) Online Education Using Learning Objects. London: Routledge Falmer.Google Scholar
  27. 27.
    Scavo, T. (2005) Shibboleth Architecture: Technical Overview.Google Scholar
  28. 28.
    Simon, B., Miklos, Z., Nejdl, W., Sintek, M., Salvachua, J. (2003) Smart space for learning: a mediation infrastructure for learning services. Twelfth International Conference on World Wide Web.Google Scholar
  29. 29.
    Song, D., Perrig, A. Phan, D.E. (2001) AGVI—Automatic Generation, Verification, and Implementation of Security Protocols.Google Scholar
  30. 30.
    Tatsubori, M., Imamura, T., Nakamura, Y. (2004) Best-practice patterns and tool support for configuring secure Web services messaging. ICWS’ 04: Proceedings of the IEEE International Conference on Web Services (ICWS’04) IEEE Computer Society, pp. 244–251.Google Scholar
  31. 31.
    Tourzan, J., Koga, Y. (2004) Liberty ID-WSF Architecture Overview. Version 1.0, Liberty Alliance Project.Google Scholar
  32. 32.
    Van de Sompel, H., Lagoze, C. (2003) Notes from the Interoperability Front: A Progress Report on the Open Archives Initiative. ECDL 2002 LNCS 2458. New York: Springer, pp. 144–157.zbMATHGoogle Scholar
  33. 33.
    Wiley, D. (2001) Instructional Use of Learning Objects.Google Scholar

Copyright information

© Springer-Verlag London Limited 2007

Authors and Affiliations

  • Marek Hatala
    • 1
  • Griff Richards
    • 1
  • Timmy Eap
    • 1
  • Ashok Shah
    • 1
  1. 1.Laboratory for Ontological Research School of Interactive Arts and TechnologySimon Fraser UniversitySurreyCanada

Personalised recommendations