Specification and Verification of Context-dependent Services

Current approaches for the discovery, specification, and provision of services ignore the relationship between the service contract and the conditions in which the service can guarantee its contract. Moreover, they do not use formal methods for specifying services, contracts, and compositions. Without a formal basis it is not possible to justify through formal verification the correctness conditions for service compositions and the satisfaction of contractual obligations in service provisions. We remedy this situation in this paper. We present a formal definition of services with context-dependent contracts. We define a composition theory of services with context-dependent contracts taking into consideration functional, nonfunctional, legal and contextual information. Finally, we present a formal verification approach that transforms the formal specification of service composition into extended timed automata that can be verified using the model checking tool UPPAAL.

💡 Research Summary

The paper addresses a critical gap in Service‑Oriented Architecture (SOA) research: the lack of a formal treatment of the relationship between a service contract and the contextual conditions under which the contract can be guaranteed. Existing approaches typically focus on functional interfaces and, at best, on static QoS attributes, while ignoring legal constraints and the dynamic context of both providers and requesters. To remedy this, the authors introduce a comprehensive formal framework called ConfiguredService, which bundles together functional specifications, non‑functional properties, legal rules, and contextual information into a single, mathematically defined entity.

A ConfiguredService is defined as a 4‑tuple ⟨Λ, α, β, σ⟩ where:

• Λ is a set of parameters, each a triple (datatype, variable, constraint).
• α is a set of attributes (metadata such as version).
• β is the context, modeled as a pair ⟨r, c⟩ with r a logical constraint and c a collection of dimension‑tag pairs (e.g., WHERE → location, WHEN → time, WHO → identity). Context rules are expressed in a fragment of Timed Computation Tree Logic (TCTL), allowing temporal constraints to be captured.
• σ is the contract, itself a 3‑tuple ⟨f, κ, l⟩ comprising the service function f, a set of non‑functional properties κ, and a set of legal issues l.

The service function f is a 4‑tuple ⟨g, i, pr, po⟩ where g (signature) includes the function name, parameter list, and network address; i (result) defines the output name and its parameters; pr and po are pre‑ and post‑conditions expressed as logical constraints over parameters.

Non‑functional properties κ are modeled as a 6‑tuple ⟨ρ, ε, η, ψ, p, tr⟩ covering safety (time and data guarantees), security (set of protocols), availability (maximum repair time), reliability (mean time between failures), price (amount, currency, unit), and provider trust (client recommendations, lowest‑price guarantees, organizational endorsements). Legal issues l are a set of logical expressions that must not conflict.

Building on this foundation, the authors develop a composition theory for ConfiguredServices. They define composition operators (sequential, parallel, alternative, loop) that preserve and combine functional signatures, context constraints, non‑functional attributes, and legal rules. For example, in a sequential composition the post‑condition of the first service must satisfy the pre‑condition of the second, and the combined context rule is the logical conjunction of the individual rules. Non‑functional attributes are aggregated conservatively (e.g., the overall availability is the minimum of the component availabilities).

The paper illustrates the theory with a realistic roadside emergency assistance scenario. Three services—RepairShop, TowTruck, and CarRental—are modeled as ConfiguredServices, each with distinct parameters (e.g., CarBroken, RequestTruck), price structures, and context rules (location = Montreal downtown, car type = Toyota). The authors show how these services can be composed to fulfill a broken‑car request while respecting all contractual, non‑functional, and legal constraints.

For verification, the authors propose an automated transformation of a composed ConfiguredService into an Extended Timed Automaton (ETA). The transformation maps:

• Pre‑/post‑conditions to guard conditions and variable updates on automaton transitions.
• Time‑related safety guarantees to clock constraints.
• Context rules to additional guards expressed in TCTL‑compatible predicates.
• Legal rules to forbidden transitions, ensuring that any execution violating a legal clause is unreachable.

The resulting ETA is fed into the model‑checking tool UPPAAL. Using UPPAAL, the authors verify properties such as:

• Temporal correctness – the whole service chain completes within a specified deadline.
• QoS compliance – the aggregated price does not exceed a budget, and availability/reliability thresholds are met.
• Legal compliance – no execution path violates any declared legal rule (e.g., refund conditions, privacy constraints).

The verification yields either a proof of satisfaction or a counterexample trace that pinpoints exactly which component or context condition caused a violation, enabling developers to refine contracts or adjust composition strategies.

In the related work discussion, the paper contrasts its approach with prior service composition frameworks that either ignore context, treat non‑functional attributes as simple scalar metrics, or lack formal verification. By integrating context, legal constraints, and a rigorous verification pipeline, the authors provide a more holistic and trustworthy method for building service‑based systems.

The paper concludes by outlining future directions: handling dynamic context changes at runtime, scaling the approach to large service registries, enriching trust models with probabilistic reasoning, and integrating the framework with existing service discovery standards. Overall, the work makes a substantial contribution by delivering a mathematically sound, tool‑supported methodology for specifying, composing, and verifying context‑dependent service contracts.