Jun Li

My current project focus is to develop application prototype and solution architecture in a service-oriented environment for a shopping assistant system that aims to improve in-store customer shopping experiences. To the retailers, a richer and more engaging customer shopping experience is the key to retain loyal customers and increase the value of customers’ shopping baskets.

The overall solution architecture is based on service-oriented approach. Through web service invocation paradigm, the architecture uniformly supports shopping-related kiosk applications at different touch points (in physical stores, through home desktops, or by mobile devices). These touch points serve as the entries to the network of services provided by the retailers, their business partners that include manufacturers and banks/credit card companies , and other service providers that offer information brokerage and social-networking services. The architecture provides a common set of interfaces and services to enable networked service invocation and composition and data sharing. The customers are exposed to a rich set of information and advisory support, tailored to their own shopping experiences at different touch points.

The following are the basic design principles that we followed to build the system:

•  A uniform browser/web application presentation is provided across various touch points. End-user applications are developed as web-based application hosted remotely by a web server and these applications are accessed via the universal client browser installed at different touch points.
• Web service based invocation is the communication mechanism between service providers. Web services can be composed via workflow orchestration that supports asynchronous event-based interactions and human-in-the-loop.
• Seamless migration of shopping experiences between different touch points.
• Services can be personalized and customer privacies are enforced when delivering personalized services.
• A mobile device is a personal assistant to store personal information, to provide identity tokens, and to capture user interests and intention, and offers a service delivery platform that is an alternative or extension to an in-store kiosk platform.

Some core technologies that we have developed to enable this solution architecture includes:

• Multi-Channel Session Management: The system maintains a global user’s shopping session that crosses different platforms and touch points. The user can start a session at the store kiosk, save that session and continue the session at home, and then go to the store again and recall that same session at the store kiosk. Please consult [1] for details.
• Web Service Security: The SAML certificates are used to encode authentication and authorization decisions. A federated access control management derived from authorization-based access control is provided to enable cross-organization web service resource access. Please consult [2], [3] for details.
• Customer Privacy Protection: To protect customer privacies, we allow customers to specify access control policies on personal information at a fine granularity (down to a cell level in database tables), grouped by service access purposes (e.g., a grocery store shopping at Safeway) that can be dependent on services, services providers, and location of services. Please consult [4] for details.
• Event Notification: Certain real-time services such as product promotions and advisory support may not be immediately available to the customers. Our solution enables these services via asynchronous event-based interactions and service delivery. A web-service enabled eventing layer is built upon Microsoft Notification Services and follow the publish/subscribe paradigm. Service requests are translated as events and then routed to service providers that subscribe to these events. The responses from the service providers are also translated as events and delivered back to the requestors as event notifications, given that the requestors subscribe to these response events.

Selected Publications:

[1] I. Ari, J. Li, R. Ghosh and M. Dekhil, "Services: Providing session management as core business service," Proceedings of the 16th international conference on World Wide Web WWW '07, May 2007. (pdf)

[2]. Li, A. H. Karp, "Access Control for the Services Oriented Architecture, " Proceedings of the 2007 ACM workshop on Secure web services SWS '07, pp. 9-17, Nov. 2007. (pdf)

[3]J. Li, A. H. Karp, "Zebra Copy: A Reference Implementation of Federated Access Management," HPL-2007-105, July, 2007. Accessible via http://www.hpl.hp.com/techreports/2007/HPL-2007-105.html.

[4]W. Cheng, J. Li, K. Moore, A. H. Karp, "MUPPET: Mobile Ubiquitous Privacy Protection for Electronic Transactions," HPL-2006-141R1, Oct. 2006. Accessible via http://www.hpl.hp.com/techreports/2006/HPL-2006-141R1.html .