A Secured Interoperable Data Exchange Model

Interoperability enables peer systems to communicate with each other and use the functionality of peer systems effectively. It improves ability for different systems to exchange information between cooperative systems. It plays a vital role in educational information system institutions. Practically, there are two main technical reasons that restrain the interoperability of the system. First, these systems may be developed under various operating systems, programming languages and different database management systems. Second, the obsessions of security greatly impact the execution of interoperability among various educational institutions. This paper proposes a new RESTful secured interoperable model for data exchange among different information system. This will help educational information system to exchange data among them with a pre-defined standard format of messages. Additionally, this paper designed Cross Platform Web Application Interoperability Protocol (CPWAIP) to facilitate the interaction among components of the proposed model. Keywords—Data sharing; security; integrity; and protection


I. INTRODUCTION
The IEEE defines interoperability as the "Ability of a system or a product to work with other systems or products without special effort on the part of the customer" [1], [2].Interoperability means that different systems are related together with removed incompatibilities between them.It improved ability for different systems to exchange information between cooperative systems.Semantic interoperability, structural interoperability and syntactic interoperability are three different levels of interoperability [3].
Hence, Interoperability plays a vital role for educational information system to make the content accessible in different systems as well as by collaborative and cross-organizational learning and teaching [4].Interconnection between various educational systems in order to exchange information about students who move from campuses to another are needed nowadays [5].Practically, there are two main technical reasons that restrain the interoperability of the system.First, these systems may be developed under various operating systems, programming languages (i.e., Java, and Dot.Net), and different database management systems (DBMS) (i.e., SQL Server, MySQL, and Oracle) and standards that make it difficult to achieve data sharing and interoperability among them [6].Second, the obsessions of security greatly impact the execution of interoperability among various information system institutions.
Many models or systems have been proposed to solve data exchange among various information systems.However, most of the proposed models are based on peer-to-peer communication among information system [7], [8].A peer-topeer communication imposes new security challenges to interoperability among information systems.Thurs, there is a need for new models that handle these security issues.
In this paper, the researchers propose a new RESTful secured interoperable model among different educational information system.This will help educational information system to exchange data among them with standard format of messages.Limitation of proposed model is suitable only for educational information system.Additionally, the researchers were designed Cross Platform Web Application Interoperability Protocol (CPWAIP) to facilitate the interaction between internal component and external components of the proposed model.
The rest of the paper is organized as follows: Section 2 provides a background overview for cloud computing and web service.Section 3 describes the proposed model components.Section 4 Applying proposed model between different educational information systems.The last section concludes the paper with final remarks.

II. BACKBOARD OVERVIEW
This section consists of two parts.The first part presents introduction for cloud computing.The second part of introduction is for web service.The third part presents the related work focusing on interoperability between different educational information systems.

A. Cloud Computing
Recently, cloud computing is a hot topic all over the world [9], [10].In 2006, Google's CEO, Eric Schmidt, proposed the word "cloud" to describe the business model of providing services across the internet.The term cloud was used as marketing concept [11].Cloud computing means to provide remote service to users and customers to store and process data without the need to having hardware equipment.It, also, provides the ubiquitous network access anywhere, anytime and from any platforms [12].It is considered as a sharing architecture of the IT trends, in which a third party provides highly scalable, reliable on demand software, hardware, and infrastructure services with agile management capabilities [13], [14].Cloud computing is divided into three major types of services; public, private and hybrid [15]- [17].
Public cloud provides an open environment that enables any user to access the service over the Internet.Private cloud concerns data security and provides smooth control that is not available in public cloud.Hybrid cloud is the combination of public and private cloud.www.ijacsa.thesai.orgServices offered by cloud providers are of three types; Infrastructure as a Service (IaaS), Platform as aService (PaaS) and Software as aService (SaaS) [18]- [20].

B. Web Service
Web service is defined as an interface that helps desperate, heterogeneous environments to communicate among each other effectively, in the form of XML messages (Extensible Markup Language) or JSON [21].Web services have become a popular way of offering online services by businesses [22], [23].Simple Object Access Protocol (SOAP) over HTTP is traditionally web service which provides a decentralized, distributed XML-based messaging framework between peers.SOAP is an xml based Remote Procedure Call (RPC) solution while HTTP is a much more lightweight solution where resources are managed by HTTP interactions [24].
REST (Restful Sate transfer) is another inherently resource oriented service [25], [26].REST is an architectural style when used in applications that utilize HTTP features (URI, response code, and query-methods GET, POST, PUT, and DELETE) to work on the API users [27].

C. Related Work
There are many studies conducted to solve the problem of interoperability among different information systems.For example:  The Ministry of Education of China [28] proposed Education Management Information System Interoperability Framework (EMIF) to address the challenges of sharing data and integrating different colleges and departments.EMIF used SOA (Service Oriented Architecture) in integrating various EMIS in tertiary education. Z. Xiao-guang, et al. [29] uses SOA to apply interoperability between medical information systems (MISs).So, Each MISs build services interface without modifying the existing systems in each hospital.The proposed model was used to exchange information between different MISs.
 D.Zhou [30] proposed SOA-based education information system interoperability model to improve the interoperability of educational information systems.The proposed model is based on WCF and SOA.This proposed model is composed of the Education Information Interoperability Center (ZIS) and Agents.
ZIS is used to exchange information between registered agents.
 SIF Association [31] proposed School Interoperability Framework (SIF) to enable interoperability and data sharing among different educational information systems.SIF specification consists of two key parts: SOA and XML.SOA specification aimed for sharing information between institutions.XML specification aimed for modeling educational data according to the educational locale.
 A. A.Chandio, et al. [32] proposed a system integration of interconnectivity of information system (i3) for the University of Sindh (UoS) Pakistan.This system is designed to share and exchange the information associated with students of different departments in the institution.The system i3 is based on SOA and XML. A. Sayed [8] 2016 Proposed data exchange protocol for educational information system.
Each educational system established peerto-peer communication among all systems of educational information system www.ijacsa.thesai.org R. Jessadapattharakul, et al. [7] proposed data exchange protocol for healthcare service in Thailand.This model is used to data exchange system by using cloud-based service platform.This platform is based on PaaS (Platform as a service) to provide a service for health institutes.Healthcare data is exchange between medical institutes under pre-defined standard.
 A. Sayed, et al. [8] proposed interoperable architecture for educational software systems.This paper introduced data exchange platform for educational information system based on RESTful web service.The proposed data exchange platform for educational system is based on a cloud-based service platform.
All proposed architectures are a good starting point for addressing the problem of data exchange among different kind of information system institutions.Unlike these researches, our work tries to: Table I presents a summary of all the works that were reviewed.This table includes the authors, the publication year, the focus of the study and its main shortcomings.

III. PROPOSED MODEL
The main objective of proposed model is to exchange data among multiple educational system institutions.In the proposed model, a cloud-based service platform is using for data exchange platform for educational which is based on PaaS (Platform as a service) to provide a service for exchange and conversion of data into a pre-defined standard format.Additionally, Cross Platform Educational Application protocol (CPEAP) designed to facilitate the interaction between internal component and external components.

A. Component of the Proposed Model Architecture
The component of the proposed model can be classified into two categories: internal component and external component.The internal component includes services which provide on this platform.The external component is used to communicate with internal component.As shows in Fig. 1, the proposed model consists of the following components:  The main components of the proposed model are discussed briefly in the following subsections: a) Message queue Message Queue provides an asynchronous messaging service that facilitates huge amount of concurrent messages among various external components.

b) Directory services
It is used for a central directory that keeps the educational information data.It contains educational UUID, educational name, URL methods invoke and public key infrastructure (PKI).

c) Web service endpoint
Web service endpoint is a web address (URL) which will return response messages with a pre-defined standard to client according to request message.Both internal component and external component build its own web service endpoint to exchange messages with each other.Table II shows proposed web service endpoint at internal component.Table III shows proposed web service endpoint at external component.

d) Web application interoperability system
Web application Interoperability System (WAI) is web application interface used for communicating with internal components to retrieve response messages.

e) Web Based-API/Services
Web Based-API/Services is an application programming interface (API) used when internal and external components application needs to access web service endpoint of internal and external components.

f) Cross platform web interoperability application system
Cross Platform Web interoperability Application System (CPWAIS) is web application interface that enables a system to communicate with the other authorized systems in order to exchange data.

g) Information conversion services
It is used for compose and decompose educational data into a pre-defined standard.This data is based on JSON that is proposed in this model.

h) DataBase
Database is used to store registration data of educational information system like educational name, region, country, URL methods invoke and PKI.It also is used to cache request message of educational information system and response messages from other educational information system.Cached data will be released after 6 months.In registration form, each educational information system determines if the data will be cached on database.

B. Cross Platform Web Interoperability Application Protocol
CPWAIP uses HTTP as a protocol to communicate by defining a request and response message between internal and external components.This section presents application protocol standard format, security and privacy and mechanism and usage scenario.

1) Application Protocol Standard Format:
In proposed CPWAIP, a request and response message contains HTTP Header and HTTP Body.HTTP Header contains some metadata of sender educational information system.HTTP Body contains request and response query from educational information system.Table IV shows proposed HTTP headers which starts with a prefix "WAI-Service".According to use different format for storing data, each educational information system have to pre-defined standard format for sending and receiving messages between them.Table V shows proposed data standard format for sending a query to other educational information system.The first column is the attribute.The second is the type of each attribute.The third column is the Null option, which specifies whether the field can be empty in some case.Finally, it is a description of attributes.
Table VI shows proposed data standard format for response from educational information system.The first column is the attribute.The second is the type of each attribute.The third column is the Null option, which specifies whether the field can be empty in some case.Finally, it is a description of attributes.
2) Security and Privacy: The security and privacy of educational information system data is the important issue for educational information system, so this model need to secure data transmitted between external components and internal components as following (Fig. 2):  Each educational information system needs to register with CPWAIS by creating an account to log into the system.The CPWAIS generates unique identifier (UUID) for a certificate.
 Using PKI keys (Public Key Infrastructure) encrypt all data before transmission.Each registered educational information system generates two PKI key sets.Fig. 5 shows secure information flow response data from educational system B after educational system A retrieves requested data and response data cache in CPWAIS.(M = original message, Enc = encryption function, Dec = decryption function, ES= educational system, CPWAIS= Cross Platform Web interoperability Application System).
3) Mechanism and Usage Scenario: Fig. 6 shows sequence diagram for full registration of information system institutes.Information system institutes fills application form and submits data to CPWAIS.CPWAIS auto validate enter data if data is true CPWAIS generates Universally Unique Identifier (UUID) and sends to register Information system institutes.Educational system receives and stores UUID in its own transaction database then it generates two keys set (PK1, PK2) then sends public key of first key set to CPWAIS which shall be stored it in its own transaction database.Fig. 7 shows sequence diagram when registered educational system A requests from other registered educational system B and requested data is not cached in CPWAIS and educational system B allows caching data at CPWAIS.Educational system A identifies requested data using proposed a pre-defined standard format for sending message.Educational system A encrypts message and HTTP header and sends it to CPWAIS.CPWAIS decrypts message and header.CPWAIS don't find requested data in cached data.CPWAIS encrypts message and header using public key of educational system B. Educational www.ijacsa.thesai.orgsystem B receives encrypted message and encrypts it using his own private key (PK1).Educational system B executes query for requested data and format response with propose a predefined standard format for response message.Educational system B encrypts response message with own private key (PK1) and sends it to CPWAIS.CPWAIS encrypts message using stored pubic key (PK1) of WAI system B. CPWAIS caches data in its own data base and encrypts message using public key (PK2) of educational system A. educational system A receives encrypted message and decrypts message using its own private key (PK2).Fig. 8 shows sequence diagram when registered educational system A requests same data from other registered educational system B, which is cached in CPWAIS.Educational system A identifies request data using propose a pre-defined standard format for sending message.Educational system A encrypts message and HTTP header and sends it to CPWAIS, then it decrypts message and header.CPWAIS search for the request in cached data on CPWAIS data base and finds requested data on cached database.CPWAIS encrypts requested data using public key (PK2) of educational system A and will send encrypted message to it.Educational system A receives encrypted message and will decrypts message using own private key (PK2).

IV. APPLING PROPOSED MODEL AMONG DIFFERENT EDUCATIONAL SYSTEM
The proposed model was applied between two universities in Egypt.Cross Platform web Interoperability Application System CPWAIS was hosted on a cloud environment.Amazon is the service provider that was selected for hosting the system.Fig. 9 shows the registration web form used for the system users to enter their educational name, region, country, URL method, etc.Then, CPWAIS generated UUID for the registered universities as shown in Fig. 10.Fig. 11 shows the public keys generated for securing data exchange.The web form presented in Fig. 12 was used for retrieving the data form the different registered systems.

V. CONCLUSION AND FUTURE WORK
Interoperability plays a vital role in information system institutions.However, most of the proposed models are based on peer-to-peer communication among information system.This paper proposed a novel interoperable model to secure exchanging data among different system.Additionally, Cross Platform Educational Application protocol (CPEAP) designed to facilitate the interaction between CPWAIS and different information systems.The proposed model was applied on the educational information systems in Egypt.This model enhanced the security aspects for data exchange among different information systems.It is recommended as a future work to apply the proposed model in other environments, such as healthcare, e-government, etc.
Proposes a new RESTful secured interoperable model among different educational information system. Design Cross Platform Web Application Interoperability Protocol (CPWAIP) to facilitate the interaction between internal component and external components of model.

Fig. 4 Fig. 4 .Fig. 5 .
Fig. 4 shows secure information flow response data from educational system B after educational system, A retrieves requested data.(M = original message, Enc = encryption function, Dec = decryption function, ES= educational system, CPWAIS= Cross Platform Web interoperability Application System).

TABLE I .
SUMMARY OF THE PREVIOUS WORK