Self test questions and answers

Self Assessment Questions & Answers

Chapter 1	Chapter 2	Chapter 3	Chapter 4	Chapter 5	Chapter 6
Chapter 7	Chapter 8	Chapter 9	Chapter 10	Chapter 11	Chapter 12

1.1 Name five reasons why to build distributed systems
Scalability, openness, heterogeneity, fault-tolerance and resource access and sharing.

1.2 What is the difference between a client/server and a distributed system
In a client/server model, clients use the services offered by the server components. In a distributed system a server component can be the client component of another server component, leading to a n-tier architecture.

1.3 Is a three-tier architecture a distributed system
Yes

1.4 Why do we not build every system as a distributed system?
Not all systems are distributed by nature. In some cases the hardware and the implementation language are completely homogenous and are all physically based in the same location., in which case no advantages would be gained by building it as a distributed system.

1.5 What is the relationship between requirements engineering and distributed systems?
Requirements engineering is the first step of software development for distributed systems. It specifies all the functional and non-functional requirements of the application.

1.6 What are the eight dimensions of transparency in distributed systems?
Access, Location, Migration, Concurrency, Replication, Failure, Performance, Scalability

1.7 What can the transparency dimensions be used for?
It hides the complexities of distributed systems, offering the user a single integrated facility.

1.8 What is the difference between location and access transparency?
Access transparency states that method invocations to local and remote objects interfaces must seem identical to the user. Location transparency states that components should be able to be identified in a manner non-dependent on their physical location.

1.9 What are the differences between performance and scaling transparency?
Performance transparency is viewed from the perspective of a single request, whereas scalability transparency considers how the system behaves if more components and more concurrent requests are introduced.

2.1 What is an object?
Objects are entities made up of attributes and methods. The attributes describe the state of an object and the methods provide a communication interface between an object and others. Objects are identified by their unique object identifier.

2.2 What is an object type?
Object types describe the attributes and operations supported by a set of common objects.

2.3 What is an object request?
This is equivalent to a method invocation, where one object requests a service supported by another object, passing it any required parameters.

2.4 What is the difference between an object and an object type?
An object is an instance of an object type.

2.5 How are services modelled in an object-oriented component model?
Services are operations that a components exports ie makes public in its interface.

2.6 Why does a meta-object model for distributed objects also include non-object types?
It can be more efficient to construct complex data from simple data types without having to involve the overhead imposed by objects.

2.7 Give examples when you would use polymorphism in the design of distributed objects.
It allows one to parametrize an operation with a particular type and all its sub-types. Its also used with late-binding to determine the specific operation or type to be used dynamically.

2.8 In which stage of the software process would you utilize UML use case diagrams?
Requirements analysis

2.9 What are UML sequence diagrams used for?
They show the dynamic behaviour of the system for a given scenario.

2.10 What is the difference between private, protected and public declarations in UML class diagrams?
Private declarations are only accessible by the object to which they belong. Protected declarations are accessible by the object to which they belong as well as any other objects that have inherited from that class. Public declarations are accessible by all objects.

2.11 What consistency relationships have to hold between sequence diagrams and class diagrams?
Class diagrams provide a type-level perspective, whilst sequence diagrams present a scenario at an instance level of abstraction.

2.12 Explain eight reasons why distribution has to be considered during the design of distributed objects.

Life cycle

Object references

Request latency

Object activation

Parallelism

Communication

Failures

Security

3.1 Name the seven different layers of the ISO/OSI reference model.
Physical, Data link, Network, Transport, Session, Presentation & Application layer

3.2 On which layer does object middleware build?
Transport Layer

3.3 Which layers does the middleware implement?
Session and Presentation layers

3.4 Give six reasons why it is not a good idea to use the transport layer directly.
Doing this would shift the responsibility of the following onto the application developer:

The encoding of complex data structures into byte streams.

Mapping of different data encoding due to the use of different hardware and programming languages.

Dealing with object references in terms of domain names and port numbers.

Implementing component activation, to start up dormant objects.

Handling type safety checks which is tedious and error prone.

Implementing synchronization between the client and the server, for invoking a request and receiving the results of it.

3.5 What concerns does the session layer implementation of object oriented middleware address?
Mapping of object references to hosts, an implementation of primitives for activation and de-activation, invocation of the requested operation and synchronization of the client and server.

3.6 What are the two principal tasks that the presentation layer implements?
Resolution of data heterogeneity and mapping of complex data structures into streams of bytes and vice versa.

3.7 What concerns are specified in the interface definition that are typically not determined in an object-oriented design using the UML?

3.8 What are the principal products that an interface definition language compiler produces?
Client and server stubs.

3.9 What is type safety?
This ensures that an operation requested by a client is supported by a server object as stated in the operation's signature.

3.10 How do client and server stubs contribute to achieving type safety?
They act as a contract between the client and server to which they must both abide. Any breach of contract will be flagged during compile time.

3.11 Name three non-object-oriented classes of middleware.
Tranaction-oriented, Message-oriented & Remote Procedure Call (RPC) middleware

3.12 When would you use which class of middleware?

Transaction-oriented middleware is used in architectures where components are database applications.

Message-oriented middleware supports asynchronous message delivery very naturally.

RPCs are used to implement distributed object requests.

3.13 Why are the distinctions between these classes blurring?
This is due to the occurrence of object-transaction monitors and introduction of message communication between distributed objects.

4.1 What are the commonalties between the object models of CORBA, COM and RMI?
They all separate the notion of interfaces and implementation. They all support inheritance and specify a common root object from which all other objects are derived. All object models are statically types, support a restricted form of polymorphism, have support for dealing with failures during object requests. Finally all three provide generators for client and server stubs to implement the presentation layer and treat attributes as operations.

4.2 What are the differences?

4.3 Why do COM and RMI not have attributes in their interface definition languages?
Attributes may have a structured type and they would then have to be marshalled and unmarshalled in the same way as operation parameters or results. Attribute accesses or updates could fail for the same reasons as operation calls and these failures should be treated in the same way. Treating them as operations gives flexibility to the server object designer as to how the attribute should be imple-mented.

4.4 How does CORBA get around this problem?
By having non-object types.

4.5 Why do all middleware systems support detection and handling of failures?
It allows them to deal with application specific errors in a manner specified by the developer. Thus enabling developers to customize the way in which the system behaves in a variety of erroneous conditions.

4.6 How does object activation work in CORBA, COM and RMI?
CORBA uses object adapters, in COM its implemented by the Service Control Manager and in Java RMI the activator implements activation.

4.7 Explain the reasons why CORBA, COM and RMI distinguish interfaces from implementations?
It allows developers to decouple the notion of the interface to a component from its actual implementation, thus allowing us to modify the implementation in a transparent manner.

4.8 Explain why the form of restricted polymorphism that is available in CORBA, COM and RMI is type-safe.
It is not possible to redefine the static type of an attribute and its dynamic type has to be a subtype of the static type. Moreover the signature of an operation cannot be changed.

5.1 We have argued that the approach of using language bindings to a common IDL reduces the number of language mappings. When is this not the case?

5.2 What is the position with respect to transparency if there is no common interface definition language?

5.3 How is multiple inheritance in CORBA/IDL treated in the Ada programming language binding.

5.4 What is the difference between interworking and interoperability?
Interoperability specifications determine how different implementations of the same middleware work together. Interworking defines how different middleware standards are integrated. Interworking is more difficult to achieve.

5.5 Explain situations in which you would wish to use more than one middleware.
The need to use different programming languages that are not all supported by a single middleware or the availability of different hardware platforms. For example COM would be the middleware of choice for Windows based machines.

5.6 How does the designer of a client object use IIOP?

5.7 What is a bridge?
These translate a request from the domain of one middleware implementation to another implementation.

5.8 What are the differences between in-line and request level bridging?
In-line bridges are built into the core of the middleware and implement standardized interoperability o the protocols. Request level bridges, on the other hand are built on top of a middleware by application developers to implement interoperability for a middleware that does not itself implement a standardized interoperability protocol.

5.9 What type of bridging is prescribed by the COM/CORBA Interworking specification?

5.10 Identify the three three ways to resolve data heterogeneity!

5.11 Explain the difference between little endian and big endian data representations.
In a big endian representation the highest significant byte is at the end of a four byte sequence. In a little endian representation the same integer would be represented with the lowest significant byte at the end of a four byte sequence.

5.12 CORBA does not convert little into big endian representation when sending a message. Where is the conversion done? What is the advantage of this approach?
This is done during request marshalling. This has the advantage that the computationally-intensive conversion is not needed when request data is being sent between two machines that use the same representations.

5.13 COM and CORBA resolve data heterogeneity using a standardized data representation. Under which circumstances would you choose to resolve data heterogeneity yourself at the application layer?

5.14 Is it possible to resolve data heterogeneity, middleware heterogeneity and programming language heterogeneity in a way that is completely transparent to client and server object programmers?

6.1 What is the difference between static and dynamic invocation?
Static invocations are planned at compilation time, whereas dynamic invocation can take place any time during the running time.

6.2 What is COM's equivalent to CORBA's InterfaceDef?
The ITypeInfo interface.

6.3 What is the advantage of the use of COM's DISPIDs compared to the CORBA approach of passing identifiers as strings?
It contributes to type-safety and s more efficient.

6.4 What has the designer of CORBA server objects to do in order to support dynamic requests?
They have to implement the IDispatch interface.

6.5 Dynamic invocation does not need client stubs. Which components perform the marshalling, unmarshalling and heterogeneity resolution in this case?

6.6 Why can Java's Reflection API not be applied to obtain run-time type information for Java remote method invocations?

6.7 CORBA supports three different ways to locate an InterfaceDef. What are these three ways?
1) Directly obtain a reference to the type of the object.
2) Perform queries to obtain type information.
3) Discover all the type information that is registered by navigating the Interface Repository.

6.8 When would you use these?
1) When the client has an object reference, by using the Get_interface method
2) When the client knows the type information by name
3) When we don't know any of the above two

6.9 Why are the dynamic invocation interface and the interface repository always used together?
The interface repository provides reflection, enabling clients to discover the services that an object supports.

6.10 What are the trade-offs of using dynamic as opposed to static invocation?
Dynamic invocations are more expensive in term of time and development effort and are inherently unsafe. Dynamic invocation is well supported by COM and CORBA, and is needed when clients have to be built before the interface definition of their server.
Errors that might have been found at compile-time with static invocations are only detected as run-time exceptions with the dynamic invocation interface.

7.1 Which non-functional requirements can be addressed using CORBA's dynamic invocation interface?

7.2 Is there any dependency between dynamic and multiple requests?

7.3 What are the differences between multiple requests and group requests?
A group request is where a client requests execution of the same operation from multiple server objects. A multiple request is where a client requests the execution of different operation from different server objects.

7.4 How could group requests be implemented using message queues?

7.5 Primitives for oneway and deferred synchronous requests are only available in CORBA. How can they be implemented for Java RMIs or DCOM?

7.6 Asynchronous requests seem much more efficient than synchronous requests. Why are they not used all the time?

7.7 How would you implement deferred synchronous remote method invocations in Java?

7.8 How do the two CORBA DII operations send and invoke differ?
T

7.9 When would you use threads and when would you use message queues to implement asynchronous requests?
Message queues are used when we need to decouple the notion of making a request and actually processing that request. This often arises due to global distribution with much higher network latency or execution of objects in different time zones.
The threading approach can be used in more real-time instances where we assume that the server object is executing the requested operation while a thread in the client waits for the results.

8.1 What is location transparency?
It enables client objects to access the services provided by server objects without knowing the server's physical location.

8.2 What are the differences between location transparency and access transparency?

8.3 Why do naming and trading not contribute to achieving access transparency?

8.4 CORBA object identifiers contribute to achieving location transparency as clients can use them to request a service from the objects. Why is this not sufficient?

8.5 Give reasons for organizing name servers hierarchically.
It makes the process of finding name bindings more efficient, minimizes the chances of name conflicts and a list operation does not overwhelm the user with a large amount of information.

8.6 What are the advantages of composite names?
They minimize the number of resolve requests, in order to obtain the reference of an object.

8.7 How many different CORBA naming context objects can successfully reveal the same object?
** There are no limits set

8.8 Explain the main differences between the CORBA naming service and the Internet DNS.

8.9 What are the two most important operations of any name server?
Bind and resolve

8.10 Why does the list operation of the CORBA Naming service return multiple name bindings rather than one binding at a time?
** This would cause a higher communication overhead and the Naming service operates in a stateless manner and so there is no notion of a client session.

8.11 What is the difference between the scope of names in CORBA IDL and the scope of names in the CORBA Naming service?

8.12 Why does the CORBA Naming service not have a lookup operation that only checks whether a name has been defined?

8.13 How can two different ORBs make their respective name servers known to each other?

8.14 Explain the differences between naming and trading.
Naming services are used when a client knows the name of the server object and needs to find the reference to it. Trading services operate at a more abstract level of the client only knowing the type of service that it needs and doesn't know of any objects that offer that service.

8.15 When would you use naming and when would you use trading for locating objects?
Naming services are used when the client object has prior knowledge about a specific server object, often this is defined statically. Trading is used when a client object knows nothing about any specific server objects but needs to find server objects who can service its requests and can meet the criteria included in the request.

8.16 Who decides which technique is to be used, the engineer of the client object or the engineer of the server object?
** Both

8.17 Apart from those engineers, who else is concerned with location of objects?

8.18 Which roles do components play in trading?
Exporter, importer or trader of services

8.19 Who plays the same role as the CORBA trader object when considering the yellow pages of the telephone directory?
The company that prints and delivers the yellow pages..

8.20 What are the principal trading operations?
Register, withdraw, change, query and offer

8.21 What is the difference between a service type and an object type?
** An object type may be used in different services.

8.22 How are service type hierarchies and object type hierarchies related?
A service S is a subtype of of S' if the object type determining the functionality of S, is identical to or a subtype of the object type of S'. Therefore the same hierarchy is implemented in both.

8.23 Give examples where it is not sufficient to use a readonly property in service types.
An example would be where the property held the value of the Sterling Pound value to other currencies. The dynamic changes in the market could not be reflected in the property value.

8.24 What is the disadvantage of a modifiable property type definition?
** The value of the property can be changed dynamically and so if it represents a property such as a critical time range we may have to check it each time we'd like to use it.

8.25 What are policies used for in trading?
They are used by importers to determine how the trader should return the results of a query. Preferences include factors such as the maximum number of services returned or whether replacement services are acceptable.

8.26 What is the impact of preferences passed to a trader query on the sequence of offers returned.
They can be used to sort the results of a query, based on a service property.

9.1 What is the object life cycle?

9.2 Why is the concept of constructors not sufficient for creating objects in a distributed setting?
The new object may have to be created on a remote machine. By adhering to the location transparency principle the client creating the object nor the object itself should have to know where physically the object is being created.

9.3 What is the difference between a factory and a factory finder?
A factory is an object that creates other objects, whereas a factory finder is an object that locates a factory object.

9.4 Should a newly created object always be registered with a name server or a trader?
No

9.5 How is the host specified where objects should be migrated to?
In circumstances such as load-balancing the middleware may specify the host to which a local object migrates to. However its also possible for the target host to be specified by the application.

9.6 Why does this support location transparency, and to whom is it transparent?
A factory finder is chosen to return a reference to a factory object which can create a given object, therefore the location is hidden in factory finder objects. This is transparent to users of distributed applications, client designers and designers of server objects.

9.7 What are the differences between explicit and implicit object deletion?
Implicit object deletion is carried out by the run-time middleware, which is responsible for referential integrity. This is transparent to client programmers. An example of this is garbage collection.
Explicit object deletion operates by clients defining type specific delete operations. This puts the burden of maintaining referential integrity on the programmer.

9.8 In which situations do CORBA clients have to be aware of the fact that an object might have been deleted?
When the sever object has been deactivated through the object adapter and has been deleted. Future requests send to this server object will cause the middleware to return an error code or raise an exception.

9.9 What are the differences between aggregation and reference relationships?

9.10 What distinguishes composition relationships from other aggregation relationships?
This is where each component is at most part of one aggregate.

9.11 How are the objects determined that are components of a composite object?

9.12 What are the three support layers of the CORBA relationship service?
Base relationships, graphs of related objects and reference and containment relationships

9.13 How does the relationship service contribute to implementing composite objects?
Base relationships, graphs of related objects & reference and containment relationships.

9.14 What achieves that objects that are related by CORBA relationships do not need to be changed?

9.15 What is the trade-off of the fact that CORBA server objects are unaware that they might be involved in a CORBA relationship?
It simplifies the administration of composite objects, however it does cause considerable storage and run-time costs.

10.1 What is persistence?
It allows objects to survive the life time of the process in which they execute, by having their state recorded on non-volatile secondary storage.

10.2 Which server objects need take care of persistence?
Persistence state service

10.3 To whom is persistence transparent?
Client programmers and programmers of stateless server objects

10.4 What is the relationship between persistence and activation?
Activation is the process of using persistent forms of an object to create a representation of it in memory.

10.5 Why is persistence so important in distributed systems?
It allows objects to survive past the life time of the process in which they were executing, thus enabling objects to maintain their state after system shut-downs and failures.

10.6 What are the components of a persistent state service?
Datastores which are composed of storage objects, storage homes and keys.
Storage types and sessions

10.7 When would you prefer files over relational databases for achieving persistence?
The lightweight file approach is suitable where scalability, fault tolerance and multi-user capabilities are not part of the requirements.

10.8 Who makes the choice which datastore to use for achieving persistence?

10.9 When would you prefer relational databases over files for achieving persistence?
Where scalability, fault tolerance and multi-user capabilities are part of the requirements, such as a transaction service.

10.10 What is the impedance mismatch?
This is the gap caused by complicated mappings between objects and relational tables, in relational databases.

10.11 When are relational databases more appropriate for achieving persistence than object databases?
When managing large amounts of similarly structured data

11.1 What are the ACID properties of transactions?
Atomicity, consistency, isolation and durability

11.2 What is the difference between two-phase locking and two-phase commit?
Two-phase locking is a concurrency control technique for ensuring serializability of a shared resource. The two-phase commit protocol is concerned with the communication between the objects involved in a transaction.

11.3 What is lock compatibility?
This defines the combination of locks that can be acquired fo a shared resource without causing inconsistency.

11.4 When is the hierarchical locking protocol applied?
This is used to acquire locks on numerous objects by acquiring the lock of the composite object containing other objects.

11.5 What is the purpose of upgrade locks?
These are used when a transaction initially needs read access to an object, but already knows that will also need to acquire a write lock for that object at a later point.

11.6 Why are upgrade locks incompatible to themselves?
They would very likely result in deadlock

11.7 For which designers is concurrency control transparent?
Designers of transactional clients

11.8 When do designers of transactional servers not have to implement concurrency control?
If relational or object-oriented databases are used to achieve persistence

11.9 How does 2PL prevent inconsistent analysis?
2PL consists of a stage when an object acquires locks and a stage when it releases them. Once it has started releasing locks the object can't acquire any more locks. This ensures that no other objects can acquire write locks to a resource already locked by this object.

11.10 What are the three different roles that objects can play in distributed object transactions?
Transactional client, transactional server & transactional co-ordinator

11.11 Why do distributed transactions need two phases to commit?
Because there has to be a voting stage before committing.

11.12 How are the ACID properties implemented in distributed object transactions?

11.13 What is server uncertainty?
This refers to the phase after transactional server has voted for a commit and before it has received the commit request.

11.14 How is server uncertainty dealt with?
By storing the modifications of the transaction on temporary persistent storage.

11.15 Which tasks do the CORBA Transaction Service, MTS and JTS relieve the designer of?

12.1 Why are distributed systems inherently insecure?
The nature of the networking technology on which distributed systems are based allows one to use the public network to communicate with other systems connected to he network.

12.2 What are the security threats that distributed systems are exposed to?
Leakage, tampering, resource stealing, vandalism and a combination of these threats

12.3 What are the principle methods of attacking a distributed system?
Masquerading, eavesdropping, request tampering, replaying

12.4 How can distributed systems be infiltrated?
Attacks by legitimate users, obtaining legitimate user's identity, smuggling client or server objects

12.5 Which role does encryption play in securing distributed systems?
It prevents anyone from being able to read the content of messages on the network as well as providing authentication.

12.6 What is the difference between secret key and public key encryption?
Secret key encryption comprises of a secret key held by each party which must be kept away from all others at all times. Both of the communication parties use the same key.
Public key encryption operates by having a secret key and a public key and the public key must be distributed to anyone who wishes to communicate with you.

12.7 What is a key?
A key is a fixed length bit string that has been computed using a certain mathematical algorithm

12.8 How are keys distributed?
A common protocol used for public & secret key encryption systems is the Needham/Schroeder protocol. Whilst the protocol is different for public and private key encryption systems, they both involve communicating with a trusted Key Distribution server to obtain the key of the other party.

12.9 Why is the Needham/Schroeder protocol for public keys more complicated than the one for secret keys?
It has to distributed two keys for each pair of objects that wish to communicate.

12.10 Why are nonce used in the Needham/Schroeder protocol?
Detects replaying of messages

12.11 What is authentication?
Establishes a trusted association between the principal, who is using a client or on whose behalf a server is acting , and the credentials that the system maintains about this principal.

12.12 How are credentials managed in object-oriented systems?
Principals are associated with certain credentials during authentication. Those credentials determine the rights or privileges that have been granted to the principal.

12.13 What is the relationship between authentication and access control?
Access control is based on authentication in order to identify the principal requesting a service

12.14 Why is non-repudiation important for electronic commerce?
This makes users accountable for their actions, thus its used to prove whether electronic request and purchase for a product was actually made.

12.15 Why does non-repudiation hand out tokens for evidence rather than handing out the signed evidence?

12.16 What is the difference between auditing and the other distributed system security mechanisms?
Whilst other security measure use a proactive approach auditing is a reactive approach and is used to find out details after an attack has taken place.

12.17 How is eavesdropping and message tampering prevented in CORBA-based systems?

1.1	Name five reasons why to build distributed systems Scalability, openness, heterogeneity, fault-tolerance and resource access and sharing.
1.2	What is the difference between a client/server and a distributed system In a client/server model, clients use the services offered by the server components. In a distributed system a server component can be the client component of another server component, leading to a n-tier architecture.
1.3	Is a three-tier architecture a distributed system Yes
1.4	Why do we not build every system as a distributed system? Not all systems are distributed by nature. In some cases the hardware and the implementation language are completely homogenous and are all physically based in the same location., in which case no advantages would be gained by building it as a distributed system.
1.5	What is the relationship between requirements engineering and distributed systems? Requirements engineering is the first step of software development for distributed systems. It specifies all the functional and non-functional requirements of the application.
1.6	What are the eight dimensions of transparency in distributed systems? Access, Location, Migration, Concurrency, Replication, Failure, Performance, Scalability
1.7	What can the transparency dimensions be used for? It hides the complexities of distributed systems, offering the user a single integrated facility.
1.8	What is the difference between location and access transparency? Access transparency states that method invocations to local and remote objects interfaces must seem identical to the user. Location transparency states that components should be able to be identified in a manner non-dependent on their physical location.
1.9	What are the differences between performance and scaling transparency? Performance transparency is viewed from the perspective of a single request, whereas scalability transparency considers how the system behaves if more components and more concurrent requests are introduced.

2.1	What is an object? Objects are entities made up of attributes and methods. The attributes describe the state of an object and the methods provide a communication interface between an object and others. Objects are identified by their unique object identifier.
2.2	What is an object type? Object types describe the attributes and operations supported by a set of common objects.
2.3	What is an object request? This is equivalent to a method invocation, where one object requests a service supported by another object, passing it any required parameters.
2.4	What is the difference between an object and an object type? An object is an instance of an object type.
2.5	How are services modelled in an object-oriented component model? Services are operations that a components exports ie makes public in its interface.
2.6	Why does a meta-object model for distributed objects also include non-object types? It can be more efficient to construct complex data from simple data types without having to involve the overhead imposed by objects.
2.7	Give examples when you would use polymorphism in the design of distributed objects. It allows one to parametrize an operation with a particular type and all its sub-types. Its also used with late-binding to determine the specific operation or type to be used dynamically.
2.8	In which stage of the software process would you utilize UML use case diagrams? Requirements analysis
2.9	What are UML sequence diagrams used for? They show the dynamic behaviour of the system for a given scenario.
2.10	What is the difference between private, protected and public declarations in UML class diagrams? Private declarations are only accessible by the object to which they belong. Protected declarations are accessible by the object to which they belong as well as any other objects that have inherited from that class. Public declarations are accessible by all objects.
2.11	What consistency relationships have to hold between sequence diagrams and class diagrams? Class diagrams provide a type-level perspective, whilst sequence diagrams present a scenario at an instance level of abstraction.
2.12	Explain eight reasons why distribution has to be considered during the design of distributed objects. Life cycle Object references Request latency Object activation Parallelism Communication Failures Security

3.1	Name the seven different layers of the ISO/OSI reference model. Physical, Data link, Network, Transport, Session, Presentation & Application layer
3.2	On which layer does object middleware build? Transport Layer
3.3	Which layers does the middleware implement? Session and Presentation layers
3.4	Give six reasons why it is not a good idea to use the transport layer directly. Doing this would shift the responsibility of the following onto the application developer: The encoding of complex data structures into byte streams. Mapping of different data encoding due to the use of different hardware and programming languages. Dealing with object references in terms of domain names and port numbers. Implementing component activation, to start up dormant objects. Handling type safety checks which is tedious and error prone. Implementing synchronization between the client and the server, for invoking a request and receiving the results of it.
3.5	What concerns does the session layer implementation of object oriented middleware address? Mapping of object references to hosts, an implementation of primitives for activation and de-activation, invocation of the requested operation and synchronization of the client and server.
3.6	What are the two principal tasks that the presentation layer implements? Resolution of data heterogeneity and mapping of complex data structures into streams of bytes and vice versa.
3.7	What concerns are specified in the interface definition that are typically not determined in an object-oriented design using the UML?
3.8	What are the principal products that an interface definition language compiler produces? Client and server stubs.
3.9	What is type safety? This ensures that an operation requested by a client is supported by a server object as stated in the operation's signature.
3.10	How do client and server stubs contribute to achieving type safety? They act as a contract between the client and server to which they must both abide. Any breach of contract will be flagged during compile time.
3.11	Name three non-object-oriented classes of middleware. Tranaction-oriented, Message-oriented & Remote Procedure Call (RPC) middleware
3.12	When would you use which class of middleware? Transaction-oriented middleware is used in architectures where components are database applications. Message-oriented middleware supports asynchronous message delivery very naturally. RPCs are used to implement distributed object requests.
3.13	Why are the distinctions between these classes blurring? This is due to the occurrence of object-transaction monitors and introduction of message communication between distributed objects.

4.1	What are the commonalties between the object models of CORBA, COM and RMI? They all separate the notion of interfaces and implementation. They all support inheritance and specify a common root object from which all other objects are derived. All object models are statically types, support a restricted form of polymorphism, have support for dealing with failures during object requests. Finally all three provide generators for client and server stubs to implement the presentation layer and treat attributes as operations.
4.2	What are the differences?
4.3	Why do COM and RMI not have attributes in their interface definition languages? Attributes may have a structured type and they would then have to be marshalled and unmarshalled in the same way as operation parameters or results. Attribute accesses or updates could fail for the same reasons as operation calls and these failures should be treated in the same way. Treating them as operations gives flexibility to the server object designer as to how the attribute should be imple-mented.
4.4	How does CORBA get around this problem? By having non-object types.
4.5	Why do all middleware systems support detection and handling of failures? It allows them to deal with application specific errors in a manner specified by the developer. Thus enabling developers to customize the way in which the system behaves in a variety of erroneous conditions.
4.6	How does object activation work in CORBA, COM and RMI? CORBA uses object adapters, in COM its implemented by the Service Control Manager and in Java RMI the activator implements activation.
4.7	Explain the reasons why CORBA, COM and RMI distinguish interfaces from implementations? It allows developers to decouple the notion of the interface to a component from its actual implementation, thus allowing us to modify the implementation in a transparent manner.
4.8	Explain why the form of restricted polymorphism that is available in CORBA, COM and RMI is type-safe. It is not possible to redefine the static type of an attribute and its dynamic type has to be a subtype of the static type. Moreover the signature of an operation cannot be changed.

5.1	We have argued that the approach of using language bindings to a common IDL reduces the number of language mappings. When is this not the case?
5.2	What is the position with respect to transparency if there is no common interface definition language?
5.3	How is multiple inheritance in CORBA/IDL treated in the Ada programming language binding.
5.4	What is the difference between interworking and interoperability? Interoperability specifications determine how different implementations of the same middleware work together. Interworking defines how different middleware standards are integrated. Interworking is more difficult to achieve.
5.5	Explain situations in which you would wish to use more than one middleware. The need to use different programming languages that are not all supported by a single middleware or the availability of different hardware platforms. For example COM would be the middleware of choice for Windows based machines.
5.6	How does the designer of a client object use IIOP?
5.7	What is a bridge? These translate a request from the domain of one middleware implementation to another implementation.
5.8	What are the differences between in-line and request level bridging? In-line bridges are built into the core of the middleware and implement standardized interoperability o the protocols. Request level bridges, on the other hand are built on top of a middleware by application developers to implement interoperability for a middleware that does not itself implement a standardized interoperability protocol.
5.9	What type of bridging is prescribed by the COM/CORBA Interworking specification?
5.10	Identify the three three ways to resolve data heterogeneity!
5.11	Explain the difference between little endian and big endian data representations. In a big endian representation the highest significant byte is at the end of a four byte sequence. In a little endian representation the same integer would be represented with the lowest significant byte at the end of a four byte sequence.
5.12	CORBA does not convert little into big endian representation when sending a message. Where is the conversion done? What is the advantage of this approach? This is done during request marshalling. This has the advantage that the computationally-intensive conversion is not needed when request data is being sent between two machines that use the same representations.
5.13	COM and CORBA resolve data heterogeneity using a standardized data representation. Under which circumstances would you choose to resolve data heterogeneity yourself at the application layer?
5.14	Is it possible to resolve data heterogeneity, middleware heterogeneity and programming language heterogeneity in a way that is completely transparent to client and server object programmers?

6.1	What is the difference between static and dynamic invocation? Static invocations are planned at compilation time, whereas dynamic invocation can take place any time during the running time.
6.2	What is COM's equivalent to CORBA's InterfaceDef? The ITypeInfo interface.
6.3	What is the advantage of the use of COM's DISPIDs compared to the CORBA approach of passing identifiers as strings? It contributes to type-safety and s more efficient.
6.4	What has the designer of CORBA server objects to do in order to support dynamic requests? They have to implement the IDispatch interface.
6.5	Dynamic invocation does not need client stubs. Which components perform the marshalling, unmarshalling and heterogeneity resolution in this case?
6.6	Why can Java's Reflection API not be applied to obtain run-time type information for Java remote method invocations?
6.7	CORBA supports three different ways to locate an InterfaceDef. What are these three ways? 1) Directly obtain a reference to the type of the object. 2) Perform queries to obtain type information. 3) Discover all the type information that is registered by navigating the Interface Repository.
6.8	When would you use these? 1) When the client has an object reference, by using the Get_interface method 2) When the client knows the type information by name 3) When we don't know any of the above two
6.9	Why are the dynamic invocation interface and the interface repository always used together? The interface repository provides reflection, enabling clients to discover the services that an object supports.
6.10	What are the trade-offs of using dynamic as opposed to static invocation? Dynamic invocations are more expensive in term of time and development effort and are inherently unsafe. Dynamic invocation is well supported by COM and CORBA, and is needed when clients have to be built before the interface definition of their server. Errors that might have been found at compile-time with static invocations are only detected as run-time exceptions with the dynamic invocation interface.

7.1	Which non-functional requirements can be addressed using CORBA's dynamic invocation interface?
7.2	Is there any dependency between dynamic and multiple requests?
7.3	What are the differences between multiple requests and group requests? A group request is where a client requests execution of the same operation from multiple server objects. A multiple request is where a client requests the execution of different operation from different server objects.
7.4	How could group requests be implemented using message queues?
7.5	Primitives for oneway and deferred synchronous requests are only available in CORBA. How can they be implemented for Java RMIs or DCOM?
7.6	Asynchronous requests seem much more efficient than synchronous requests. Why are they not used all the time?
7.7	How would you implement deferred synchronous remote method invocations in Java?
7.8	How do the two CORBA DII operations send and invoke differ? T
7.9	When would you use threads and when would you use message queues to implement asynchronous requests? Message queues are used when we need to decouple the notion of making a request and actually processing that request. This often arises due to global distribution with much higher network latency or execution of objects in different time zones. The threading approach can be used in more real-time instances where we assume that the server object is executing the requested operation while a thread in the client waits for the results.

8.1	What is location transparency? It enables client objects to access the services provided by server objects without knowing the server's physical location.
8.2	What are the differences between location transparency and access transparency?
8.3	Why do naming and trading not contribute to achieving access transparency?
8.4	CORBA object identifiers contribute to achieving location transparency as clients can use them to request a service from the objects. Why is this not sufficient?
8.5	Give reasons for organizing name servers hierarchically. It makes the process of finding name bindings more efficient, minimizes the chances of name conflicts and a list operation does not overwhelm the user with a large amount of information.
8.6	What are the advantages of composite names? They minimize the number of resolve requests, in order to obtain the reference of an object.
8.7	How many different CORBA naming context objects can successfully reveal the same object? ** There are no limits set
8.8	Explain the main differences between the CORBA naming service and the Internet DNS.
8.9	What are the two most important operations of any name server? Bind and resolve
8.10	Why does the list operation of the CORBA Naming service return multiple name bindings rather than one binding at a time? ** This would cause a higher communication overhead and the Naming service operates in a stateless manner and so there is no notion of a client session.
8.11	What is the difference between the scope of names in CORBA IDL and the scope of names in the CORBA Naming service?
8.12	Why does the CORBA Naming service not have a lookup operation that only checks whether a name has been defined?
8.13	How can two different ORBs make their respective name servers known to each other?
8.14	Explain the differences between naming and trading. Naming services are used when a client knows the name of the server object and needs to find the reference to it. Trading services operate at a more abstract level of the client only knowing the type of service that it needs and doesn't know of any objects that offer that service.
8.15	When would you use naming and when would you use trading for locating objects? Naming services are used when the client object has prior knowledge about a specific server object, often this is defined statically. Trading is used when a client object knows nothing about any specific server objects but needs to find server objects who can service its requests and can meet the criteria included in the request.
8.16	Who decides which technique is to be used, the engineer of the client object or the engineer of the server object? ** Both
8.17	Apart from those engineers, who else is concerned with location of objects?
8.18	Which roles do components play in trading? Exporter, importer or trader of services
8.19	Who plays the same role as the CORBA trader object when considering the yellow pages of the telephone directory? The company that prints and delivers the yellow pages..
8.20	What are the principal trading operations? Register, withdraw, change, query and offer
8.21	What is the difference between a service type and an object type? ** An object type may be used in different services.
8.22	How are service type hierarchies and object type hierarchies related? A service S is a subtype of of S' if the object type determining the functionality of S, is identical to or a subtype of the object type of S'. Therefore the same hierarchy is implemented in both.
8.23	Give examples where it is not sufficient to use a readonly property in service types. An example would be where the property held the value of the Sterling Pound value to other currencies. The dynamic changes in the market could not be reflected in the property value.
8.24	What is the disadvantage of a modifiable property type definition? ** The value of the property can be changed dynamically and so if it represents a property such as a critical time range we may have to check it each time we'd like to use it.
8.25	What are policies used for in trading? They are used by importers to determine how the trader should return the results of a query. Preferences include factors such as the maximum number of services returned or whether replacement services are acceptable.
8.26	What is the impact of preferences passed to a trader query on the sequence of offers returned. They can be used to sort the results of a query, based on a service property.

9.1	What is the object life cycle?
9.2	Why is the concept of constructors not sufficient for creating objects in a distributed setting? The new object may have to be created on a remote machine. By adhering to the location transparency principle the client creating the object nor the object itself should have to know where physically the object is being created.
9.3	What is the difference between a factory and a factory finder? A factory is an object that creates other objects, whereas a factory finder is an object that locates a factory object.
9.4	Should a newly created object always be registered with a name server or a trader? No
9.5	How is the host specified where objects should be migrated to? In circumstances such as load-balancing the middleware may specify the host to which a local object migrates to. However its also possible for the target host to be specified by the application.
9.6	Why does this support location transparency, and to whom is it transparent? A factory finder is chosen to return a reference to a factory object which can create a given object, therefore the location is hidden in factory finder objects. This is transparent to users of distributed applications, client designers and designers of server objects.
9.7	What are the differences between explicit and implicit object deletion? Implicit object deletion is carried out by the run-time middleware, which is responsible for referential integrity. This is transparent to client programmers. An example of this is garbage collection. Explicit object deletion operates by clients defining type specific delete operations. This puts the burden of maintaining referential integrity on the programmer.
9.8	In which situations do CORBA clients have to be aware of the fact that an object might have been deleted? When the sever object has been deactivated through the object adapter and has been deleted. Future requests send to this server object will cause the middleware to return an error code or raise an exception.
9.9	What are the differences between aggregation and reference relationships?
9.10	What distinguishes composition relationships from other aggregation relationships? This is where each component is at most part of one aggregate.
9.11	How are the objects determined that are components of a composite object?
9.12	What are the three support layers of the CORBA relationship service? Base relationships, graphs of related objects and reference and containment relationships
9.13	How does the relationship service contribute to implementing composite objects? Base relationships, graphs of related objects & reference and containment relationships.
9.14	What achieves that objects that are related by CORBA relationships do not need to be changed?
9.15	What is the trade-off of the fact that CORBA server objects are unaware that they might be involved in a CORBA relationship? It simplifies the administration of composite objects, however it does cause considerable storage and run-time costs.

10.1	What is persistence? It allows objects to survive the life time of the process in which they execute, by having their state recorded on non-volatile secondary storage.
10.2	Which server objects need take care of persistence? Persistence state service
10.3	To whom is persistence transparent? Client programmers and programmers of stateless server objects
10.4	What is the relationship between persistence and activation? Activation is the process of using persistent forms of an object to create a representation of it in memory.
10.5	Why is persistence so important in distributed systems? It allows objects to survive past the life time of the process in which they were executing, thus enabling objects to maintain their state after system shut-downs and failures.
10.6	What are the components of a persistent state service? Datastores which are composed of storage objects, storage homes and keys. Storage types and sessions
10.7	When would you prefer files over relational databases for achieving persistence? The lightweight file approach is suitable where scalability, fault tolerance and multi-user capabilities are not part of the requirements.
10.8	Who makes the choice which datastore to use for achieving persistence?
10.9	When would you prefer relational databases over files for achieving persistence? Where scalability, fault tolerance and multi-user capabilities are part of the requirements, such as a transaction service.
10.10	What is the impedance mismatch? This is the gap caused by complicated mappings between objects and relational tables, in relational databases.
10.11	When are relational databases more appropriate for achieving persistence than object databases? When managing large amounts of similarly structured data

11.1	What are the ACID properties of transactions? Atomicity, consistency, isolation and durability
11.2	What is the difference between two-phase locking and two-phase commit? Two-phase locking is a concurrency control technique for ensuring serializability of a shared resource. The two-phase commit protocol is concerned with the communication between the objects involved in a transaction.
11.3	What is lock compatibility? This defines the combination of locks that can be acquired fo a shared resource without causing inconsistency.
11.4	When is the hierarchical locking protocol applied? This is used to acquire locks on numerous objects by acquiring the lock of the composite object containing other objects.
11.5	What is the purpose of upgrade locks? These are used when a transaction initially needs read access to an object, but already knows that will also need to acquire a write lock for that object at a later point.
11.6	Why are upgrade locks incompatible to themselves? They would very likely result in deadlock
11.7	For which designers is concurrency control transparent? Designers of transactional clients
11.8	When do designers of transactional servers not have to implement concurrency control? If relational or object-oriented databases are used to achieve persistence
11.9	How does 2PL prevent inconsistent analysis? 2PL consists of a stage when an object acquires locks and a stage when it releases them. Once it has started releasing locks the object can't acquire any more locks. This ensures that no other objects can acquire write locks to a resource already locked by this object.
11.10	What are the three different roles that objects can play in distributed object transactions? Transactional client, transactional server & transactional co-ordinator
11.11	Why do distributed transactions need two phases to commit? Because there has to be a voting stage before committing.
11.12	How are the ACID properties implemented in distributed object transactions?
11.13	What is server uncertainty? This refers to the phase after transactional server has voted for a commit and before it has received the commit request.
11.14	How is server uncertainty dealt with? By storing the modifications of the transaction on temporary persistent storage.
11.15	Which tasks do the CORBA Transaction Service, MTS and JTS relieve the designer of?

12.1	Why are distributed systems inherently insecure? The nature of the networking technology on which distributed systems are based allows one to use the public network to communicate with other systems connected to he network.
12.2	What are the security threats that distributed systems are exposed to? Leakage, tampering, resource stealing, vandalism and a combination of these threats
12.3	What are the principle methods of attacking a distributed system? Masquerading, eavesdropping, request tampering, replaying
12.4	How can distributed systems be infiltrated? Attacks by legitimate users, obtaining legitimate user's identity, smuggling client or server objects
12.5	Which role does encryption play in securing distributed systems? It prevents anyone from being able to read the content of messages on the network as well as providing authentication.
12.6	What is the difference between secret key and public key encryption? Secret key encryption comprises of a secret key held by each party which must be kept away from all others at all times. Both of the communication parties use the same key. Public key encryption operates by having a secret key and a public key and the public key must be distributed to anyone who wishes to communicate with you.
12.7	What is a key? A key is a fixed length bit string that has been computed using a certain mathematical algorithm
12.8	How are keys distributed? A common protocol used for public & secret key encryption systems is the Needham/Schroeder protocol. Whilst the protocol is different for public and private key encryption systems, they both involve communicating with a trusted Key Distribution server to obtain the key of the other party.
12.9	Why is the Needham/Schroeder protocol for public keys more complicated than the one for secret keys? It has to distributed two keys for each pair of objects that wish to communicate.
12.10	Why are nonce used in the Needham/Schroeder protocol? Detects replaying of messages
12.11	What is authentication? Establishes a trusted association between the principal, who is using a client or on whose behalf a server is acting , and the credentials that the system maintains about this principal.
12.12	How are credentials managed in object-oriented systems? Principals are associated with certain credentials during authentication. Those credentials determine the rights or privileges that have been granted to the principal.
12.13	What is the relationship between authentication and access control? Access control is based on authentication in order to identify the principal requesting a service
12.14	Why is non-repudiation important for electronic commerce? This makes users accountable for their actions, thus its used to prove whether electronic request and purchase for a product was actually made.
12.15	Why does non-repudiation hand out tokens for evidence rather than handing out the signed evidence?
12.16	What is the difference between auditing and the other distributed system security mechanisms? Whilst other security measure use a proactive approach auditing is a reactive approach and is used to find out details after an attack has taken place.
12.17	How is eavesdropping and message tampering prevented in CORBA-based systems?