Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.

Similar presentations


Presentation on theme: "COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an."— Presentation transcript:

1 COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster COMPAS: Compliance-driven Models, Languages, and Architectures for Services 1

2 Overview COMPAS: Overview Central problems addressed by COMPAS COMPAS assumptions and approach Case Study: Advanced Telecom Services Runtime compliance governance in COMPAS Credits: slides used from presentations of Schahram Dustdar, Uwe Zdun, Marek Tluczek, and other members of the COMPAS project 2

3 About COMPAS Funding: European Commission, 7 th Framework Programme, Specific Targeted Research Project (STREP) Duration: February 2008 till January 2011 Budget: Partners: 6 research and 3 industrial partners from Austria, France, Germany, the Netherlands, Italy, Poland More at 3

4 COMPAS: Overview COMPAS addresses a major shortcoming in todays approach to design SOAs: Throughout the architecture various compliance concerns must be considered Examples: Service composition policies, Service deployment policies, Information sharing/exchange policies, Security policies, QoS policies, Business policies, jurisdictional policies, preference rules, intellectual property and licenses So far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them 4

5 Problem in Detail A number of approaches, such as business rules or composition concepts for services, have been proposed None of these approaches offers a unified approach with which all kinds of compliance rules can be tackled Compliance rules are often scattered throughout the SOA They must be considered in all components of the SOA They must be considered at different development phases, including analysis, design, and runtime 5

6 Current Practice vs. COMPAS Approach 6 Current practice: o per case basis o no generic strategy o ad hoc, hand-crafted solutions COMPAS: o unified framework o agile o extensible, tailor-able o domain-orientation o automation o etc.

7 COMPAS Approach: Auditors View 77 Goals: Support the automated controls better Provide more automated controls Goals: Support the automated controls better Provide more automated controls

8 COMPAS Assumptions Types of compliance concerns tackled: We concentrate on the service & process world We concentrate on automated controls Compliance expert selects and interprets laws and regulations We deal with two scenarios of introducing compliance (and variations of them): Greenfield Existing processes 8

9 COMPAS Assumptions COMPAS provides an architecture and approach for dealing with compliance Some compliance examples from the case studies are used to exemplify and validate that architecture and approach Existing languages (e.g., BPMN, BPEL, UML Activity Diagrams), technologies (e.g., ESBs, Process Engines), etc., are used wherever possible New software components are realized for specific compliance related solutions (see D1.1 and DA.1) 9

10 COMPAS Assumptions We distinguish: High-level processes (e.g., BPMN), non-technical and blurry Low-level processes (e.g., BPEL), technical and detailed 10

11 Compliance Solution: Overview & Roles 11

12 Case study: Advanced Telecom Services (WatchMe) 12

13 Compliance in WatchMe Domains: Internal policies, QoS and Licensing 13 Compliance Requirements Description of Compliance Requirements Control Licensing Pay-per-view plan When the WatchMe company subscribes for the Pay-per-view plan it acquires a limited number of streams based on the amount paid to the media supplier. When WatchMe company subscribes for the Pay-per-view plan it has to pay euro first and then receive 300 streams from the media supplier. Time-based plan When the WatchMe company subscribes for the Time-based plan it acquires any number of times any possible streams in a certain period, based on the amount paid to the media supplier. When WatchMe company subscribes for the time-based plan it has to pay euro first and then receive an unlimited number of times any available stream from the media supplier in a 30 days period starting from the contract start date. Composition permission Only pre-defined combinations of video and audio providers are allowed due to the licenses specified by the video provider. VideoTube can only have audios streams from AudioTube or QuickAudio. QuickVideo can only have audio streams from QuickAudio.

14 Business process execution 14

15 User Interface - Login 15

16 Business process execution 16

17 User Interface - Search 17

18 Business process execution 18

19 User Interface – Choose 19

20 Business process execution 20

21 Business process execution 21

22 User Interface – Choose 22

23 Runtime compliance governance in COMPAS 23

24 24 Quality of Service DSL Quality-of-Service Compliance Concerns: Specified in Service-Level- Agreements (SLA), e.g., Availability > 99% Support for stakeholders with different expertise: Domain experts Technical experts Runtime measuring of QoS values Monitoring of QoS events

25 25 Licensing DSL A high-level language for specifying license constraints in service-oriented business environments that is targeted at domain experts Runtime integration similar to the QoS DSL

26 26 Process Engine and Extensions Extension of event model: Extended Apache ODE version Provisioning of information required for compliance monitoring and mining Extension for enabling traceability: Integrate Universally Unique Identifiers (UUIDs) in BPEL and Events to identify models from which the processes are generated

27 27 Complex Event Processing and Esper Rules Complex Event Processing to aggregate compliance events Compliance violation detection on high-level (aggregated, business) events

28 28 Business protocol-based monitoring Continuously observe and check the correct behavior of a system during run-time Checking of temporal properties specification during execution of a system

29 29 Event Log and Datawarehouse Store and provide access to all events (low and high level) Separate the operative part (running processes) of COMPAS from the assessment part (data warehouse analysis and reporting) Provide a general schema that can accommodate process and compliance requirements without need to change for each new process or requirement

30 30 Compliance Governance Dashboard Report on compliance, to create an awareness of possible problems or violations, and to facilitate the identification of root-causes for non- compliant situations Targeted at several classes of users: chief officers of a company, line of business managers, internal auditors, and external auditors (certification agencies)

31 Questions? 31 Thanks for your attention!


Download ppt "COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an."

Similar presentations


Ads by Google