Service-oriented Computing
Download
Report
Transcript Service-oriented Computing
COMPAS
Compliance-driven Models, Languages, and Architectures
for Services
COMPAS: Compliance-driven
Models, Languages, and
Architectures for Services
"The COMPAS project will design and implement novel models, languages, and an architectural
framework to ensure dynamic and on-going compliance of software services to business
regulations and stated user service-requirements. COMPAS will use model-driven techniques,
domain-specific languages, and service-oriented infrastructure software to enable organizations
developing business compliance solutions easier and faster“
http://www.compas-ict.eu
1
Overview
COMPAS: Overview
Central problems addressed by COMPAS
COMPAS assumptions and approach
Case Study: Advanced Telecom Services
Runtime compliance governance in COMPAS
Credits: slides used from presentations of Schahram Dustdar, Uwe Zdun,
Marek Tluczek, and other members of the COMPAS project
2
About COMPAS
Funding: European Commission, 7th Framework
Programme, Specific Targeted Research
Project (STREP)
Duration: February 2008 till January 2011
Budget: 3.920.000 €
Partners: 6 research and 3 industrial partners
from Austria, France, Germany, the Netherlands,
Italy, Poland
More at http://www.compas-ict.eu
3
COMPAS: Overview
COMPAS addresses a major shortcoming in
today’s approach to design SOAs: Throughout
the architecture various compliance concerns
must be considered
Examples:
Service composition policies, Service deployment
policies,
Information sharing/exchange policies, Security
policies, QoS policies,
Business policies, jurisdictional policies, preference
rules, intellectual property and licenses
So far, the SOA approach does not provide any
clear technological strategy or concept of how to
realize, enforce, or validate them
4
Problem in Detail
A number of approaches, such as business rules
or composition concepts for services, have been
proposed
None of these approaches offers a unified approach
with which all kinds of compliance rules can be tackled
Compliance rules are often scattered throughout
the SOA
They must be considered in all components of the
SOA
They must be considered at different development
phases, including analysis, design, and runtime
5
Dynamic verification
and validation
Using
Generation
Current practice:
o per case basis
o no generic strategy
o ad hoc, hand-crafted solutions
6
Modelling
Specification
Static verification/
validation
COMPAS:
o unified framework
o agile
o extensible, tailor-able
o domain-orientation
o automation
o etc.
Governance and Monitoring
Current Practice vs. COMPAS Approach
COMPAS Approach: Auditor’s View
Regulation /
Legislation
Risk
Management
Department
Norm/Standard
Goals:
• Support the automated controls better
• Provide more automated controls
Manual
Implementation
Controls
Automated
Controls
Report
7
Manual
Controls
COMPAS Assumptions
Types of compliance concerns tackled:
We concentrate on the service & process world
We concentrate on automated controls
Compliance expert selects and interprets laws
and regulations
We deal with two scenarios of introducing
compliance (and variations of them):
Greenfield
Existing processes
8
COMPAS Assumptions
COMPAS provides an architecture and
approach for dealing with compliance
Some compliance examples from the case studies
are used to exemplify and validate that architecture
and approach
Existing languages (e.g., BPMN, BPEL, UML
Activity Diagrams), technologies (e.g., ESBs,
Process Engines), etc., are used wherever
possible
New software components are realized for specific
compliance related solutions (see D1.1 and DA.1)
9
COMPAS Assumptions
We distinguish:
High-level processes (e.g., BPMN), non-technical and
“blurry”
Low-level processes (e.g., BPEL), technical and
detailed
10
Compliance Solution: Overview & Roles
Regulations, laws, best
practices, contracts,...
Business
processes
Execution data
Internal
policies
Validation
Events
Internalization
Design
Compliance
Officer
Process Analyst /
Compliance Officer /
Technical Specialist
Monitoring
Business
execution
Internal
evaluation
Process Analyst /
Technical Specialist
Process
Manager /
Compliance
Officer
assists
Auditor
11
Case study: Advanced Telecom Services (WatchMe)
12
Compliance in WatchMe
Licensing
Domains: Internal policies, QoS and Licensing
Compliance
Requirements
Description of Compliance Requirements
Pay-per-view
plan
When the WatchMe company subscribes
for the Pay-per-view plan it acquires a
limited number of streams based on the
amount paid to the media supplier.
When the WatchMe company subscribes
for the Time-based plan it acquires any
number of times any possible streams in a
certain period, based on the amount paid
to the media supplier.
Time-based
plan
Composition
permission
Control
When WatchMe company subscribes for
the Pay-per-view plan it has to pay 29.90
euro first and then receive 300 streams
from the media supplier.
When WatchMe company subscribes for
the time-based plan it has to pay 89.90
euro first and then receive an unlimited
number of times any available stream from
the media supplier in a 30 days period
starting from the contract start date.
Only pre-defined combinations of video VideoTube can only have audios streams
and audio providers are allowed due to
from AudioTube or QuickAudio.
the licenses specified by the video
QuickVideo can only have audio streams
provider.
from QuickAudio.
13
Business process execution
14
User Interface - Login
15
Business process execution
16
User Interface - Search
17
Business process execution
18
User Interface – Choose
19
Business process execution
20
Business process execution
21
User Interface – Choose
22
Runtime compliance governance in COMPAS
DSL specification
(WP1-5)
DSL Editors
Runtime compliance environment
DSL Instances
Application Server (WP4)
MDSD software
framework (WP1)
Process Engine (WP1,WP5)
Deployable Code
Services
Events
Enterprise Service Bus (WP1, WP5)
Events
Events
Offline Compliance Monitoring
Online Compliance Monitoring
Events,
Messages
Business Protocol
Monitoring
CEP-Based
Compliance
Monitoring
Event Log
Event Logs
Display
Information
Compliance
Governance
Dashboard
Log Mining
ETL
Events
Analysis /
Business
Intelligence
Display
Information
23
Display Information
Compliance governance architecture (WP5)
Data
Data
Data Warehouse
Quality of Service DSL
Quality-of-Service
Compliance Concerns:
Specified in Service-LevelAgreements (SLA), e.g.,
Availability > 99%
DSL specification
(WP1-5)
Support for stakeholders with
different expertise:
•Domain experts
•Technical experts
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
DSL Editors
Services
DSL Instances
Events
MDSD software
framework (WP1)
DSL
Transformation
Enterprise Service Bus (WP1, WP5)
Deployable Code
Events
Model
Instances
Online
Compliance
Monitoring
View-based
Modeling
Framework
EMF Model
Instances
Code Generator
Runtime measuring of
QoS values
CEP-Based
Compliance
Monitoring
Display
Information
Monitoring of
QoS events
24
Compliance
Governance
Dashboard
Compliance governance architecture (WP5)
Licensing DSL
A high-level language for
specifying license constraints in
service-oriented business
environments that is targeted at
domain experts
DSL specification
(WP1-5)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
DSL Editors
Services
DSL Instances
Events
MDSD software
framework (WP1)
DSL
Transformation
Enterprise Service Bus (WP1, WP5)
Deployable Code
Events
Model
Instances
View-based
Modeling
Framework
Online
Compliance
Monitoring
Display
Information
EMF Model
Instances
Code Generator
CEP-Based
Compliance
Monitoring
25
Runtime
integration similar
to the QoS DSL
Compliance
Governance
Dashboard
Compliance governance architecture (WP5)
Process Engine and Extensions
Extension of event model:
•Extended Apache ODE version 1.1.1
•Provisioning of information required for compliance monitoring and mining
Runtime compliance environment
Application Server (WP4)
MDSD software
framework (WP1)
Process Engine (WP1,WP5)
Deployable Code
Services
Events
Enterprise Service Bus (WP1, WP5)
Events
Compliance governance architecture (WP5)
Extension for enabling traceability: Integrate
Universally Unique Identifiers (UUIDs) in BPEL
and Events to identify models from which the
processes are26generated
Complex Event Processing and Esper Rules
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Events
Enterprise Service Bus (WP1, WP5)
Complex Event Processing
to aggregate compliance
events
Events
Online
Compliance
Monitoring
CEP-Based
Compliance
Monitoring
Compliance violation
detection on high-level
(aggregated, business)
events
Display
Information
Compliance
Governance
Dashboard
27
Compliance governance architecture (WP5)
Business protocol-based monitoring
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Events
Enterprise Service Bus (WP1, WP5)
Checking of temporal
properties specification
during execution of a
system
Online Compliance Monitoring
Events,
Messages
Business Protocol
Monitoring
28
Continuously observe
and check the correct
behavior of a system
during run-time
Event Log and Datawarehouse
Provide a general
schema that can
accommodate
process and
compliance
requirements
without need to
change for each
new process or
requirement
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Events
Enterprise Service Bus (WP1, WP5)
Store and provide
access to all events (low
Events
and high level)
Separate the
operative part
(running
processes) of
COMPAS from the
assessment part
(data warehouse
analysis and
reporting)
Offline Compliance Monitoring
Event Log
Event Logs
Log Mining
Compliance
Governance
Dashboard
ETL
Events
Analysis /
Business
Intelligence
Data
Data
Data Warehouse
Display
Information
Display Information
Compliance governance architecture (WP5)
29
Compliance Governance Dashboard
Online
Compliance
Monitoring
Offline Compliance Monitoring
CEP-Based
Compliance
Monitoring
Event Log
Event Logs
Log Mining
Display
Information
Compliance
Governance
Dashboard
ETL
Events
Analysis /
Business
Intelligence
Data
Data
Data Warehouse
Display
Information
Display Information
Compliance governance architecture (WP5)
Report on compliance, to
create an awareness of
possible problems or
violations, and to
facilitate the identification
of root-causes for noncompliant situations
Targeted at several classes of users:
•chief officers of a company,
•line of business managers,
•internal auditors, and
•external auditors (certification agencies)
30
Questions?
Thanks for your attention!
http://www.compas-ict.eu
31