IUPC: Identification and Unification of Process Constraints

Business Process Compliance (BPC) has gained significant momentum in research and practice during the last years. Although many approaches address BPC, they mostly assume the existence of some kind of unified base of process constraints and focus on their verification over the business processes. However, it remains unclear how such an inte- grated process constraint base can be built up, even though this con- stitutes the essential prerequisite for all further compliance checks. In addition, the heterogeneity of process constraints has been neglected so far. Without identification and separation of process constraints from domain rules as well as unification of process constraints, the success- ful IT support of BPC will not be possible. In this technical report we introduce a unified representation framework that enables the identifica- tion of process constraints from domain rules and their later unification within a process constraint base. Separating process constraints from domain rules can lead to significant reduction of compliance checking effort. Unification enables consistency checks and optimizations as well as maintenance and evolution of the constraint base on the other side.Comment: 13 pages, 4 figures, technical repor

Open Access Issues and Potential Solutions Workshop

This report provides a summary of the discussion and findings of the Open Access Issues and Potential Solutions workshop held as part of the End-to-End Project. The workshop was highly interactive and feedback received indicated it was extremely valuable, stimulating a useful exchange of ideas

Open Access Technical Workshop – ‘Un-Report'

This ‘un-report’ provides a summary of the Open Access (OA) Technical workshop held jointly by the End-to-End and LOCH Projects. The workshop was highly interactive and feedback received indicated that it was extremely valuable and provided opportunity for a useful exchange of ideas

Case study: managing open access with EPrints software

Recent additional open access (OA) requirements for publications by authors at UK higher education institutions require amendments to support mechanisms. These additional requirements arose primarily from the Research Councils UK Open Access Policy applicable from April 2013, and the new OA policy for Research Excellence Framework eligibility published in March 2014 and applicable from April 2016. Further provision also had to be made for compliance with the UK Charities Open Access Fund, the European Union, other funder policies, and internal reporting requirements. In response, the University of Glasgow has enhanced its OA processes and systems. This case study charts our journey towards managing OA via our EPrints repository. The aim was to consolidate and manage OA information in one central place to increase efficiency of recording, tracking and reporting. We are delighted that considerable time savings and reduction in errors have been achieved by dispensing with spreadsheets to record decisions about OA

Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

Enhancing BPMN Conformance Checking with OR Gateways and Data Objects

Äriprotsessimudel ja -notatsioon (BPMN) on arenev standard äriprotsesside graafiliseks kujutamiseks. Protsessimudel kirjeldab, kuidas äriprotsess peaks toimima. Kui äriprotsessi tegelikust käitamisest on saadaval ka sündmuste logi, on võimalik vastata küsimusele, kas protsessimudel vastab tegelikkusele. Vastavusanalüüs püüab tuvastada mittevastavusi protsessimudeli ja äriprotsessi käitamisel tekkinud sündmuste logi vahel. BPMN vastavuseanalüsaator on üks Itaalia ettevõtte SIAV-i poolt arendatud protsessikaeve tööriista osadest. Nimetatud tööriistal on aga puudujäägid formaalse semantika osas. Nimelt keskendub vastavusanalüüs järgnevuse voole (control-flow) protsessis, kuid jätab arvesse võtmata andmetevahelisi sõltuvusi. Lisaks ei ole vastavusanalüüsil võimalik kasutada protsessimudeleid, mis sisaldavad OR väravaid (OR gateway). OR-join omab mitme-tähenduslikku semantikat. Se lle konstruktsiooni jaoks on pakutud mitmeid formaalseid semantikaid sarnastes keeltes, nagu EPCs ja YAWL. Nimetatud semantikate kasutatamine mudelite käitamisel ja vastavuse analaüüsil on aga arvutuslikult kulukas. Seega on käesolevas lõputöös implementeeritud OR värava aktiveerimine lineaarse ajalise sõltuvusega mudeli suuruse suhtes. Kuna SIAV-i vastavusanalüsaator ei võta arvesse andmetevahelisi sõltuvusi, võib puudulik analüüs viia vigase vastavusdiagnostikani. Näiteks võib andmeatribuut anda infot selle kohta, et käitati vale tegevus. Kirjeldatud põhjustel ei peaks vastavusanalüsaator tegelema vaid järgnevuse voo vastavuse analüüsiga, vaid peaks arvesse võtma ka andmeid ja nendevahelisi sõltuvusi ning aega. Käesoleva töö teises osas täiendati olemasolevat andmeanalüsaatorit andmeatribuutidega.The Business Process Model and Notation is a developing standard for capturing business processes. Process models describe how the business process is expected to be executed. When a log is available from process executions, this situation raises the interesting question “Are the model and the log conformant?". Conformance checking, also referred to as conformance analysis, aims at the detection of inconsistencies between a process model and its corresponding execution log.The BPMN conformance checker, as a part of a process mining tool, developed an Italian company called SIAV, however, this tool lacks some formal semantics. In particular, the previous conformance checking approach in SIAV tends to focus on the control-flow in a process, while abstracting from data dependencies and process models containing OR gateways could not be used.OR-join has an ambiguous semantics. The several formal semantics of this construct have been proposed for similar languages such as EPCs and YAWL. However, executing and verifying models using these semantics is computationally expensive. Therefore, in this thesis, we implemented enablement of an OR-join in linear time in the size of the workflow graph.Data dependencies are also not considered in conformance checker developed in SIAV, which may lead to misleading conformance diagnostics. For example, a data attribute may provide strong evidence that the wrong activity was executed. That’s why the conformance checker should not only describe the process behaviour from the control flow point of view, but also from other perspectives like data or time. In the second part of the thesis, we enhanced the existing conformance checker with data attributes

Monitoring Compliance with Open Access policies

In the last few years, academic communities have seen an increase in the number of Open Access (OA) policies being adopted at the institutional and funder levels. In parallel to policy implementation, institutions and funders have also been engaged in developing mechanisms to monitor academics and researchers compliance with the existing OA policies. This study highlights a few of the cases where compliance is being effectively monitored by institutions and funders. In the first section, Open Access is briefly overviewed and the rationale for monitoring OA policy compliance is explained. The second section looks at best practices in monitoring policy compliance with OA policies by funders and institutions. The case studies reflect on compliance with the UK Funding Councils and the USA National Institutes of Health OA policies. The third section makes recommendations on what processes and procedures universities and funders should adopt to monitor compliance with their OA policies. The final section recapitulates some of the key ideas related to monitoring policy compliance

Visual Modeling of Business Process Compliance Rules with the Support of Multiple Perspectives

A fundamental challenge for any process-aware information system is to ensure compliance of modeled and executed business processes with imposed compliance rules stemming from guidelines, standards and laws. Such compliance rules usually refer to multiple process perspectives including control flow, time, resources, data, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define and apply them. On the other, they should have a precise semantics such that they can be automatically processed. In this context, providing a visual compliance rule language seems promising as it allows hiding formal details and offers an intuitive way of modeling. So far, visual compliance rule languages have focused on the control flow perspective, but lack adequate support for the other perspectives. To remedy this drawback, this paper provides an approach that extends visual compliance rule languages with the ability to consider data, time, resources, and partner interactions when modeling business process compliance rules. Overall, this extension will foster business process compliance support in practice