SeaFlows – A Compliance Checking Framework for Supporting the Process Lifecycle

Compliance-awareness is undoubtedly of utmost importance for companies nowadays. Even though an automated approach to compliance checking and enforcement has been advocated in recent literature as a means to tame the high costs for compliance-awareness, the potential of automated mechanisms for supporting business process compliance is not yet depleted. Business process compliance deals with the question whether business processes are designed and executed in harmony with imposed regulations. In this thesis, we propose a compliance checking framework for automating business process compliance verification within process management systems (PrMSs). Such process-aware information systems constitute an ideal environment for the systematic integration of automated business process compliance checking since they bring together different perspectives on a business process and provide access to process data. The objective of this thesis is to devise a framework that enhances PrMSs with compliance checking functionality. As PrMSs enable both the design and the execution of business processes, the designated compliance checking framework must accommodate mechanisms to support these different phases of the process lifecycle. A compliance checking framework essentially consists of two major building blocks: a compliance rule language to capture compliance requirements in a checkable manner and compliance checking mechanisms for verification of process models and process instances. Key to the practical application of a compliance checking framework will be its ability to provide comprehensive and meaningful compliance diagnoses. Based on the requirements analysis and meta-analyses, we developed the SeaFlows compliance checking framework proposed in this thesis. We introduce the compliance rule graph (CRG) language for modeling declarative compliance rules. The language provides modeling primitives with a notation based on nodes and edges. A compliance rule is modeled by defining a pattern of activity executions activating a compliance rule and consequences that have to apply once a rule becomes activated. In order to enable compliance verification of process models and process instances, the CRG language is operationalized. Key to this approach is the exploitation of the graph structure of CRGs for representing compliance states of the respective CRGs in a transparent and interpretable manner. For that purpose, we introduce execution states to mark CRG nodes in order to indicate which parts of the CRG patterns can be observed in a process execution. By providing rules to alter the markings when a new event is processed, we enable to update the compliance state for each observed event. The beauty of our approach is that both design and runtime can be supported using the same mechanisms. Thus, no transformation of compliance rules in different representations for process model verification or for compliance monitoring becomes necessary. At design time, the proposed approach can be applied to explore a process model and to detect which compliance states with respect to imposed CRGs a process model is able to yield. At runtime, the effective compliance state of process instances can be monitored taking also the future predefined in the underlying process model into account. As compliance states are encoded based on the CRG structure, fine-grained and intelligible compliance diagnoses can be derived in each detected compliance state. Specifically, it becomes possible to provide feedback not only on the general enforcement of a compliance rule but also at the level of particular activations of the rule contained in a process. In case of compliance violations, this can explain and pinpoint the source of violations in a process. In addition, measures to satisfy a compliance rule can be easily derived that can be seized for providing proactive support to comply. Altogether, the SeaFlows compliance checking framework proposed in this thesis can be embedded into an overall integrated compliance management framework

Requirements-Driven Adaptation of Choreographed Interactions

Electronic services are emerging as the de-facto enabler of interaction interoperability across organization boundaries. Cross-organizational interactions are often “choreographed”, i.e. specified by a messaging protocol from a global point of view independent of the local view of each interacting organization. Local requirements motivating an interaction as well as the global contextual requirements governing the interaction inevitably evolve over time, requiring adaptation of the corresponding interaction protocol. Adaptation of an interaction protocol must ensure the satisfaction of both sets of interaction requirements while maintaining consistency between the global view and the local views of an interaction specification. Such adaptation is not possible with the current state-of-the-art representations of choreographed interactions, as they capture only operational messaging specifications detached from both local organizational requirements as well as global contextual requirements. This thesis presents three novel contributions that tackle adaptation of choreographed interaction protocols: an automated technique for deriving an interaction protocol from requirements, a formalization of consistency between local and global views, and a framework for guiding the adaptation of a choreographed interaction. A choreographed interaction is specified using models of organizational requirements motivating the interaction. We employ the formal semantics embedded in requirements models to automatically derive an interaction protocol. We propose a framework for relating the global and local views of interaction specification and maintaining consistency between them. We develop a metamodel for interaction specification, from which we enumerate adaptation operations. We build a catalogue that provides guidance on performing each operation and propagating changes between the global and local views. These contributions are evaluated using examples from the literature as well as a real-world case study

An adaptive service oriented architecture: Automatically solving interoperability problems.

Organizations desire to be able to easily cooperate with other companies and still be flexible. The IT infrastructure used by these companies should facilitate these wishes. Service-Oriented Architecture (SOA) and Autonomic Computing (AC) were introduced in order to realize such an infrastructure, however both have their shortcomings and do not fulfil these wishes. This dissertation addresses these shortcomings and presents an approach for incorporating (self-) adaptive behavior in (Web) services. A conceptual foundation of adaptation is provided and SOA is extended to incorporate adaptive behavior, called Adaptive Service Oriented Architecture (ASOA). To demonstrate our conceptual framework, we implement it to address a crucial aspect of distributed systems, namely interoperability. In particular, we study the situation of a service orchestrator adapting itself to evolving service providers.

An adaptive service oriented architecture:Automatically solving interoperability problems

Organizations desire to be able to easily cooperate with other companies and still be flexible. The IT infrastructure used by these companies should facilitate these wishes. Service-Oriented Architecture (SOA) and Autonomic Computing (AC) were introduced in order to realize such an infrastructure, however both have their shortcomings and do not fulfil these wishes. This dissertation addresses these shortcomings and presents an approach for incorporating (self-) adaptive behavior in (Web) services. A conceptual foundation of adaptation is provided and SOA is extended to incorporate adaptive behavior, called Adaptive Service Oriented Architecture (ASOA). To demonstrate our conceptual framework, we implement it to address a crucial aspect of distributed systems, namely interoperability. In particular, we study the situation of a service orchestrator adapting itself to evolving service providers.

A theory and model for the evolution of software services

Software services are subject to constant change and variation. To control service development, a service developer needs to know why a change was made, what are its implications and whether the change is complete. Typically, service clients do not perceive the upgraded service immediately. As a consequence, service-based applications may fail on the service client side due to changes carried out during a provider service upgrade. In order to manage changes in a meaningful and effective manner service clients must therefore be considered when service changes are introduced at the service provider's side. Otherwise such changes will most certainly result in severe application disruption. Eliminating spurious results and inconsistencies that may occur due to uncontrolled changes is therefore a necessary condition for the ability of services to evolve gracefully, ensure service stability, and handle variability in their behavior. Towards this goal, this work presents a model and a theoretical framework for the compatible evolution of services based on well-founded theories and techniques from a number of disparate fields.

Semantic Business Process Modeling

This book presents a process-oriented business modeling framework based on semantic technologies. The framework consists of modeling languages, methods, and tools that allow for semantic modeling of business motivation, business policies and rules, and business processes. Quality of the proposed modeling framework is evaluated based on the modeling content of SAP Solution Composer and several real-world business scenarios

Blueprint model and language for engineering cloud applications

Abstract: The research presented in this thesis is positioned within the domain of engineering CSBAs. Its contribution is twofold: (1) a uniform specification language, called the Blueprint Specification Language (BSL), for specifying cloud services across several cloud vendors and (2) a set of associated techniques, called the Blueprint Manipulation Techniques (BMTs), for publishing, querying, and composing cloud service specifications with aim to support the flexible design and configuration of an CSBA.