Distributed aspect-oriented service composition for business compliance governance with public service processes

Service-Oriented Architecture (SOA) offers a technical foundation for Enterprise Application Integration and business collaboration through service-based business components. With increasing process outsourcing and cloud computing, enterprises need process-level integration and collaboration (process-oriented) to quickly launch new business processes for new customers and products. However, business processes that cross organisations’ compliance regulation boundaries are still unaddressed. We introduce a distributed aspect-oriented service composition approach, which enables multiple process clients hot-plugging their business compliance models (business rules, fault handling policy, and execution monitor) to BPEL business processes

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Audit Techniques for Service Oriented Architecture Applications

The Service Oriented Architecture (SOA) approach enables the development of flexible distributed applications. Auditing such applications implies several specific challenges related to interoperability, performance and security. The service oriented architecture model is described and the advantages of this approach are analyzed. We also highlight several quality attributes and potential risks in SOA applications that an architect should be aware when designing a distributed system. Key risk factors are identified and a model for risk evaluation is introduced. The top reasons for auditing SOA applications are presented as well as the most important standards. The steps for a successful audit process are given and discussed.Service Oriented Architecture, Audit, Quality Attributes, Interoperability, Performance, Security

Pan-European backcasting exercise, enriched with regional perspective, and including a list of short-term policy options

This deliverable reports on the results of the third and final pan-European stakeholder meeting and secondly, on the enrichment with a Pilot Area and regional perspective. The main emphasis is on backcasting as a means to arrive at long-term strategies and short-term (policy) actions

Multilateral Economic Institutions and U.S. Foreign Policy: Hearing Before the Subcomm. on Multilateral Int\u27l Dev., Multilateral Insts., & Int\u27l Econ., Energy, & Envtl. Pol\u27y of the S. Comm. on Foreign Relations, 115th Cong., Nov. 27, 2018 (Statement of Jennifer A. Hillman)

Virtually every major international gathering of world leaders recently has ended in failure—or at least failure to reach enough agreement to issue a concluding statement or communique. These failures come at a time when many have been looking for signs that world leaders would come together to address the most pressing problems facing the world—including climate change, the breakdown in the rules of the international trading system, the need everywhere for good jobs that pay a living wage, and rapidly growing income inequality. The failure of these meetings to produce formal agreements—or even specific paths to reaching agreements in the future—despite the high stakes has left many questioning the ability of the world’s leaders to meet global challenges, shedding a spotlight on the institutions and fora that were established for the purpose of achieving multilateral solutions—particularly the World Trade Organization (WTO), the World Bank and the International Monetary Fund (IMF). The failure to reach agreements can best be seen as part of a long-term trend toward increased complexity in the world that makes it nearly impossible to reach traditional multilateral binding accords, combined with a waning of faith on the part of many countries in multilateralism and multilateral institutions. A number of clear trends emerge from the failures to reach accords at virtually all recent international gatherings: 1) Government policies and international arrangements for collective decision-making have not kept pace with changes in the world, especially the high degree of international economic integration and interdependence. Much of the increasing complexity in the international economic order stems from the explosive growth in the number and size of multinational corporations and financial institutions, many of which now dwarf the size of most of the nations in the world. Added to the complexity is the increase in the speed at which goods, money and technology moves around the globe in our digital age. 2) Learning to operate in this vastly more complex world will require more multilateralism, not less. As countries emerged from the era of colonialization and began opening their markets, the number of players on global stage increased, making reaching consensus among a much larger group of disparate interests more difficult. But because the most significant problems facing the world cross many international boundaries, solving them will require that countries come together to find regional, plurilateral, or global solutions. 3) It is essential that the international economic institutions be updated and improved, not destroyed or left to wither. Because it is clear that reaching major new binding accords or creating new international institutions is quite difficult, the best and most achievable solution is to renovate our existing institutions. Each needs to modernize and improve their governance structures to ensure that work can get done despite the increases in complexities and to update their mandates to ensure the ability to address the problems of the 21st century, many of which are quite different from those that existed in the 1940s when these institutions were created. Given that the crisis is most acute at the WTO, this testimony will focus on what must be done to renovate the World Trade Organization and why doing so is critical, both for the trading system and for the continued existence of a rules-based international economic order. The need for the WTO and its dispute settlement system to remain viable is particularly critical if we are to address the challenges presented by the explosive growth of China and its transformation into the largest exporter of goods in the world

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

Beyond the Win: Pathways for Policy Implementation

When it comes to policy, a lot of attention is given to "the win." Whether it is something new and big like the Affordable Care Act, a piece of legislation in a large federal omnibus bill, or inclusion of critical language in a state policy, seeing the fruits of advocacy efforts put into law makes advocates and champions feel that their hard work, often many years in the making, has paid off.However, in reality, "the win" is just the beginning -- a necessary first step in a much longer and equally as fraught process of policy implementation. Once a policy is created, there are numerous factors that shape and determine how that policy is implemented -- and ultimately, the impact it will have -- regardless of how well the policy is formulated. Some of these factors include rulemaking, funding, capacity of local implementing agencies, and fights to repeal or modify wins, among many others.And, just as in the case of "the win," advocacy plays an important role in shaping implementation whether in advocating across these factors or participating in ongoing monitoring over time. Interestingly, while the role of advocacy in agenda setting, policy formulation, and policy adoption has been widely explored in theory and practice, the role of advocacy in the policy implementation process has received less attention in the literature.To learn more about the role of advocacy at the policy implementation stage, ORS Impact spoke with organizations that engage in, or provide funding for, advocacy efforts at the state and/or federal level. We focused on the following questions:When had advocates played a positive role in policy implementation?When had implementation not gone as well as expected, and what did advocates take away from that?Our conversations yielded important learnings about the unique characteristics of, and range of approaches to, advocacy efforts during the implementation phase. The two following scenarios illustrate some of the different types and levels of advocacy intervention, as well as the results they produce, to demonstrate the ways advocacy can play out when shifting from policymaking to implementation