Contract specification for compliance checking of business interactions

PhD ThesisIn the business world, contracts are used to regulate business interactions between trading parties. When business transactions are conducted over an electronic channel, electronic forms of contracts are needed; and because of the additional capabilities of an electronic means, their function can be extended to include compliance checking for the interactions of the parties, and enforcement of contractual clauses when needed. A contract is assumed to be a document that stipulates a list of clauses stating rights, obligations and prohibitions, and their associated constraints, that business partners are expected to honour. Compliance checking is taken to mean checking if business operations executed by business partners match with their rights, obligations and prohibitions as stipulated in the contract. We intend enforcement as making sure that business operations match the rights, obligations, and prohibitions of the parties, possibly compensating for deviations from expected behaviour. In traditional business interactions, compliance checking and enforcement are carried out man- ually. With electronic business interactions, such tasks can ideally be automated. This requires a model for the process of checking contract compliance, and an electronic language for the speci ca- tion of the actual contract. The rst main contribution of this thesis is such a model. The EROP model (from Events, Rights, Obligations and Prohibitions), composed of an ontology and an architecture, observes the interactions between the business partners, forms an interpretation of their outcome from a neutral perspective and checks their contractual compliance by matching executed operations with their sets of rights, obligations, and prohibitions, and reacting accordingly to them. Implementations of the EROP ontology and of an experimental prototype of the architecture are also presented. The second main contribution of this thesis is the EROP language, designed to specify contractual compliance, and to regulate execution of business operations through the manipulation of the sets of rights, obligations and prohibitions of the business partners. The EROP language is rule-based and event-driven, and, in a similar fashion to contracts in natural language, contractual clauses are expressed as business rules, conditional statements associating events and conditions to lists of actions altering the rights, obligations and prohibitions of the participants. The practicality of the approach taken with the EROP language is evaluated presenting a larger, complete scenario and a number of smaller ones taken from comparable work. Notes on the translation of the EROP language to one on a lower level of abstraction that relies on the implementation of the EROP ontology are also presented. The Appendix presents a formal grammar for the language.UK EPSRC e-Science Pilot Project: "GOLD (Grid-based Information Models to Support the Rapid Innovation of High Value Added Chemicals)

Contract representation for validation and run time monitoring

Organisations are increasingly using the Internet to offer their own services and to utilise the services of others. This naturally leads to resource sharing across organisational boundaries. Nevertheless, organisations will require their interactions with other organisations to be strictly controlled. In the paper-based world, business interactions, information exchange and sharing have been conducted under the control of contracts that the organisations sign. The world of electronic business needs to emulate electronic equivalents of the contract based business management practices. This thesis examines how a 'conventional' contract can be converted into its electronic equivalent and how it can be used for controlling business interactions taking place through computer messages. To implement a contract electronically, a conventional text contract needs to be described in a mathematically precise notation so that the description can be subjected to rigorous analysis and freed from the ambiguities that the original humanoriented text is likely to contain. Furthermore, a suitable run time infrastructure is required for monitoring the executable version of the contract. To address these issues, this thesis describes how standard conventional contracts can be converted into Finite State Machines (FSMs). It is illustrated how to map the rights and obligations extracted from the clauses of the contract into the states, transition and output functions, and input and output symbols of a FSM. The thesis then goes on to develop a list of correctness properties that a typical executable business contract should satisfy. A contract model should be validated against safety properties, which specify situations that the contract must not get into (such as deadlocks, unreachable states ... etc), and liveness properties, which detail qualities that would be desirable for the contract to contain (responsiveness, accessibility ... etc). The FSM description can then be subjected to model checking. This is demonstrated with the aid of examples using the Promela language and the Spin validator. Subsequently, the FSM representation can be used to ensure that the clauses stipulated in the contract are observed when the contract is executed. The requirements of a suitable run time infrastructure for monitoring contract compliance are discussed and a prototype middleware implementation is presented.EThOS - Electronic Theses Online ServiceEngineering and Physical Sciences Research Council (EPSRC)GBUnited Kingdo

Scalable Regulation of Inter-Enterprise Electronic Commerce

In the current electronic-commerce literature, a commercial transaction is commonly viewed as an exchange between two autonomous principals operating under some kind of contract between them—which needs to be formalized and enforced. But the situation can be considerably more complex in the case of inter-enterprise (also called business-to-business, or B2B) commerce. The participants in a B2B transaction are generally not autonomous agents, since their commercial activities are subject to the policies of their respective enterprises. It is our thesis, therefore, that a B2B transaction should be viewed as being governed by three distinct policies: the two policies that regulate the activities of the two principals, while operating as representatives of their respective enterprises, and the policy that reflects the contract between the two enterprises. These policies are likely to be independently developed, and may be quite heterogeneous. Yet, they have to interoperate, and must all be brought to bear in regulating each B2B transaction. This paper presents a mechanism for formulating such interoperating policies, and for their scalable enforcement, thus providing for regulated inter-enterprise electronic commerce