Ontological analysis of means-end links

The i* community has raised several main dialects and dozens of variations in the definition of the i* language. Differences may be found related not just to the representation of new concepts but to the very core of the i* language. In previous work we have tackled this issue mainly from a syntactic point of view, using metamodels and syntactic-based model interoperability frameworks. In this paper, we go one step beyond and consider the use of foundational ontologies in general, and UFO in particular, as a way to clarify the meaning of core i* constructs and as the basis to propose a normative definition. We focus here on one of the most characteristics i* constructs, namely means-end links.Postprint (published version

Security Requirements Engineering for Service-Oriented Applications

Abstract. Security Requirements Engineering (SRE) is concerned with detecting and analysing security issues early in the software development process. Some variants of i * start since early requirements and rely on modelling actors and their dependencies. Though useful for traditional information systems development, these approaches adopt a bird’s eye perspective that is inadequate for service-oriented applications, in which multiple autonomous and heterogeneous agents interact to achieve their own strategic interests. In this paper we present SecCo (Security via Commitments), a novel SRE framework expressly thought for service-oriented settings. The key intuition is to relate security requirements to interaction. In order to do so, we specify security requirements in terms of social commitments, promises with contractual validity between agents. These commitments describe the security properties the service provider commits to ensure to the consumer while delivering the service.