COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.

Slides:



Advertisements
Similar presentations
Ernst Oberortner Vienna University of Technology.
Advertisements

Writing Good Use Cases - Instructor Notes
Requirements Engineering Processes – 2
Overview: Guide for applying RM-ODP with UML Profile for EDOC
Advanced Piloting Cruise Plot.
© 2005 by Prentice Hall Appendix 3 Object-Oriented Analysis and Design Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.
Chapter 7 System Models.
Requirements Engineering Process
Chapter 24 Quality Management.
Chapter 1 The Study of Body Function Image PowerPoint
1 OpenFlow + : Extension for OpenFlow and its Implementation Hongyu Hu, Jun Bi, Tao Feng, You Wang, Pingping Lin Tsinghua University
Service Oriented Architecture Reference Model
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System
European Union Cohesion Policy
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 10 second questions
Week 2 The Object-Oriented Approach to Requirements
Configuration management
EMS Checklist (ISO model)
Chapter 5 – Enterprise Analysis
OOAD – Dr. A. Alghamdi Mastering Object-Oriented Analysis and Design with UML Module 3: Requirements Overview Module 3 - Requirements Overview.
Software testing.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering.
The importance of the service catalogue to the service desk
Use Case Diagrams.
2 |SharePoint Saturday New York City
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
VOORBLAD.
Component-Based Software Engineering Main issues: assemble systems out of (reusable) components compatibility of components.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
© 2012 National Heart Foundation of Australia. Slide 2.
Data Management Seminar, 8-11th July 2008, Hamburg Survey System – Overview & Changes from the Field Trial.
Lecture 5: Requirements Engineering
Chapter 10 Software Testing
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Executional Architecture
Global Analysis and Distributed Systems Software Architecture Lecture # 5-6.
DYA|Software, Architecture for mission-critical applications Robert Deckers Xootic v
Towards Corrective Assurance in Adaptive Service-Based Applications Raman Kazhamiakin 1, Andreas Metzger 2, Marco Pistore 1 FBK-Irst, Trento, Italy SSE,
The European Organisation for the Safety of Air Navigation AIRM Review Forum AIRM Status Report.
25 seconds left…...
Copyright 2001 Advanced Strategies, Inc. 1 Data Bridging An Overview Prepared for DIGIT By Advanced Strategies, Inc.
Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Chapter 2 Entity-Relationship Data Modeling: Tools and Techniques
Januar MDMDFSSMDMDFSSS
REGISTRATION OF STUDENTS Master Settings STUDENT INFORMATION PRABANDHAK DEFINE FEE STRUCTURE FEE COLLECTION Attendance Management REPORTS Architecture.
Chapter 10: The Traditional Approach to Design
Systems Analysis and Design in a Changing World, Fifth Edition
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
12 January 2009SDS batch generation, distribution and web interface 1 ExESS IT tool for SDS batch generation, distribution and web interface ExESS IT tool.
James A. Senn’s Information Technology, 3rd Edition
Database Administration
PSSA Preparation.
Chapter 13 The Data Warehouse
Modeling Main issues: What do we want to build How do we write this down.
© DATAMAT S.p.A. – Giuseppe Avellino, Stefano Beco, Barbara Cantalupo, Andrea Cavallini A Semantic Workflow Authoring Tool for Programming Grids.
COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.
Presentation transcript:

COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster COMPAS: Compliance-driven Models, Languages, and Architectures for Services 1

Overview COMPAS: Overview Central problems addressed by COMPAS COMPAS assumptions and approach Case Study: Advanced Telecom Services Runtime compliance governance in COMPAS Credits: slides used from presentations of Schahram Dustdar, Uwe Zdun, Marek Tluczek, and other members of the COMPAS project 2

About COMPAS Funding: European Commission, 7 th Framework Programme, Specific Targeted Research Project (STREP) Duration: February 2008 till January 2011 Budget: Partners: 6 research and 3 industrial partners from Austria, France, Germany, the Netherlands, Italy, Poland More at 3

COMPAS: Overview COMPAS addresses a major shortcoming in todays approach to design SOAs: Throughout the architecture various compliance concerns must be considered Examples: Service composition policies, Service deployment policies, Information sharing/exchange policies, Security policies, QoS policies, Business policies, jurisdictional policies, preference rules, intellectual property and licenses So far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them 4

Problem in Detail A number of approaches, such as business rules or composition concepts for services, have been proposed None of these approaches offers a unified approach with which all kinds of compliance rules can be tackled Compliance rules are often scattered throughout the SOA They must be considered in all components of the SOA They must be considered at different development phases, including analysis, design, and runtime 5

Current Practice vs. COMPAS Approach 6 Current practice: o per case basis o no generic strategy o ad hoc, hand-crafted solutions COMPAS: o unified framework o agile o extensible, tailor-able o domain-orientation o automation o etc.

COMPAS Approach: Auditors View 77 Goals: Support the automated controls better Provide more automated controls Goals: Support the automated controls better Provide more automated controls

COMPAS Assumptions Types of compliance concerns tackled: We concentrate on the service & process world We concentrate on automated controls Compliance expert selects and interprets laws and regulations We deal with two scenarios of introducing compliance (and variations of them): Greenfield Existing processes 8

COMPAS Assumptions COMPAS provides an architecture and approach for dealing with compliance Some compliance examples from the case studies are used to exemplify and validate that architecture and approach Existing languages (e.g., BPMN, BPEL, UML Activity Diagrams), technologies (e.g., ESBs, Process Engines), etc., are used wherever possible New software components are realized for specific compliance related solutions (see D1.1 and DA.1) 9

COMPAS Assumptions We distinguish: High-level processes (e.g., BPMN), non-technical and blurry Low-level processes (e.g., BPEL), technical and detailed 10

Compliance Solution: Overview & Roles 11

Case study: Advanced Telecom Services (WatchMe) 12

Compliance in WatchMe Domains: Internal policies, QoS and Licensing 13 Compliance Requirements Description of Compliance Requirements Control Licensing Pay-per-view plan When the WatchMe company subscribes for the Pay-per-view plan it acquires a limited number of streams based on the amount paid to the media supplier. When WatchMe company subscribes for the Pay-per-view plan it has to pay euro first and then receive 300 streams from the media supplier. Time-based plan When the WatchMe company subscribes for the Time-based plan it acquires any number of times any possible streams in a certain period, based on the amount paid to the media supplier. When WatchMe company subscribes for the time-based plan it has to pay euro first and then receive an unlimited number of times any available stream from the media supplier in a 30 days period starting from the contract start date. Composition permission Only pre-defined combinations of video and audio providers are allowed due to the licenses specified by the video provider. VideoTube can only have audios streams from AudioTube or QuickAudio. QuickVideo can only have audio streams from QuickAudio.

Business process execution 14

User Interface - Login 15

Business process execution 16

User Interface - Search 17

Business process execution 18

User Interface – Choose 19

Business process execution 20

Business process execution 21

User Interface – Choose 22

Runtime compliance governance in COMPAS 23

24 Quality of Service DSL Quality-of-Service Compliance Concerns: Specified in Service-Level- Agreements (SLA), e.g., Availability > 99% Support for stakeholders with different expertise: Domain experts Technical experts Runtime measuring of QoS values Monitoring of QoS events

25 Licensing DSL A high-level language for specifying license constraints in service-oriented business environments that is targeted at domain experts Runtime integration similar to the QoS DSL

26 Process Engine and Extensions Extension of event model: Extended Apache ODE version Provisioning of information required for compliance monitoring and mining Extension for enabling traceability: Integrate Universally Unique Identifiers (UUIDs) in BPEL and Events to identify models from which the processes are generated

27 Complex Event Processing and Esper Rules Complex Event Processing to aggregate compliance events Compliance violation detection on high-level (aggregated, business) events

28 Business protocol-based monitoring Continuously observe and check the correct behavior of a system during run-time Checking of temporal properties specification during execution of a system

29 Event Log and Datawarehouse Store and provide access to all events (low and high level) Separate the operative part (running processes) of COMPAS from the assessment part (data warehouse analysis and reporting) Provide a general schema that can accommodate process and compliance requirements without need to change for each new process or requirement

30 Compliance Governance Dashboard Report on compliance, to create an awareness of possible problems or violations, and to facilitate the identification of root-causes for non- compliant situations Targeted at several classes of users: chief officers of a company, line of business managers, internal auditors, and external auditors (certification agencies)

Questions? 31 Thanks for your attention!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.