Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.

Published byMaximo Mathies Modified over 10 years ago

Similar presentations

Presentation on theme: "COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an."— Presentation transcript:

1 COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster http://www.compas-ict.eu COMPAS: Compliance-driven Models, Languages, and Architectures for Services 1

2 Overview COMPAS: Overview Central problems addressed by COMPAS COMPAS assumptions and approach Case Study: Advanced Telecom Services Runtime compliance governance in COMPAS Credits: slides used from presentations of Schahram Dustdar, Uwe Zdun, Marek Tluczek, and other members of the COMPAS project 2

3 About COMPAS Funding: European Commission, 7 th Framework Programme, Specific Targeted Research Project (STREP) Duration: February 2008 till January 2011 Budget: 3.920.000 Partners: 6 research and 3 industrial partners from Austria, France, Germany, the Netherlands, Italy, Poland More at http://www.compas-ict.euhttp://www.compas-ict.eu 3

4 COMPAS: Overview COMPAS addresses a major shortcoming in todays approach to design SOAs: Throughout the architecture various compliance concerns must be considered Examples: Service composition policies, Service deployment policies, Information sharing/exchange policies, Security policies, QoS policies, Business policies, jurisdictional policies, preference rules, intellectual property and licenses So far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them 4

5 Problem in Detail A number of approaches, such as business rules or composition concepts for services, have been proposed None of these approaches offers a unified approach with which all kinds of compliance rules can be tackled Compliance rules are often scattered throughout the SOA They must be considered in all components of the SOA They must be considered at different development phases, including analysis, design, and runtime 5

6 Current Practice vs. COMPAS Approach 6 Current practice: o per case basis o no generic strategy o ad hoc, hand-crafted solutions COMPAS: o unified framework o agile o extensible, tailor-able o domain-orientation o automation o etc.

7 COMPAS Approach: Auditors View 77 Goals: Support the automated controls better Provide more automated controls Goals: Support the automated controls better Provide more automated controls

8 COMPAS Assumptions Types of compliance concerns tackled: We concentrate on the service & process world We concentrate on automated controls Compliance expert selects and interprets laws and regulations We deal with two scenarios of introducing compliance (and variations of them): Greenfield Existing processes 8

9 COMPAS Assumptions COMPAS provides an architecture and approach for dealing with compliance Some compliance examples from the case studies are used to exemplify and validate that architecture and approach Existing languages (e.g., BPMN, BPEL, UML Activity Diagrams), technologies (e.g., ESBs, Process Engines), etc., are used wherever possible New software components are realized for specific compliance related solutions (see D1.1 and DA.1) 9

10 COMPAS Assumptions We distinguish: High-level processes (e.g., BPMN), non-technical and blurry Low-level processes (e.g., BPEL), technical and detailed 10

11 Compliance Solution: Overview & Roles 11

12 Case study: Advanced Telecom Services (WatchMe) 12

13 Compliance in WatchMe Domains: Internal policies, QoS and Licensing 13 Compliance Requirements Description of Compliance Requirements Control Licensing Pay-per-view plan When the WatchMe company subscribes for the Pay-per-view plan it acquires a limited number of streams based on the amount paid to the media supplier. When WatchMe company subscribes for the Pay-per-view plan it has to pay 29.90 euro first and then receive 300 streams from the media supplier. Time-based plan When the WatchMe company subscribes for the Time-based plan it acquires any number of times any possible streams in a certain period, based on the amount paid to the media supplier. When WatchMe company subscribes for the time-based plan it has to pay 89.90 euro first and then receive an unlimited number of times any available stream from the media supplier in a 30 days period starting from the contract start date. Composition permission Only pre-defined combinations of video and audio providers are allowed due to the licenses specified by the video provider. VideoTube can only have audios streams from AudioTube or QuickAudio. QuickVideo can only have audio streams from QuickAudio.

14 Business process execution 14

15 User Interface - Login 15

16 Business process execution 16

17 User Interface - Search 17

18 Business process execution 18

19 User Interface – Choose 19

20 Business process execution 20

21 Business process execution 21

22 User Interface – Choose 22

23 Runtime compliance governance in COMPAS 23

24 24 Quality of Service DSL Quality-of-Service Compliance Concerns: Specified in Service-Level- Agreements (SLA), e.g., Availability > 99% Support for stakeholders with different expertise: Domain experts Technical experts Runtime measuring of QoS values Monitoring of QoS events

25 25 Licensing DSL A high-level language for specifying license constraints in service-oriented business environments that is targeted at domain experts Runtime integration similar to the QoS DSL

26 26 Process Engine and Extensions Extension of event model: Extended Apache ODE version 1.1.1 Provisioning of information required for compliance monitoring and mining Extension for enabling traceability: Integrate Universally Unique Identifiers (UUIDs) in BPEL and Events to identify models from which the processes are generated

27 27 Complex Event Processing and Esper Rules Complex Event Processing to aggregate compliance events Compliance violation detection on high-level (aggregated, business) events

28 28 Business protocol-based monitoring Continuously observe and check the correct behavior of a system during run-time Checking of temporal properties specification during execution of a system

29 29 Event Log and Datawarehouse Store and provide access to all events (low and high level) Separate the operative part (running processes) of COMPAS from the assessment part (data warehouse analysis and reporting) Provide a general schema that can accommodate process and compliance requirements without need to change for each new process or requirement

30 30 Compliance Governance Dashboard Report on compliance, to create an awareness of possible problems or violations, and to facilitate the identification of root-causes for non- compliant situations Targeted at several classes of users: chief officers of a company, line of business managers, internal auditors, and external auditors (certification agencies)

31 Questions? 31 Thanks for your attention! http://www.compas-ict.eu

Download ppt "COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an."

Similar presentations

Ernst Oberortner Vienna University of Technology.

Ernst Oberortner Vienna University of Technology.
Writing Good Use Cases - Instructor Notes

Writing Good Use Cases - Instructor Notes
Requirements Engineering Processes – 2

Requirements Engineering Processes – 2
Overview: Guide for applying RM-ODP with UML Profile for EDOC

Overview: Guide for applying RM-ODP with UML Profile for EDOC
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
© 2005 by Prentice Hall Appendix 3 Object-Oriented Analysis and Design Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.

© 2005 by Prentice Hall Appendix 3 Object-Oriented Analysis and Design Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.
Chapter 7 System Models.

Chapter 7 System Models.
Requirements Engineering Process

Requirements Engineering Process
Chapter 24 Quality Management.

Chapter 24 Quality Management.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 OpenFlow + : Extension for OpenFlow and its Implementation Hongyu Hu, Jun Bi, Tao Feng, You Wang, Pingping Lin Tsinghua University 2011-08-12.

1 OpenFlow + : Extension for OpenFlow and its Implementation Hongyu Hu, Jun Bi, Tao Feng, You Wang, Pingping Lin Tsinghua University
Service Oriented Architecture Reference Model

Service Oriented Architecture Reference Model
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.

Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.

ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
European Union Cohesion Policy

European Union Cohesion Policy
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Similar presentations

Ads by Google