1. COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster“ http://www.compas-ict.eu COMPAS: Compliance-driven Models, Languages, and Architectures for Services 1

2. Overview  Central problems addressed by COMPAS  COMPAS assumptions and approach  Contribution to NEXOF 2

3. COMPAS: Overview  COMPAS addresses a major shortcoming in today’s approach to design SOAs: Throughout the architecture various compliance concerns must be considered  Examples:  Service composition policies, Service deployment policies,  Information sharing/exchange policies, Security policies, QoS policies,  Business policies, jurisdictional policies, preference rules, intellectual property and licenses  So far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them 3

4. Problem in Detail  A number of approaches, such as business rules or composition concepts for services, have been proposed  None of these approaches offers a unified approach with which all kinds of compliance rules can be tackled  Compliance rules are often scattered throughout the SOA  They must be considered in all components of the SOA  They must be considered at different development phases, including analysis, design, and runtime 4

5. Current Practice vs. COMPAS Approach 5 Current practice: o per case basis o no generic strategy o ad hoc, hand-crafted solutions COMPAS: o unified framework o agile o extensible, tailor-able o domain-orientation o automation o etc.

6. COMPAS Approach: Auditor’s View 66 Goals: Support the automated controls better Provide more automated controls Goals: Support the automated controls better Provide more automated controls

7. COMPAS Assumptions  Types of compliance concerns tackled:  We concentrate on the service & process world  We concentrate on automated controls  Compliance expert selects and interprets laws and regulations  We deal with two scenarios of introducing compliance (and variations of them):  Greenfield  Existing processes  We distinguish:  High-level processes (e.g., BPMN), non-technical and “blurry”  Low-level processes (e.g., BPEL), technical and detailed 7

8. Compliance Solution: Overview & Roles 8

9. Contribution to NEXOF  Conceptual model contribution:  Conceptual model and terminology shared with NEXOF-RA, contributing to the Conceptual Reference Model (including Glossary) where compliance concerns could be acquired, modeled, realized, enforced and validated.  Architecture & Pattern contribution:  COMPAS contributed its overall architecture to NEXOF-RA to identify functional elements and derive architectural choices if not patterns to be proposed;  Design of a channel-based coordination pattern for design-time service composition within NEXOF-RA.  Participation & contribution to NEXOF-RA events  Open Call for Contribution, Investigation teams  2 publications:  Collaborative web service discovery with the Implicit Culture Framework, NESSI Open Framework - Reference Architecture (NEXOF-RA), 2008 ;  Design Time Service Composition with Reo Coordination Tools, NESSI Open Framework - Reference Architecture (NEXOF-RA), 2008. 9

10. Questions? 10 Thanks for your attention! http://www.compas-ict.eu