COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will...
-
Upload
maximo-mathies -
Category
Documents
-
view
214 -
download
0
Transcript of COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will...
![Page 1: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/1.jpg)
COMPASCompliance-driven Models, Languages, and Architectures
for Services
"The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business
regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations
developing business compliance solutions easier and faster“
http://www.compas-ict.eu
COMPAS: Compliance-driven Models, Languages, and
Architectures for Services
1
![Page 2: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/2.jpg)
Overview
COMPAS: Overview Central problems addressed by COMPAS COMPAS assumptions and approach Case Study: Advanced Telecom Services Runtime compliance governance in COMPAS
Credits: slides used from presentations of Schahram Dustdar, Uwe Zdun, Marek Tluczek, and other members of the COMPAS project
2
![Page 3: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/3.jpg)
About COMPAS
Funding: European Commission, 7th Framework Programme, Specific Targeted Research Project (STREP)
Duration: February 2008 till January 2011 Budget: 3.920.000 € Partners: 6 research and 3 industrial partners
from Austria, France, Germany, the Netherlands, Italy, Poland
More at http://www.compas-ict.eu
3
![Page 4: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/4.jpg)
COMPAS: Overview
COMPAS addresses a major shortcoming in today’s approach to design SOAs: Throughout the architecture various compliance concerns must be considered
Examples: Service composition policies, Service deployment
policies, Information sharing/exchange policies, Security
policies, QoS policies, Business policies, jurisdictional policies, preference
rules, intellectual property and licenses So far, the SOA approach does not provide any
clear technological strategy or concept of how to realize, enforce, or validate them
4
![Page 5: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/5.jpg)
Problem in Detail
A number of approaches, such as business rules or composition concepts for services, have been proposed None of these approaches offers a unified approach
with which all kinds of compliance rules can be tackled Compliance rules are often scattered throughout
the SOA They must be considered in all components of the
SOA They must be considered at different development
phases, including analysis, design, and runtime
5
![Page 6: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/6.jpg)
Current Practice vs. COMPAS Approach
6
Modelling
Specification
Static verification/validation
Generation
Dynamic verification and validation
Using
Go
ver
nan
ce a
nd
Mo
nit
ori
ng
Current practice:o per case basiso no generic strategyo ad hoc, hand-crafted solutions
COMPAS:o unified frameworko agile o extensible, tailor-ableo domain-orientationo automationo etc.
![Page 7: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/7.jpg)
COMPAS Approach: Auditor’s View
77
Regulation /Legislation
Norm/Standard
Controls
Automated Controls
ReportManual
ControlsManual
Implementation
Risk Management Department
Goals:• Support the automated controls better• Provide more automated controls
![Page 8: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/8.jpg)
COMPAS Assumptions
Types of compliance concerns tackled: We concentrate on the service & process world We concentrate on automated controls
Compliance expert selects and interprets laws and regulations
We deal with two scenarios of introducing compliance (and variations of them): Greenfield Existing processes
8
![Page 9: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/9.jpg)
COMPAS Assumptions
COMPAS provides an architecture and approach for dealing with compliance Some compliance examples from the case studies
are used to exemplify and validate that architecture and approach
Existing languages (e.g., BPMN, BPEL, UML Activity Diagrams), technologies (e.g., ESBs, Process Engines), etc., are used wherever possible New software components are realized for specific
compliance related solutions (see D1.1 and DA.1)
9
![Page 10: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/10.jpg)
COMPAS Assumptions
We distinguish: High-level processes (e.g., BPMN), non-technical and
“blurry” Low-level processes (e.g., BPEL), technical and
detailed
10
![Page 11: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/11.jpg)
Compliance Solution: Overview & Roles
11
Monitoring
InternalizationBusiness execution
Internal evaluation
Regulations, laws, best practices, contracts,...
Internal policies
Business processes
Events
Execution data
Auditor
Process Manager /
Compliance Officer
assists
Compliance Officer
Process Analyst /Compliance Officer / Technical Specialist
Validation
Design
Process Analyst /Technical Specialist
![Page 12: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/12.jpg)
Case study: Advanced Telecom Services (WatchMe)
12
![Page 13: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/13.jpg)
Compliance in WatchMe
Domains: Internal policies, QoS and Licensing
13
ComplianceRequirements
Description of Compliance RequirementsControl
Licensing
Pay-per-view plan
When the WatchMe company subscribes for the Pay-per-view plan it acquires a limited number of streams based on the amount paid to the media supplier.
When WatchMe company subscribes for the Pay-per-view plan it has to pay 29.90 euro first and then receive 300 streams from the media supplier.
Time-based plan
When the WatchMe company subscribes for the Time-based plan it acquires any number of times any possible streams in a certain period, based on the amount paid to the media supplier.
When WatchMe company subscribes for the time-based plan it has to pay 89.90 euro first and then receive an unlimited number of times any available stream from the media supplier in a 30 days period starting from the contract start date.
Composition permission
Only pre-defined combinations of video and audio providers are allowed due to the licenses specified by the video provider.
VideoTube can only have audios streams from AudioTube or QuickAudio. QuickVideo can only have audio streams from QuickAudio.
![Page 14: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/14.jpg)
Business process execution
14
![Page 15: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/15.jpg)
User Interface - Login
15
![Page 16: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/16.jpg)
Business process execution
16
![Page 17: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/17.jpg)
User Interface - Search
17
![Page 18: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/18.jpg)
Business process execution
18
![Page 19: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/19.jpg)
User Interface – Choose
19
![Page 20: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/20.jpg)
Business process execution
20
![Page 21: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/21.jpg)
Business process execution
21
![Page 22: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/22.jpg)
User Interface – Choose
22
![Page 23: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/23.jpg)
Runtime compliance governance in COMPAS
23
Online Compliance Monitoring
Business Protocol Monitoring
Compliance Governance Dashboard
CEP-Based Compliance Monitoring
Events
DisplayInformation
Events
Enterprise Service Bus (WP1, WP5)
Offline Compliance Monitoring
Log Mining
Display Information
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
Event Log
Data Warehouse
Analysis / Business
Intelligence
Event Logs
ETL
Events
DataEvents
Data
DisplayInformation
Events,Messages
DSL Editors
DSL Instances
Deployable CodeMDSD software
framework (WP1)
DSL specification (WP1-5)
![Page 24: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/24.jpg)
DSL Editors
Code Generator
DSL Instances
ModelInstances
Deployable Code
Events
DSL Transformation
View-based Modeling
Framework
Enterprise Service Bus (WP1, WP5)MDSD software
framework (WP1)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
DSL specification (WP1-5)
EMF ModelInstances
OnlineCompliance Monitoring
Compliance Governance Dashboard
CEP-Based Compliance Monitoring
DisplayInformation
Events
24
Quality of Service DSL
Quality-of-Service Compliance Concerns: Specified in Service-Level-Agreements (SLA), e.g., Availability > 99%
Support for stakeholders with different expertise:• Domain experts• Technical experts
Runtime measuring of QoS values
Monitoring of QoS events
![Page 25: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/25.jpg)
DSL Editors
Code Generator
DSL Instances
ModelInstances
Deployable Code
Events
DSL Transformation
View-based Modeling
Framework
Enterprise Service Bus (WP1, WP5)MDSD software
framework (WP1)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
DSL specification (WP1-5)
EMF ModelInstances
OnlineCompliance Monitoring
Compliance Governance Dashboard
CEP-Based Compliance Monitoring
DisplayInformation
Events
25
Licensing DSL A high-level language for specifying license constraints in service-oriented business environments that is targeted at domain experts
Runtime integration similar to the QoS DSL
![Page 26: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/26.jpg)
Events
Events
Enterprise Service Bus (WP1, WP5)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
Deployable Code
MDSD software framework (WP1)
26
Process Engine and Extensions
Extension of event model:• Extended Apache ODE version 1.1.1• Provisioning of information required for compliance monitoring and
mining
Extension for enabling traceability: Integrate Universally Unique Identifiers (UUIDs) in BPEL and Events to identify models from which the processes are generated
![Page 27: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/27.jpg)
Events
Enterprise Service Bus (WP1, WP5)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
OnlineCompliance Monitoring
Compliance Governance Dashboard
CEP-Based Compliance Monitoring
DisplayInformation
Events
27
Complex Event Processing and Esper Rules
Complex Event Processing to aggregate compliance events
Compliance violation detection on high-level (aggregated, business) events
![Page 28: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/28.jpg)
Events
Enterprise Service Bus (WP1, WP5)
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Online Compliance Monitoring
Business Protocol Monitoring
Events,Messages
28
Business protocol-based monitoring
Continuously observe and check the correct behavior of a system during run-time
Checking of temporal properties specification during execution of a system
![Page 29: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/29.jpg)
Compliance Governance Dashboard
Events
Enterprise Service Bus (WP1, WP5)
Offline Compliance Monitoring
Log Mining
Display Information
Runtime compliance environment
Application Server (WP4)
Process Engine (WP1,WP5)
Services
Compliance governance architecture (WP5)
Event Log
Data Warehouse
Analysis / Business
Intelligence
Event Logs
ETL
Events
DataEvents
Data
DisplayInformation
29
Event Log and Datawarehouse
Store and provide access to all events (low and high level)
Separate the operative part (running processes) of COMPAS from the assessment part (data warehouse analysis and reporting)
Provide a general schema that can accommodate process and compliance requirements without need to change for each new process or requirement
![Page 30: COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.](https://reader035.fdocuments.us/reader035/viewer/2022062619/5518cd78550346991f8b5b35/html5/thumbnails/30.jpg)
Compliance Governance Dashboard
Offline Compliance Monitoring
Log Mining
Display Information
Compliance governance architecture (WP5)
Event Log
Data Warehouse
Analysis / Business
Intelligence
Event Logs
ETL DataEvents
Data
DisplayInformation
OnlineCompliance Monitoring CEP-Based
Compliance Monitoring
DisplayInformation
30
Compliance Governance Dashboard
Report on compliance, to create an awareness of possible problems or violations, and to facilitate the identification of root-causes for non-compliant situations
Targeted at several classes of users: • chief officers of a company, • line of business managers, • internal auditors, and • external auditors (certification agencies)