compas: compliance-driven models, languages, and architectures for services
DESCRIPTION
COMPAS: Compliance-driven Models, Languages, and Architectures for Services. Overview. Central problems addressed by COMPAS COMPAS assumptions and approach Contribution to NEXOF. COMPAS: Overview. - PowerPoint PPT PresentationTRANSCRIPT
COMPASCompliance-driven Models, Languages, and Architectures
for Services
"The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business
regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations
developing business compliance solutions easier and faster“
http://www.compas-ict.eu
COMPAS: Compliance-driven Models, Languages, and
Architectures for Services
1
Overview
Central problems addressed by COMPAS COMPAS assumptions and approach Contribution to NEXOF
2
COMPAS: Overview
COMPAS addresses a major shortcoming in today’s approach to design SOAs: Throughout the architecture various compliance concerns must be considered
Examples: Service composition policies, Service deployment
policies, Information sharing/exchange policies, Security
policies, QoS policies, Business policies, jurisdictional policies, preference
rules, intellectual property and licenses So far, the SOA approach does not provide any
clear technological strategy or concept of how to realize, enforce, or validate them
3
Problem in Detail
A number of approaches, such as business rules or composition concepts for services, have been proposed None of these approaches offers a unified approach
with which all kinds of compliance rules can be tackled Compliance rules are often scattered throughout
the SOA They must be considered in all components of the
SOA They must be considered at different development
phases, including analysis, design, and runtime
4
Current Practice vs. COMPAS Approach
5
Modelling
Specification
Static verification/validation
Generation
Dynamic verification and validation
Using
Go
ver
na
nc
e an
d M
on
ito
rin
g
Current practice:o per case basiso no generic strategyo ad hoc, hand-crafted solutions
COMPAS:o unified frameworko agile o extensible, tailor-ableo domain-orientationo automationo etc.
COMPAS Approach: Auditor’s View
66
Regulation /Legislation
Norm/Standard
Controls
Automated Controls
ReportManual
ControlsManual
Implementation
Risk Management Department
Goals:• Support the automated controls better• Provide more automated controls
Goals:• Support the automated controls better• Provide more automated controls
COMPAS Assumptions
Types of compliance concerns tackled: We concentrate on the service & process world We concentrate on automated controls
Compliance expert selects and interprets laws and regulations
We deal with two scenarios of introducing compliance (and variations of them): Greenfield Existing processes
We distinguish: High-level processes (e.g., BPMN), non-technical and “blurry” Low-level processes (e.g., BPEL), technical and detailed
7
Compliance Solution: Overview & Roles
8
Monitoring
InternalizationBusiness execution
Internal evaluation
Regulations, laws, best practices, contracts,...
Internal policies
Business processes
Events
Execution data
Auditor
Process Manager /
Compliance Officer
assists
Compliance Officer
Process Analyst /Compliance Officer / Technical Specialist
Validation
Design
Process Analyst /Technical Specialist
Contribution to NEXOF Conceptual model contribution:
Conceptual model and terminology shared with NEXOF-RA, contributing to the Conceptual Reference Model (including Glossary) where compliance concerns could be acquired, modeled, realized, enforced and validated.
Architecture & Pattern contribution: COMPAS contributed its overall architecture to NEXOF-RA to identify
functional elements and derive architectural choices if not patterns to be proposed;
Design of a channel-based coordination pattern for design-time service composition within NEXOF-RA.
Participation & contribution to NEXOF-RA events Open Call for Contribution, Investigation teams
2 publications: Collaborative web service discovery with the Implicit Culture Framework,
NESSI Open Framework - Reference Architecture (NEXOF-RA), 2008 ; Design Time Service Composition with Reo Coordination Tools, NESSI
Open Framework - Reference Architecture (NEXOF-RA), 2008.
9