Project

About COMPAS

The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure compliance of services to design rules and regulations. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster.

 

Service-Oriented Computing and Service-Oriented Architecture

Service-Oriented Computing (SOC) is an emerging computing paradigm that utilizes services as the basic constructs to support the development of rapid and easy composition of distributed applications. Service-Oriented Architecture (SOA) is the main architectural concept in the field of SOC.

The COMPAS project addresses a major shortcoming in today’s approach to design SOAs: throughout the architecture various compliance concerns must be considered, but so far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them.

A number of approaches, such as business rules or composition concepts for services have been proposed, but none of these approaches offers an unified approach with which all kinds of compliance rules can be tackled. This is in part due to the problem that compliance rules are often pervasive throughout the SOA. That is, they have to be considered in all components of the SOA, as well as at different development times, including analysis time, design time, and runtime.

 

Compliance Concerns in SOAs

Compliance refers to any explicitly stated rule or regulation that prescribes any aspect of an internal or cross-organizational business process. Examples of compliance concerns include: service composition policies, service deployment policies, service sequencing or ordering policies, information sharing/exchange policies, security policies, QoS policies, business policies, jurisdictional policies, preference rules, and intellectual property and licenses.

In an ideal world it would be possible to provide a software framework to automatically enforce the compliance to such legislations or provisions for the entire IT of an organization. This, however, is difficult, because usually it is impossible to formally encode all the details of e.g., a legal document.

In many cases, business compliance today is reached on a per-case basis. That is, companies do not have a generic strategy for business compliance, but instead they use ad hoc, hand-crafted solutions for specific rules to which they must comply.

Clearly, all of these concerns are driven by the business requirements, but until now there is no concept for a comprehensive SOA business compliance software framework that enables a business to express these compliance concerns using one and the same software framework and SOA enhancement, e.g., set of languages and models, technological mapping onto the service-oriented architecture, and technologies that realize such a compliance software framework.

 

COMPAS Approach

Model-driven Solution

The COMPAS project will design and implement novel models, languages, and an architectural framework including required software components and services to ensure dynamic and on-going compliance of software services to business regulations and design rules.

This is achieved using the model-driven software development (MDSD) approach to enable organizations developing custom business compliance solutions faster, cheaper, and with less required programming skills. Domain-specific languages will be used to enable non-programmers to work with and understand the compliance models in their domain.

Software Components Addressing the Entire Compliance Lifecycle

We devise a “design-for-compliance” technology framework which will be used to ensure compliant composition of business processes and services and that will allow specification, validation, and enforcement of comprehensive compliance policies related to these processes and services. That is, the entire compliance lifecycle, shown in the figure below, will be addressed.

COMPAS will enhance business process languages, such as the Business Process Execution Language (BPEL), with enforceable compliance concepts and policies. Furthermore, COMPAS will develop specification languages and models for expressing typical compliance concerns. A formally grounded and implemented behavioural model for services and service composition will be provided enabling the formal validation of compliance of composed services to the specifications.

COMPAS will develop monitoring and management tools for tracking and validating those compliance concerns that can only be verified at runtime, thus enabling governance of compliance concerns.