M03 |
| D7.1 |
Report on Public Web-Site |
pdf |
| This report contains the description and documentation of the public web-site of the COMPAS project. | |
|
| D8.1 |
Project Quality Plan |
pdf |
| The research and development projects usually comprise a substantial number of processes. Most of the processes are targeted in the realization of the project objectives. Nevertheless, there are also supplementary processes, which importance is determined by the project scale. This document establishes the foundation for the project supporting processes. It covers verification of project deliverables and continuous improvement of project processes. | |
|
M06 |
D2.1 |
State-of-the-Art in the Field of Compliance Languages |
pdf |
| This deliverable provides an overview of the state-of-the-art in compliance languages, particularly focusing on languages for regulatory and legislative provisions. The deliverable first identifies different aspects of compliance and discusses a wide range of compliance legislations such as, Basel II, FINRA (NASD/SEC) regulations, HIPAA, IFRS, MIFID, Sarbanes-Oxley and Tabaksblat. Next, it identifies a set of core compliance concerns that will be used as a point of reference during the development of the compliance request language. The deliverable also analyses existing solutions for modelling these concerns. | |
|
| D5.1 |
State-of-the-Art in the Field of Adaptive Service Composition Monitoring and Management |
pdf |
| This deliverable summarizes the state of the art in adaptive service composition monitoring and management, reviewing commercial products and research approaches. We first introduce a compliance management lifecycle, then survey existing approaches using dimensions, introduced to characterize and compare approaches. We then analyze several business intelligence and reporting suites, which can be used in the development of the dashboard visualizing monitoring results. Finally, we identify best practices, discuss the lessons learned, and identify which solutions are suitable for the work on compliance governance in WP5. | |
|
| D7.2 |
Collaboration Activities Plan |
pdf |
| This deliverable contains the plan for collaboration of the COMPAS project, including the activities of the specific working group this project will participate in. The collaboration covers mainly the liaison and cooperation activities with other ICT projects under Objective 1.2 “Service and Software Architectures, Infrastructure and Engineering” of the Seventh Framework Programme (FP7). | |
|
M11 |
| D1.1 |
Model-driven Integration Architecture for Compliance |
pdf |
| Business compliance today is usually implemented on a per case basis. In this deliverable, we present the initial architecture of a framework that aims to implement this compliance in a more generalized manner. The framework leverages the advantages of the model driven software development paradigm to rapidly develop and stably evolve a business compliance solution. We give an overview of the components that make up this framework and how they integrate with each other, as well as explaining how the model driven approach addresses some of the challenges experienced when developing compliance solutions. | |
|
| D2.2 |
Initial Specification of Compliance Language Constructs and Operators |
pdf |
| This deliverable focuses on the introduction of initial Compliance Request Language (CRL) for the formal specification of compliance requirements that stem from legislative and regulatory bodies (e.g. Sarbanes-Oxley and Basel II). In this deliverable, we identified the languages that can be used as the basic building blocks for a comprehensive CRL. Next, we examined these languages to evaluate their feasibility in the COMPAS project. In particular, we analysed Deontic logic family, Temporal logic family and the third class of compliance languages is grounded on XML. | |
|
| D3.1 |
Specification of a Behavioral Model for Services |
pdf |
| This report presents a formal model for unambiguous specification of business process behaviour suitable for verification of process compliance to formally specified legislative norms and requirements. We target at model checking of various process properties including structural, temporal, transactional, resource-aware and Quality-of-Service (QoS) characteristics. Our approach adheres to the principle of model-driven development and establishes the connection of the proposed formal tools with popular business process modelling notations such as BPMN, UML or WS-BPEL. | |
|
| D4.1 |
State-of-the-art report on the existing approaches to improving reusability of processes and service compositions |
pdf |
| This report reflects the state-of-the-art of the existing approaches to improving reusability of processes and service compositions. The applicability of the presented approaches in the field of compliance is analyzed, and also the relation and application of the presented approaches to the COMPAS project are discussed. A solution concept for usage in the field of compliance is outlined, which is called process fragment. The approach combines concepts from some of the presented approaches, such as sub-processes, parameterization, workflow patterns and possibly AOP as integration mechanism. | |
|
| D5.2 |
Initial goal-oriented data model |
pdf |
| In this deliverable we describe a goal-oriented data model for warehousing business process execution data and compliance data. Storing business process data in relation with compliance data will allow for the analysis of compliance deviations as well as for traditional OLAP-like analysis and the use of the data in Business Intelligence (BI) applications. The warehouse is a part of the compliance governance architecture developed in WP5. This deliverable also includes a model and a DSL for compliance to licenses. | |
|
M12 |
| DA.1 |
COMPAS Architectural Walkthroughs and Evaluation Metrics |
pdf |
| This deliverable introduces a pragmatic view of COMPAS architecture introduced in D1.1 in terms of architectural instantiation and walkthroughs in the course of two use case scenarios in COMPAS. Finally, the Evaluation Metrics, introduced in D6.1 will be concretised and explained for this architecture – especially in terms of tangible results for the research work performed in COMPAS. | |
|
| D7.4 |
Report of collaboration activities and updates of the collaboration activities plan |
pdf |
| This deliverable provides an update of the collaboration plan and reports on standardization activities and collaboration with other projects done during the first year of COMPAS. | |
|
M18 |
| D2.3 |
Design of Compliance Language Run-time Environment and Architecture |
pdf |
| This deliverable presents the design of a software environment for the Compliance Request Language, which will enable users to define compliance requirements in various abstractions and to express compliance requests for identifying matching compliance targets conforming to a set of selected compliance requirements. This document also presents a meta-model for Compliance Request Language and proposes extensions to address the limitations identified and documented in D2.2. | |
|
| D3.2 |
Visual Environment for Service Description |
pdf |
| This deliverable presents visual tool prototypes for service specification and verification based on the formal behavioral model discussed in the deliverable D3.1. The presented toolset includes graphical editors for the domain-level process modeling (BPMN, UML SDs and BPEL), a set of model transformation tools that enable automated conversion of these diagrams to their formal representation (Reo process models), a visual environment for editing and analyzing formalized processes (Reo editor and Reo animation engine) and their underlying semantic models (Constraint Automata (CA) editor), as well as a number of model checking tools for automated process verification. We outline the main functionalities of these tools, and illustrate their application for the analysis of process fragments developed for the THALES case study D6.1. | |
|
| D5.3 |
Final Goal-oriented Data Model |
pdf |
| This document describes the final goal-oriented data model for warehousing business process execution data and compliance data. Storing business process data in relation with compliance data will allow for the analysis of compliance deviations as well as for traditional OLAP-like analysis and the use of the data in BI applications. This deliverable also includes a model and a DSL for compliance to licenses and a reference scenario (WatchMe case study) where we apply such model. This deliverable refines and replaces Initial goal-oriented data model D5.2. | |
|
|
M23 |
| D1.2 |
Core Meta-models, Transformation Templates, and Languages |
pdf |
| Ensuring business compliance in process-driven SOAs is a tedious and error-prone task because the stakeholders confront two challenges: the increasing complexity of process descriptions and the gap between abstraction levels due to the difference of language syntax and semantics, the difference of granularity, and the lack of supporting links between highlevel and low-level process languages. In this deliverable, we present a MDSD Software Framework comprising a view-based, model-driven approach and various DSLs tooling to address the aforementioned issues in order to ease the process development in a flexible, extensible manner. The MDSD Software Framework will contribute a foundation for modelling and development processes and business compliance as well as provide appropriate means for integrating COMPAS partners’ efforts at both conceptual and technical levels. | |
|
| D1.3 |
MDSD Software Framework for Business Compliance |
pdf |
| In the first release of the MDSD Software Framework, we present the implementation of View-based, Model-driven Approach in terms of a View-based Modelling Framework. This document accompanies the MDSD Software Framework prototype which is packaged and delivered in the corresponding COMPAS DVD. | |
|
| D2.6 |
Implementation of an Integrated Prototype handling Interactive User Specified Compliance Requests in a Compliance Language |
pdf |
| This deliverable presents the initial version of the prototype D2.6 (Compliance Request Language Tool), which will be finalized in M35. It describes how the prototype is integrated with the COMPAS Architecture and briefly presents the requirements and the design of the prototype. It also describes the current status of the implementation together with the technology choices utilized. | |
|
| D3.3 |
Verification Tools for Service Descriptions |
pdf |
| This deliverable presents the design of a software package which includes an Eclipse plugin for editing business protocols and a library for checking compatibility and replaceability of business protocols and constraint automata, which can handle ontology access control specification as an example of data constraints. | |
|
| D4.2 |
BPEL Extensions for Compliant Services |
pdf |
| This deliverable defines extensions to the Business Process Execution Language (BPEL) in order to enable the implementation of the compliant service composition specifications. For this task we are building on the solution concept outlined in deliverable D4.1 which is called process fragment. Our approach aims at ensuring a faster and more consistent specification and integration of compliance checks into business processes. In this deliverable, we elaborate on the background, the solution concept and provide implementation details in order to define a solution for reusability and compliance in BPM. | |
|
| D4.4 |
Supporting Infrastructure – Process Engine, Process Artefact Repository, Process Generation Tool |
pdf |
| This deliverable provides the description of the initial versions of prototypes for supporting reusable units, namely process fragments, as well as the generation and execution of compliant processes. Therefore, the prototypes discussed in this deliverable have been integrated with the WS-Business Process Execution Language (BPEL) extensions which are developed and specified in the COMPAS deliverable entitled "BPEL extensions for compliant services" [D4.2]. The integration of the COMPAS prototypes into the COMPAS overall architecture and especially into the MDSD infrastructure from WP1 is clarified. Besides, the roles of the prototypes and their usage within the COMPAS usage scenarios are explained. | |
|
| D5.4 |
Reasoning Mechanisms to Support the Identification and the Analysis of Problems Associated with User Requests |
pdf |
| This deliverable defines the reasoning mechanisms and algorithms that are used in COMPAS to analyze and report on deviations of the process definitions from the desired compliance concern targets, such as regulations, QoS agreements, security requirements and licenses. The deliverable introduces two approaches to identify the root causes of possible violations, one
that operates at design time (before the execution of processes) and one that operates at assessment time (after the execution of processes). As a means for reporting on compliance, the deliverable discusses the computation of so-called Key Compliance Indicators (KCIs), providing at a glance insight into the compliance state of a company. The deliverable further includes a meta-model and DSL for compliance to security policies. | |
|
D5.5 |
Initial Prototype of Compliance Governance Dashboards |
pdf |
| This deliverable describes the first prototype of the Compliance Governance Dashboard (CGD) developed to assist compliance experts and auditors in charge of assessing and controlling compliance. We present which concepts and models underlie the problem and how IT can effectively support compliance analysis in SOAs. To achieve this, we position dashboards in the COMPAS runtime architecture. Then, we describe CGDs, their main concepts based on the COMPAS conceptual model, and the navigation design used for drill down/roll up. Thus, we present how to use CGDs in practice and how we implement them in COMPAS. | |
|
M24 |
|
| D7.4 |
Report of collaboration activities and updates of the collaboration activities plan |
pdf |
| This deliverable, due at M24 of the COMPAS project, provides an update of the collaboration
plan and reports on standardization activities and collaboration with other projects done
during the second year of COMPAS. | |
|
M30 |
|
| D2.4 |
Initial Implementation of a Compliance Language |
pdf |
| This deliverable presents the initial implementation of the prototype D2.4 for the compliance
request language. In particular, the tool supports the design of visual representations of
compliance requirements using patterns and automated generation of formal compliance rules
based on the compliance request language meta-model.It describes how the prototype is
integrated with the COMPAS Architecture and briefly presents itsmain features and design. It
also describes the current status of the implementation together with the technology choices. | |
|
| D2.5 |
Specification of an Extension to BPEL for Adaptability – Final Version |
pdf |
| This deliverable describes the integration of the results achieved in the field of compliance
languages (WP2), process reuse concepts (WP4), and concepts for formal verification (WP3).
In particular, we present a methodology to assure compliant business process design. The
methodology combines the advantages of logical formulae and verification with reusable
process structures related to compliance. Logical formulae and verification provide proof of a
compliant design and reusable process structures enable a fast and consistent augmentation of
a process with compliance. The solution specified in this deliverable makes both approaches
more complete: On the one hand, verification of formal compliance requirements gives proof
about whether the process design is compliant, but it does not provide assistance for
augmentation with compliance if required. On the other hand, process fragments for
compliance enable a fast and consistent integration of compliance into a process, but they do
not cover if the integration has been performed in a correct manner, i.e., if the process
augmented with compliance is actually compliant by design. Combined, we can exploit the
strength of each approach without its shortcoming. | |
|
| D4.3 |
Classification and Specification of Reusable Process Artefacts |
pdf |
| In service-oriented computing, processes have a number of concerns, among which
reusability. Reusability means that processes are designed and discovered in such a way that
they can be identified, classified and combined together. In this deliverable, we first discuss
the concept of process fragments and show how it is used in the framework of COMPAS. We
also survey existing approaches related to classification (in general) of processes. We analyse
those approaches and discuss their characteristics. The first problem to solve in order to
provide a framework to reuse and combine fragments is the fragmentation of business
processes. We propose a model of fragmentation based on model checking and slicing
techniques. Fragmentation is based on business rules expressed in Linear Temporal Logic
(LTL). In our proposal the fragmentation does not consist in splitting a web service
composition in a set of fragments. It is defined as the seeking of a single fragment that
contributes to the verification of a business rule. | |
|
M35 |
|
| D1.3 |
MDSD Software Framework for Business Compliance - Final Version |
pdf |
| Ensuring business compliance in process-driven SOAs is a tedious and error-prone task
because the stakeholders confront two challenges: the increasing complexity of process
descriptions and the gap between abstraction levels due to the difference of language syntax
and semantics, the difference of granularity, and the lack of supporting links between highlevel
and low-level process languages. In this deliverable, we present a MDSD software
framework comprising a view-based, model-driven approach and domain-specific languages
(DSL) to address the aforementioned issues in order to ease the process development in a
flexible, extensible manner. The MDSD software framework provides a foundation for
modelling and developing processes and business compliance as well as appropriate means
for integrating COMPAS partners’ efforts at both conceptual and technical levels.
Furthermore, we present a DSL for specifying Quality of Service (QoS) compliance concerns
that is tailored for technical and non-technical stakeholders. | |
|
| D1.4 |
Runtime Environment: Final Version – Prototype |
pdf |
| This deliverable introduces the integrated COMPAS runtime environment which enables
compliance checking and monitoring at runtime. The runtime environment considers storage
of compliance-related process data and the enactment of process execution including
traceability aspects. The compliance-enabled service environment publishes execution events
via an enterprise service bus. Several components are subscribed to the published events to
enable online and offline compliance monitoring. The results of the monitoring are displayed
in a compliance governance dashboard. This deliverable contains integration code for
prototypes developed in the project (e.g., code for connecting publishers and subscribers for
the enterprise service bus). In addition, we present a new prototype for online process instance
monitoring which provides basic monitoring functionality missing in the standard distribution
of the process engine. | |
|
| D2.6 |
Implementation of an Integrated Prototype Handling Interactive User Specified Compliance Requests in a Compliance Language |
pdf |
| This deliverable presents the final version of the integrated prototype D2.6 (Compliance
Request Language Tools - CRLT). The initial version of the prototype was released in M23.
The deliverable describes how the CRLT prototype is integrated with the COMPAS
Architecture and presents briefly its main features, design and implementation details. In
resume, the CRLT supports the management of the compliance requirements stored in the
Compliance Requirements Repository (CRR) and the design-time compliance verification of
compliance targets. | |
|
| D3.4 |
Management Tools for Compliant Behaviour |
pdf |
| This deliverable describes the adaptation of compatibility and replaceability tools of deliverable [D3.3] to the COMPAS infrastructure.
Compatibility refers to the fact that two services can interact without problem, which means that the behaviour of each of them fulfils the other’s expectations. This is of particular importance when the compliance of the service with some compliance request relies on the others’ compliance. Moreover, would one of the services need to be replaced, it should be replaced with one that fulfils the other’s expectations without having to check the whole process again. This approach was demonstrated in deliverable [D3.3] on credential based access control policies. This deliverable describes the reimplementation of this library in a generic way, protocol being parameterized by transition specifications that reflects compliance requirements and compliance fulfilments. We demonstrate how linear temporal logic, which is used as an underlying language for compliance requests in COMPAS [D2.6], can be used as transition specification. We also show how the library allows combining various kinds of specifications, taking care of the behaviour induced interferences.
This deliverable limits its objectives in providing information on the use of the generic compatibility and replaceability library, some implementation details and location of sources of the compatibility library. | |
|
| D3.5 |
Service Model Interpreter / Simulator Engine |
pdf |
| This deliverable presents tool prototypes for the simulation of service models specified using
formal notations introduced in Deliverable D3.1 [D3.1]. The presented tools are integrated to
the visual environment for service description described in Deliverable D3.2 [D3.2].
One of the simulation tools uses graphical animation of control flow in a formal process
model represented in a form of a Reo network and collects statistical data about its
performance. This tool is useful for the evaluation of non-functional parameters of processes
such as response time or throughput. Such information is relevant to guarantee process
compliance by design to QoS requirements and Service Level Agreements (SLA). We also
present a plug-in for integrating two existing verification toolsets to our framework. Given a
graphical process model, we automatically generate specifications that are processed by
mCRL2 and CADP toolsets. Among many other facilities these toolsets offer means for
process simulation. We outline the main functionalities of these tools, and illustrate their
application to the simulation of service models extracted from the COMPAS case studies. | |
|
| D4.4 |
Supporting Infrastructure – Process Engine, Process Artefact Repository, Process Generation Tool |
pdf |
| This deliverable provides a revised description of the technical infrastructure to support the
design, generation and execution of compliant processes. The infrastructure consists of a
process engine, two process artefact repositories and a process generation tool.
To support traceability during execution we present an extension of the open-source process
engine Apache ODE. To support reusable units for compliance, namely compliance
fragments, we present the fragment-oriented repository Fragmento. To support compliancedriven
models we developed the model-aware repository MORSE. To support monitoring of
business protocols we present a way to generate a business protocol specification from a
business process specified by means of BPEL. Furthermore, we discuss an integral part of the
View-based Modeling Framework which generates process descriptions and service
descriptions of processes.
This deliverable is an update of the former version of D4.4 from M23. In order to make this
deliverable self-contained most of the prototype descriptions of the former version have been
included in this document. All descriptions have been revised and updated with respect to
changes of the prototypes and new features which have been implemented. | |
|
| D5.5 |
Business Process Performance Dashboard |
pdf |
| Assessing whether a company’s business processes conform to laws and regulations and
follow standards and best practices, i.e., compliance governance, is a complex and
costly task. Few software tools aiding compliance governance exist; however, they
typically do not really address the needs of who is actually in charge of assessing and
controlling compliance, that is, compliance experts and auditors.
In order to support compliance governance we advocate the use of Compliance
Governance Dashboards (CGDs), whose design and implementation is however
challenging for at least three reasons: (i) it is fundamental to identify the right level of
abstraction of compliance performance to be shown; (ii) it is not trivial to visualize
different analysis perspectives; and (iii) it is difficult to manage the large amount of
involved concepts, instruments, and data. | |
|
| D5.6 |
Compliance Mining Tool |
pdf |
| Compliance governance relies on the fundamental endeavour of mining business
process models and Web service business protocols from log files. Model mining aims
at the discovery of the behaviour of a running model implementation using solely its
interaction and activity traces, and no information on the target model.
In order to support compliance governance we make use of the Compliance Mining
Tool (CMT), whose design and implementation is an important challenge for at least
three reasons: (i) a minority of interaction data is recorded by process and service-aware
architectures, (ii) a limited number of methods achieve model extraction without
knowledge of either positive process and protocol instances or the information to infer
them, and (iii) the existing approaches rely on restrictive assumptions that only a
fraction of real-world Web services satisfy. | |
|
M36 |
|
| D7.4 |
Report of collaboration activities and updates of the collaboration activities plan |
pdf |
| This deliverable, due at M36 of the COMPAS project, reports on standardization activities
and collaboration with other projects done during the third year of COMPAS. | |
