COMPAS Compliancedriven Models Languages and Architectures for Services

COMPAS Compliance-driven Models, Languages, and Architectures for Services COMPAS: Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an architectural framework to ensure dynamic and on-going compliance of software services to business regulations and stated user service-requirements. COMPAS will use model-driven techniques, domain-specific languages, and service-oriented infrastructure software to enable organizations developing business compliance solutions easier and faster“ http: //www. compas-ict. eu 1

Overview § Central problems addressed by COMPAS § COMPAS assumptions and approach § Contribution to NEXOF 2

COMPAS: Overview § COMPAS addresses a major shortcoming in today’s approach to design SOAs: Throughout the architecture various compliance concerns must be considered § Examples: § Service composition policies, Service deployment policies, § Information sharing/exchange policies, Security policies, Qo. S policies, § Business policies, jurisdictional policies, preference rules, intellectual property and licenses § So far, the SOA approach does not provide any clear technological strategy or concept of how to realize, enforce, or validate them 3

Problem in Detail § A number of approaches, such as business rules or composition concepts for services, have been proposed § None of these approaches offers a unified approach with which all kinds of compliance rules can be tackled § Compliance rules are often scattered throughout the SOA § They must be considered in all components of the SOA § They must be considered at different development phases, including analysis, design, and runtime 4

Current Practice vs. COMPAS Approach Current practice: o per case basis o no generic strategy o ad hoc, hand-crafted solutions 5 COMPAS: o unified framework o agile o extensible, tailor-able o domain-orientation o automation o etc.

COMPAS Approach: Auditor’s View Goals: • Support the automated controls better • Provide more automated controls 6

COMPAS Assumptions § Types of compliance concerns tackled: § We concentrate on the service & process world § We concentrate on automated controls § Compliance expert selects and interprets laws and regulations § We deal with two scenarios of introducing compliance (and variations of them): § Greenfield § Existing processes § We distinguish: § High-level processes (e. g. , BPMN), non-technical and “blurry” § Low-level processes (e. g. , BPEL), technical and detailed 7

Compliance Solution: Overview & Roles 8

Contribution to NEXOF § Conceptual model contribution: § Conceptual model and terminology shared with NEXOF-RA, contributing to the Conceptual Reference Model (including Glossary) where compliance concerns could be acquired, modeled, realized, enforced and validated. § Architecture & Pattern contribution: § COMPAS contributed its overall architecture to NEXOF-RA to identify functional elements and derive architectural choices if not patterns to be proposed; § Design of a channel-based coordination pattern for design-time service composition within NEXOF-RA. § Participation & contribution to NEXOF-RA events § Open Call for Contribution, Investigation teams § 2 publications: § Collaborative web service discovery with the Implicit Culture Framework, NESSI Open Framework - Reference Architecture (NEXOF-RA), 2008 ; § Design Time Service Composition with Reo Coordination Tools, NESSI Open Framework - Reference Architecture (NEXOF-RA), 2008. 9

Questions? Thanks for your attention! http: //www. compas-ict. eu 10