Abstract
Organizations today are required to adhere to a number of compliance concerns from laws, regulations and policies. Compliance is achieved through defining and implementing so-called controls in the organizations’ business processes. Organizations that build their systems based on the process-driven SOA paradigm realize business processes through orchestration of services to handle the process’ business activities. These business activities or groups of business activities in some cases realize the compliance controls. We propose an approach for implementing event-based compliance monitoring infrastructure that observes such business processes to verify that compliance is indeed adhered to. Our approach is essentially a model-driven technique for realizing this infrastructure. We implement a domain-specific language for specification of compliance directives, and we include code generation templates to generate compliance monitoring code, which is leveraged by complex event processing components to monitor for compliance. We evaluate the impact of our approach on the effort and productivity of a developer who is specifying compliance directives.
Similar content being viewed by others
Notes
We use the terms directives and rules interchangeably.
References
Zdun U, Hentrich C, Dustdar S (2007) Modeling process-driven and service-oriented architectures using patterns and pattern primitives. ACM Trans Web 1(3):14
Kung P, Hagen C, Rodel M, Seifert S (2005) Business process monitoring& measurement in a large bank: challenges and selected approaches. In: Proceedings of the 16th international workshop on database and expert systems applications, pp 955–961
Cannon JC, Byers M (2006) Compliance deconstructed. Queue 4(7):30–37
Anderson R (2008) Security engineering. Wiley, New York
O’Grady S (2004) SOA meets compliance: compliance oriented architecture. http://redmonk.com/public/COA_final.pdf. Accessed April 2010
Sadiq SW, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. In: Alonso G, Dadam P, Rosemann M (eds) BPM. Lecture notes in computer science, vol 4714. Springer, Berlin, pp 149–164
Bonazzi R, Hussami L, Pigneur Y (2010) Compliance management is becoming a major issue in is design. In: D’Atri A, Saccà D (eds) Information systems: people, organizations, institutions, and technologies. Physica-Verlag, Heidelberg, pp 391–398
Mulo E, Zdun U, Dustdar S (2009) Monitoring web service event trails for business compliance. In: SOCA, IEEE, pp 1–8
Stoneburner G, Goguen A, Feringa A (2002) National institute of standards and technology special publications 800–30: risk management guide for information technology Systems
IT Governance Institute (ITGI) (2006) IT control objectives for Sarbanes-Oxley. 2nd edn. Information Systems Audit and Control Association (ISACA) Inc
Havey M (2005) Essential business process modeling. O’Reilly Media, Inc., USA
Object Management Group/Business Process Management Initiative (2008) Business process modeling notation (bpmn) version 1.0
Zur Muehlen M, Rosemann M (2000) Workflow-based process monitoring and controlling-technical and organizational issues. In: Proceedings of the 33rd annual hawaii international conference on system, sciences, vol 2, pp 10
McGregor C, Kumaran S (2002) Business process monitoring using web services in B2B e-commerce. In: Proceedings of the international parallel and distributed processing symposium (IPDPS 2002), pp 219–226
Grigori D, Casati F, Castellanos M, Dayal U, Sayal M, Shan MC (2004) Business process intelligence. Comput Ind 53(3):321–343
Luckham DC (2002) The power of events: an introduction to complex event processing in distributed enterprise systems. Addison-Wesley, Reading
Greiner T, Düster W, Pouatcha F, von Ammon R, Brandl HM, Guschakowski D (2006) Business activity monitoring of norisbank taking the example of the application easycredit and the future adoption of complex event processing (CEP). In: Proceedings of the 4th international symposium on principles and practice of programming in Java (PPPJ ’06), ACM, New York, pp 237–242
Rozsnyai S, Vecera R, Schiefer J, Schatten A (2007) Event cloud—searching for correlated business events. In: The 9th IEEE international conference on e-commerce technology and the 4th IEEE international conference on enterprise computing, e-commerce and e-services (CEC/EEE 2007), pp 409–420
Wei M, Ari I, Li J, Dekhil M (2007) ReCEPtor: sensing complex events in data streams for service-oriented architectures. Technical report HPL-2007-176, HP Labs
Brandl HM (2007) Complex event processing in the context of business activity monitoring. University of Applied Sciences Regensburg, Master’s thesis
Wu E, Diao Y, Rizvi S (2006) High-performance complex event processing over streams. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD ’06), ACM, New York, pp 407–418
Völter M (2009) Md* best practices. J Object Technol 8(6):79–102
Workflow Management Coalition Specification (1999) Workflow management coalition terminology& glossary (Document No. WFMC-TC-1011). Workflow Management Coalition Specification
Wohed P, van der Aalst WMP, Dumas M, ter Hofstede AHM, Russell N (2006) On the suitability of bpmn for business process modelling. In: Dustdar S, Fiadeiro JL, Sheth AP (eds) Business process management. Lecture notes in computer science, vol 4102. Springer, Berlin, pp 161–176
Zdun U (2010) A DSL toolkit for deferring architectural decisions in DSL-based software design. Inf Softw Technol 52(7):733–748
EsperTech (2009) Esper reference documentation version 3.2.0. EsperTech Inc
Basili V, Caldiera G, Rombach H (1994) The goal question metric approach. Encycl Softw Eng 1:528–532
Li W, Henry SM (1993) Object-oriented metrics that predict maintainability. J Syst Softw 23(2):111–122
Hatton L (1998) Does oo sync with how we think? IEEE Softw 15(3):46–54
Henderson-Sellers B (1996) Object-oriented metrics: measures of complexity. Prentice Hall object-oriented series, Prentice Hall PTR,
Oman P, Hagemeister J (1992) Metrics for assessing a software system’s maintainability. In: Proceerdings of the 1992, conference on software maintenance, pp 337–344
Mahbub K, Spanoudakis G (2004) A framework for requirements monitoring of service based systems. In: Aiello M, Aoyama M, Curbera F, Papazoglou MP (eds) ACM, ICSOC, pp 84–93
Giblin C, Liu AY, Zhou X (2005) Regulations expressed as logical models (REALM). In: A.I.O.S. Press (ed) Proceedings of the 18th annual conference on legal knowledge and information systems (JURIX ’05), pp 37–48
Giblin C, Müller S, Pfitzmann B (2006) From regulatory policies to event monitoring rules: towards model-driven compliance automation. Technical report RZ 3662, IBM Research
Rozinat A, van der Aalst WMP (2008) Conformance checking of processes based on monitoring real behavior. Inf Syst 33(1):64–95
Baresi L, Ghezzi C, Guinea S (2004) Smart monitors for composed services. In: Proceedings of the 2nd international conference on Service oriented computing (ICSOC ’04), ACM, New York, 193–202
Baresi L, Guinea S, Plebani P (2006) Lecture notes in computer science. In: WS-policy for service monitoring. Springer, Berlin, pp. 72–83
Erradi A, Maheshwari P, Tosic V (2007) WS-policy based monitoring of composite web services. In: 5th IEEE European conference on web services (ECOWS ’07), pp 99–108
Vaculin R, Sycara K (2007) Specifying and monitoring composite events for semantic web services. In: 5th IEEE European conference on web services (ECOWS ’07), pp 87–96
Li Z, Jin Y, Han J (2006) A runtime monitoring and validation framework for web service interactions. In: The Australian software engineering conference (ASWEC ’06), pp 70–79
Benatallah B, Casati F, Toumani F (2004) Analysis and management of web service protocols. In: Proceedings of the 23rd international conference on conceptual modeling (ER ’04), Shanghai, pp 524–541
Sayal M, Casati F, Dayal U, Shan MC (2002) Business process cockpit. In: VLDB, Morgan Kaufmann, pp 880–883
Acknowledgments
This work was supported by funds from the European Commission (contract No. 215175 for the FP7-ICT-2007-1 project COMPAS).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mulo, E., Zdun, U. & Dustdar, S. Domain-specific language for event-based compliance monitoring in process-driven SOAs. SOCA 7, 59–73 (2013). https://doi.org/10.1007/s11761-012-0121-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11761-012-0121-3