This presentation was presented in Virtual goods conference 2010 against the paper submitted by the authors. In the paper author presented a case study in the framework of COMPAS(http://www.compas-ict.eu/), a research project focused on supporting compliance monitoring and verification in service based systems. In the paper, authors also illustrated how we translate high-level service licenses (specified in Open Digital Rights Language for Services (ODRL-S)) to low-level rules for verifying the compliance requirements at runtime. Authors have validated their approach by architecting a compliance driven service oriented system, where at runtime business processes are monitored for compliance.
1. From ODRL-S to Low-level DSL: A Case Study Based on License Compliance in Service Oriented Systems Soudip Roy Chowdhury1 G.R. Gangadharan2, Patrcia Silveira1, Vincenzo D’Andrea1 1 University Of Trento, Italy 2 Politecnico Di Milano, Italy Virtual Goods 2010,Namur , Belgium 1st October,2010
10. Challenges How to associate high-level license concerns(constraints) with the low-level events ( actions)- Which low level rules can address the license concerns in Watch-me scenario - What is the best strategy for translating ODRL-S license to ESPER rules- Bringing IT-Experts into the loop Creating ESPER rule template Patterns based translation strategy 10
11. ODRL-S to ESPER rules Research challenge 1 & 2 ITExperts DomainExperts Provide low-level process/event information with which license would be attached to, also writes the translation template Write license in ODRL-S format DesignTime Research challenge 3 Low-level rules (e,g ESPER rule) License Translator Event Processing Engine (e.g ESPER CEP Server) Notifies violation Event Processing engine checks the license concern against events, infers about the compliance of the system Sends Event Information CEP online monitor/ Event log Business Process Engine Run Time 11
17. License Translator generated Esper rule for Pay-per-view plan <?xml version="1.0" encoding="UTF-8" ?> <license> <ServiceUID> urn: watchMe:service: watchMe-Provider1-PerUse_service</ServiceUID> <PlanType>Pay-per-view plan</PlanType> <amount>29.90</amount> <unit>watchMe:NumberOfStreams</unit> <count>300</count> <esper> <rule1>create window PayPerViewWindow.win:keepall().std:unique(SessionID) as select SessionID, RequesterID from WatchMeGetVideoStreamEvent</rule1> <rule2>select count(*) from PayPerViewWindow</rule2> </esper> </license> Low level rules intermediate form 16
18. Conclusion and Future work Currently translation is pattern-based mapping This is not efficient for more generic translation In future we will also explore on the possibility of semantic based mapping ( semantic mapping between event concepts and license concepts). 17
19. References 1. Classen, W.: Fundamentals of Software Licensing. IDEA: The Journal of Law and Technology 37(1) (1996) 2. Papazoglou, M.P.: Web Services: Principles and Technology. Pearson, Prentice Hall (2008) 3. Gangadharan, G.R., D’Andrea, V.: Licensing Services: Formal Analysis and Im- plementation. In: Proceedings of the Fourth International Conference on Service Oriented Computing (ICSOC’06), Chicago, USA. (2006) 365–377 4. Gangadharan, G.R., D’Andrea, V., Iannella, R., Weiss, M.: ODRL Service Licensing Profile (ODRL-S). In: Virtual Goods: Technology, Economy, and Legal Aspects. Nova Publishers, USA (2008) 5. Bellamy, R.K.E., Erickson, T., Fuller, B., Kellogg, W.A., Rosenbaum, R., Thomas, J.C., Wolf, T.V.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2) (2007) 205–218 6. Silveira,P.,Rodrguez,C.,Casati,F.,Daniel,F.,D’Andrea,V.,Worledge,C.,Taheri, Z.: On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management. In: Proceedings of NFPSLAM-SOC’09. (2009) 18
22. Translation Templates compositionTemplate =<rule1> create window CompositionWindow$.win:keepall().std:unique(SessionID) as select SessionID,properties.property[1] from pattern [ every (Event (name= $event1_name AND properties.property[2].value= $video_ProviderID ) AND Event (name=$event2_name AND properties.property[2].value =$audio_ProviderID))] </rule1> timeTemplate = <rule1> create window TimebasedWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_namewhere($start_Time > current_timestamp()) or (current_timestamp() >$end_Time) </rule1> countTemplate = <rule1>create window PayPerViewWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_name </rule1><rule2>select count(*) from PayPerViewWindow$ where count(*) > $count </rule2> 21
Editor's Notes
Software licenses
Service license different than software licenses Reference of GR’s paper..
Compliance governance has been gaining importance in organizations because of new regulations appeared recently (e.g., Sarbanes-Oxley Act, Basel III, Solvency II), non-compliance bringing money loss and reputation damage, and the diversity of compliance sources: business owners consider legislature and regulatory bodies, standards and codes of practice, business partner contracts. Existing approaches rarely deal with different types of compliance sources and cover only few steps of the compliance governance.
Two pictures..
Compliance-driven Models, Languages, and Architectures for Services