This presentation was presented in Virtual goods conference 2010 against the paper submitted by the authors. In the paper author presented a case study in the framework of COMPAS(http://www.compas-ict.eu/), a research project focused on supporting compliance monitoring and verification in service based systems. In the paper, authors also illustrated how we translate high-level service licenses (specified in Open Digital Rights Language for Services (ODRL-S)) to low-level rules for verifying the compliance requirements at runtime. Authors have validated their approach by architecting a compliance driven service oriented system, where at runtime business processes are monitored for compliance.

1. From ODRL-S to Low-level DSL: A Case Study Based on License Compliance in Service Oriented Systems Soudip Roy Chowdhury1 G.R. Gangadharan2, Patrcia Silveira1, Vincenzo D’Andrea1 1 University Of Trento, Italy 2 Politecnico Di Milano, Italy Virtual Goods 2010,Namur , Belgium 1st October,2010

2. License 2

3. Service License http://odrl.net/Profiles/Services/ 3

4. Service License Defines Terms and conditions for usage of service. Limit the liability of service provider in case of failure. 4

5. Compliance Requirement - COMPAS http://www.compas-ict.eu/ 5

6. Compliance Governance Runtime Architecture 6

7. License requirements in COMPAS 7

8. Conceptual model for compliance management 8

9. Runtime License verification framework 9

10. Challenges How to associate high-level license concerns(constraints) with the low-level events ( actions)- Which low level rules can address the license concerns in Watch-me scenario - What is the best strategy for translating ODRL-S license to ESPER rules- Bringing IT-Experts into the loop Creating ESPER rule template Patterns based translation strategy 10

11. ODRL-S to ESPER rules Research challenge 1 & 2 ITExperts DomainExperts Provide low-level process/event information with which license would be attached to, also writes the translation template Write license in ODRL-S format DesignTime Research challenge 3 Low-level rules (e,g ESPER rule) License Translator Event Processing Engine (e.g ESPER CEP Server) Notifies violation Event Processing engine checks the license concern against events, infers about the compliance of the system Sends Event Information CEP online monitor/ Event log Business Process Engine Run Time 11

12. License Translator License Pattern Esper Rule Template License Translator Esper Rule 12

13. License Translator contd.. Writes ODRL-S based license Domain Experts <o-ex:permission> <o-dd:play> . . . . . . </o-dd:play> </o-ex:permission> . <wm:event name="WatchMeGetVideoStreamEvent"> . . . </wm:event> Provides low level information IT Experts ODRL-S Pattern 13

15. Associates them together and produce low-level rule which are consumed by ESPER Event processing engine for runtime compliance checking. 14

16. Pay Per View plan in WatchMe scenario . . . <o-ex:permission> <o-dd:play> <wm:event name="WatchMeGetVideoStreamEvent"> <o-ex:requirement> <wm:plan> <wm:type>Pay-per-view plan</wm:type> </wm:plan> <o-dd:prepay> <o-dd:payment> <o-dd:amounto-dd:currency="EUR">29.90</o-dd:amount> </o-dd:payment> </o-dd:prepay> </o-ex:requirement> <o-ex:constraint> <o-dd:unito-ex:type="watchMe:NumberOfStreams" /> <o-dd:count>300</o-dd:count> </o-ex:constraint> </wm:event> </o-dd:play> </o-ex:permission> . . . 15

17. License Translator generated Esper rule for Pay-per-view plan <?xml version="1.0" encoding="UTF-8" ?> <license> <ServiceUID> urn: watchMe:service: watchMe-Provider1-PerUse_service</ServiceUID> <PlanType>Pay-per-view plan</PlanType> <amount>29.90</amount> <unit>watchMe:NumberOfStreams</unit> <count>300</count> <esper> <rule1>create window PayPerViewWindow.win:keepall().std:unique(SessionID) as select SessionID, RequesterID from WatchMeGetVideoStreamEvent</rule1> <rule2>select count(*) from PayPerViewWindow</rule2> </esper> </license> Low level rules intermediate form 16

18. Conclusion and Future work Currently translation is pattern-based mapping This is not efficient for more generic translation In future we will also explore on the possibility of semantic based mapping ( semantic mapping between event concepts and license concepts). 17

19. References 1. Classen, W.: Fundamentals of Software Licensing. IDEA: The Journal of Law and Technology 37(1) (1996) 2. Papazoglou, M.P.: Web Services: Principles and Technology. Pearson, Prentice Hall (2008) 3. Gangadharan, G.R., D’Andrea, V.: Licensing Services: Formal Analysis and Im- plementation. In: Proceedings of the Fourth International Conference on Service Oriented Computing (ICSOC’06), Chicago, USA. (2006) 365–377 4. Gangadharan, G.R., D’Andrea, V., Iannella, R., Weiss, M.: ODRL Service Licensing Profile (ODRL-S). In: Virtual Goods: Technology, Economy, and Legal Aspects. Nova Publishers, USA (2008) 5. Bellamy, R.K.E., Erickson, T., Fuller, B., Kellogg, W.A., Rosenbaum, R., Thomas, J.C., Wolf, T.V.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2) (2007) 205–218 6. Silveira,P.,Rodrguez,C.,Casati,F.,Daniel,F.,D’Andrea,V.,Worledge,C.,Taheri, Z.: On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management. In: Proceedings of NFPSLAM-SOC’09. (2009) 18

20. Thank you 19

21. Licensing clause-pay-per view plan 20

22. Translation Templates compositionTemplate =<rule1> create window CompositionWindow$.win:keepall().std:unique(SessionID) as select SessionID,properties.property[1] from pattern [ every (Event (name= $event1_name AND properties.property[2].value= $video_ProviderID ) AND Event (name=$event2_name AND properties.property[2].value =$audio_ProviderID))] </rule1> timeTemplate = <rule1> create window TimebasedWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_namewhere($start_Time > current_timestamp()) or (current_timestamp() >$end_Time) </rule1> countTemplate = <rule1>create window PayPerViewWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_name </rule1><rule2>select count(*) from PayPerViewWindow$ where count(*) > $count </rule2> 21