13/10/2008 ISOLA'08 Kassandra Greece 1
Towards Using Reo for Compliance-awareBusiness Process Modeling
Natallia Kokash join work with Farhad Arbab and Sun Meng
13/10/2008 ISOLA'08 Kassandra Greece 2
IntroductionMotivationBusiness Process ModelingReo Coordination Language
Overview, tools, semanticsBPMN to Reo
Mapping, examples, process analysis Support for Business Process ComplianceRelated WorkConclusions and Future Work
13/10/2008 ISOLA'08 Kassandra Greece 3
Motivation
COMPAS = Compliance-driven Models, Languages, and Architectures for Services
Ensure dynamic and on-going compliance of software services to business regulations and user requirements Help organizations to develope business compliance solutions easier and faster http://www.compas-ict.eu/
13/10/2008 ISOLA'08 Kassandra Greece 4
What is compliance?A multi-faceted concept that encompasses the capability of an organization to meet requirements coming from
Regulatory/legislative documents• Basel II2, Sarbanes-Oxley6, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, etc.
Internal movements towards Quality of Service (QoS)User-defined constraints…
Compliance can be seen asA state of “adherence of one set of rules (source rules) against another set of rules (target rules)”A process, which is about “ensuring that business processes, operations and practice are in accordance with a prescribed set of norms”
13/10/2008 ISOLA'08 Kassandra Greece 5
Goal of this paperMany compliance concerns are related to control and data flow
Constraints on workflow structure, data visibility, temporal requirements…
Goal of this paperBridge the gap between domain-level process modeling and executable processesProvide an unambiguous behavioral specification for business processes and web service compositionLeverage business process design and web service composition with formal analysis (e.g., to ensure their compliance to formally expressed regulations)
13/10/2008 ISOLA'08 Kassandra Greece 6
Compliance-aware SOA design M
odel
ing
Impl
emen
tatio
nBusiness Process Lifecycle Compliance Concerns
Graphical Modeling Tools (GMT)(BPMN, UML2 ADs, BPEL)
Reo/Constraint AutomataModeling Tools
Java, BPEL, WS-CDL, WSDL
DSLs, GMT extensions
Constraints, Temporal Logic Formulae,
Automata
Web Services, WS-Policies, XACML, etc.
Mod
el c
heck
ing,
re
finem
ent BPMN2Reo,...
Code generation
13/10/2008 ISOLA'08 Kassandra Greece 7
BPMN
13/10/2008 ISOLA'08 Kassandra Greece 8
Reo Coordination Language
=A
B
C
AB
C
Exclusive choice (deffered XOR)
FIFO1 channelsynchronous channel
lossy synchronous channel
filter channel
P P
P-producer
synchronous drain
asynchronous drain
synchronous spout
asynchronous spout
≤τ
timer channel
SemanticsConnector coloringConstraint automata
• [Baier et al. 2006]
Service1
Service2
Service3
A
B
C
13/10/2008 ISOLA'08 Kassandra Greece 9
Reo Coordination ToolsReo Connector EditorAnimation Plug-inConverter to Extended Constraint Automata (time, QoS)Model Checking Tool (provided by University of Dresden)
http://wwwtcs.inf.tu-dresden.de/~klueppel/TUD_CWI/Welcome.htmlJava Code Generator (distributed version is also available)http://reo.project.cwi.nl/
BPEL to Reo converter (provided by University of Tehran)[S. Tasharofi et al. 2008]
UML Sequence Diagrams to Reo converter – work in progressBPMN to Reo
13/10/2008 ISOLA'08 Kassandra Greece 10
BPMN2Reo: basic gateways
OR/XOR mergeParallel fork
Parallel join
Event-based XOR decision
≤τ
M
g1
g2
Data-based OR/XOR decision
13/10/2008 ISOLA'08 Kassandra Greece 11
BPMN2Reo: complex gateways
Repository of workflow patterns modeled with Reohttp://homepages.cwi.nl/~proenca/webreo/home.htm
Complex Merge(e.g., m out of n)
Dn D2
A1
A2
An
C1
Cm
B
D1 D0
C2
Dn D2
A1
A2
An
C1
Cm
B
D1 D0
C2
13/10/2008 ISOLA'08 Kassandra Greece 12
Complex event(proceed if a message is received in a given time interval)
BPMN2Reo: tasks, events and messages
M1
A B
Send order
C D
Receive order
M2
!
M1
A B
M2
P
Synchronous message exchange
Outgoing messages
M M
Blocking Non-blocking lossy Non-blocking waiting
M
Message event
≤τ
M
Valve
open
Atomic task
MM
13/10/2008 ISOLA'08 Kassandra Greece 13
BPMN2Reo Example
Purchaser
Supplier
Create purchase request
Send decline
Approve purchase request
start
refused
approved
Send acknowledgment
Create purchase order
Receive purchase orderstart Source goods
Receive purchase order
Receive goods and shipment notice
end
end
Data-based XOR decision
Parallel join
Parallel fork
XOR merge
Receive message
Send message
[Sadiq et al, BPM’07]
13/10/2008 ISOLA'08 Kassandra Greece 14
Business Process Development1. BPMN diagram
2. Reo process model
3. Reo animation
4. Service composition
13/10/2008 ISOLA'08 Kassandra Greece 15
BPMN2Reo: exception handling in sequential processes
startT1 T2 Tn
P
cancel
exception
end! !
cancel
start end
P1 P2 Pn
exceptionP’
! !
Sequantial sub-processes
Sequantial atomic tasks
13/10/2008 ISOLA'08 Kassandra Greece 16
BPMN2Reo: exception handling in parallel processes (1)
start end
T1
T2
Tn
exceptionP
cancel
Parallel atomic tasks
13/10/2008 ISOLA'08 Kassandra Greece 17
BPMN2Reo: exception handling in parallel processes (2)
start
P1
P2
Pn
P’
end
exception
cancel
Parallel sub-processes
13/10/2008 ISOLA'08 Kassandra Greece 18
Reo2BPMN: compensation activities
commit
performed
cancel
start C
start performed
commitcancel
T
~T
Ccommittedcancelled
start performed
commitcancel
T
~T
Ccommittedcancelled
C’
commit
performed
cancel
start C
(committed)
(cancelled)
C’
commit
performed
cancel
start C
(committed)
(cancelled)
13/10/2008 ISOLA'08 Kassandra Greece 19
BPMN2Reo: transaction modeling
(cancel all performed)
start performedC1 C2 Cn
P
cancel
cancelled
(commit all)
!!!
N. Kokash and F. Arbab, Applying Reo to Service Coordination in Long-Running Business Transactions (submitted)
Transactions with possible compensation activity failuresTransactions with parallel flowsTransactions with parallel flows in a discriminator patternCompensation in parallel flows with dependency links
13/10/2008 ISOLA'08 Kassandra Greece 20
Compliance concernsCOMPAS has identified
Control flow, locative, information, resource and temporal compliance concernsMonitoring, payment, privacy, quality, retention, security and transaction compliance concerns
We can deal with (at least) control flow, resource, temporal, quality and transaction compliance
13/10/2008 ISOLA'08 Kassandra Greece 21
Compliance-aware Process DesignSeparation of Duty (e.g., four-eyes principle)
One user cannot execute a whole process E.g., 2 users must be involved in a process consisting of 4 sequential tasks
ApproachConstraints on task assignment to users expressed in GMT extensions (e.g., BPMN) or DSLs
• C. Wolter and A. Schaad “Modeling of Task-Based Authorization Constraints in BPMN”, BPM’07, volume 4714 of LNCS, Springer, pp. 64–79
• Constraint: ({t1, t2, t3, t4}, 2, 3)How to enforce these constraints in a workflow?
• Reo workflow model + a set of tokens corresponding to each user• Reconfigure Reo workflow model to comply with constraints • Various options are possible: e.g., each of 2 users executes 2 tasks – compliant,
but not efficient• A guide how to deal with such kind of problems using Reo coordination tools
is work in progress
13/10/2008 ISOLA'08 Kassandra Greece 22
Related Work (1)BPMN semantics
Dijkman, R.M., Dumas, M., Ouyang, C.: Formal semantics and analysis of BPMN process models. In: Information and Software Technology (IST). (2008)Wong, P., Gibbons, J.: A process semantics for BPMN. Technical report, Queensland University of Technology (2007)Wong, P., Gibbons, J.: A relative timed semantics for BPMN. Technical report, Queensland University of Technology (2007)
BPMN to BPELRecker, J., Mendling, J.: On the translation between BPMN and BPEL: Conceptual mismatch between process modeling languages. In: Proc. of the Int. Conf. On Advanced Information Systems Engineering. (2006) 521-532Ouyang, C., Dumas, M., ter Hofstede, A., van der Aalst, W.: Pattern-based translation of BPMN process models to BPEL web services. Int. Journal ofWeb Services Research (JWSR) 5(1) (2007) 42-61
Petri-net semantics for web service compositionLohmann, N.: A feature-complete Petri net semantics for WS-BPEL 2.0. In: Proc. of the Int.Workshop onWeb Services and Formal Methods. Volume 4937 of LNCS., Springer (2008) 77-91
13/10/2008 ISOLA'08 Kassandra Greece 23
Related work (2)Formal Compliance Modeling
Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Systems Journal 46(2) (2007) 335-361Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: Proc. of the Int. Conf. on Service-Oriented Architectures (ICSOC'07). Volume 4749 of LNCS., Springer (2007) 169{180Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: Proc. of the Int. Enterprize Distributed Object Computing Conf. (EDOC'06), IEEE Computer Society (2006) 221-232Brunel, J., Cuppens, F., Cuppens, N., Sans, T., Bodeveix, J.P.: Security policy compliance with violation management. In: Proc. of the Workshop on Formal Methods in Security Engineering (FMSE'07), ACM Press (2007) 31-40A. Awad, G. Decker and M. Weske, “Efficient Compliance Checking Using BPMN-Q and Temporal Logic”, Proc. of the Int. Conf. on Business Process Management (BPM), 2008
13/10/2008 ISOLA'08 Kassandra Greece 24
Related work (3)Reo/Constraint automata and their applications in SOC
Arbab, F.: Reo: A channel-based coordination model for component composition. Mathematical Structures in Computer Science 14(3) (2004) 329-366Baier, C., Sirjani, M., Arbab, F., Rutten, J.: Modeling component connectors in Reo by constraint automata. Science of Computer Programming 61 (2006) 75-113Arbab, F., Baier, C., de Boer, F.S., Rutten, J.J.M.M.: Models and temporal logics for timed component connectors. Int. Journal on Software and Systems Modeling 6(1) (2007) 59-82Arbab, F., Chothia, T., Meng, S., Moon, Y.J.: Component connectors with QoS guarantees. In: Proc. of the Int. Conf. on Coordination Languages (Coordination'07). Volume 4467 of LNCS., Springer (2007) 286-304Meng, S., F.Arbab: On resource-sensitive timed component connectors. In: Proc. of the Int. Conf. on Formal Methods for Open Object-Based Distributed Systems (FMOODS'07). Volume 4468 of LNCS., Springer (2007) 301-316Meng, S., Arbab, F.: Web service choreography and orchestration in Reo and constraint automata. In: Proc. of the ACM Symposium on Applied Computing (SAC'07), ACM Press (2007) 346-353S. Tasharofi, M. Vakilian, R. Z. Moghaddam and M. Sirjani, “Modeling Web Service Interactions Using the Coordination Language Reo”, Proc. of the Int. Workshop on Web Services and Formal Methods, 2008, volume 4937 of LNCS, Springer, pp. 108-123
13/10/2008 ISOLA'08 Kassandra Greece 25
Conclusions and Future WorkProposed a new model and a framework for business process design
Formal semanticsGraphical notation
Mapped BPMN to ReoMost of the BPMN modeling primitives have been considered
Future workBPMN2Reo converter implementation – work in progressUsing Reo for Enforcing Compliance Constraints