Using Reo for Compliance-driven Design of Service-Oriented Applications

Currently, there are no well-established techniques to ensure dynamic and ongoing compliance of services-oriented applications to business regulations that come out from legislative and regulatory documents such as Basel II1, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, and the Sarbanes-Oxley6 Act, as well as from internal movements of business stakeholders towards Quality of Service (QoS). Recently started EU FP7-ICT COMPAS (Compliance driven Models, Languages, and Architectures for Services) project aims at bridging this gap, in particular, by developing formally grounded models for expressing service behaviour and advanced process constraints. Business Process Modeling Notation (BPMN) is the most widely-used language for capturing business processes at the level of domain analysis. However, it is rather declarative and may lead to the development of executable models which are incomplete or semantically erroneous. Therefore, an approach for expressing and analyzing BPMN diagrams in a formal way is required.

The objective of my talk is three-fold. First, I briefly introduce primary goals and tasks of the COMPAS project. Second, I consider the main business process modeling primitives as defined in BPMN and show how Reo tools can be used to model and refine their semantics. Third, I sketch some initial ideas on how compliance concerns can be incorporated into Reo process models and their mathematical abstractions.  

hosted by