Daniel Schleicher

A Management Framework for WS-BPEL

WS-BPEL is the standard to define executable business processes in a Web service world. Numerous commercial and open source BPEL engines exist on the market today that allow the execution of process models defined in BPEL. However, these execution engines only provide access to process model and process instance data in terms of proprietary APIs. In this paper we present an approach that models BPEL process models and process instances as resources and thus provides a uniform access scheme for process model and process instance data. This is crucial because access to process model and process instance data is needed in different scenarios that are of key relevance in enterprises today. These scenarios include compliance checking, repair of faulted business processes as well as real-time monitoring of business processes. The lack of a uniform access scheme to process model and process instance data hampers the exchangeability of BPEL engines and therefore results in a potential vendor lock-in.

Green business process patterns

To ensure their competitive advantage an increasing number of organizations adopt business process management for design, automation, and analysis of their business processes. In order to reduce cost, improve quality, save time, and increase flexibility, techniques for business process improvement and re-engineering are applied. Improving the environmental impact of a business process is a new challenge organizations are faced with. However, current approaches and techniques for business process optimization do not cover the ecological dimension explicitly. In this paper, we propose patterns which describe good solutions for green business process design to address this gap from a business perspective. The patterns are described independently from concrete business process modeling languages and execution environments in order to provide a broad applicability of the patterns within different scenarios. In addition to the patterns, we discuss the general usability of the patterns based on different aspects relevant to an organization.

Maintaining Compliance in Customizable Process Models

Compliance of business processes has gained importance during the last years. The growing number of internal and external regulations that companies need to obey has led to this state. This paper presents a practical concept of ensuring compliance during design time of customizable business processes. We introduce the concept of a business process template that implicitly contains compliance constraints as well as points of variability. We further present an algorithm that ensures that these constraints cannot be violated. We also show how these algorithms can be used to check whether a customization of this process template is valid regarding these compliance constraints. So the designer of a business process, in contrast to the template designer, does not have to worry about compliance of the eventual process. In a final step we show how these general concepts can be applied to WS-BPEL.

Compliant business process design using refinement layers

In recent years compliance has emerged as one of the big IT challenges enterprises are faced with. The management of a multitude of regulations and the complexity of current business processes are problems that need to be addressed. In this paper we present an approach based on so-called compliance templates to develop and manage compliant business processes involving different stakeholders. We introduce the concept of a refinement process. In the refinement process each compliance template is refined in a layered way to get an executable business process. The refinement steps are executed on refinement layers by different stakeholders. Compliance constraints are used to restrict the way a compliance template can be refined. Introduced in a certain refinement layer of the refinement process, compliance constraints are propagated to higher refinement layers.

Process Fragment Composition Operations

The construction kit principle is a well-known software engineering paradigm to foster reusability. In case the construction kit principle is applied at runtime it is even a way to implement flexibility. In today’s workflow technology the construction kit principle is applied, e.g. in in hierarchical modeling approaches using sub processes. In this paper we propose a construction kit application based on process fragment. In contrast to sub processes, process fragments represent on-complete process knowledge, which needs to be integrated with further process knowledge to become a complete process model. Integrating one process fragment with another process fragment requires complex composition operations, since process fragments do not represent the implementation of a single abstract activity like in sub processes, but are knitted together on the same level of granularity. The advantage of process fragments lies in their means to represent noncomplete process knowledge. In this paper we propose a formal process fragment modeling language, which is based on current workflow standard languages, like BPMN. Based on this modeling language we design a basic operation set, which allows to compose process fragments.

Compliance scopes: Extending the BPMN 2.0 meta model to specify compliance requirements

Compliance of business processes is becoming increasingly important in the domain of business process design. Despite that, human process designers must be able to concentrate on the business goals which a business process needs to fulfil. Compliance aspects of the business process should not be in the main focus of the human process designer during the development phase. Therefore, tools must support human process designers in developing compliant business processes. In this paper we introduce the concept of compliance scopes. Compliance scopes are areas in a business process where certain compliance conditions must hold. These conditions are attached to the compliance scopes. Compliance scopes can be applied to existing business process models as well as to process templates. In this way compliance rules are applied to certain areas of a business process. During design time, compliance scopes can be used in graphical workbenches to evaluate modifications to business processes.

Compliance Domains: A Means to Model Data-Restrictions in Cloud Environments

It is crucial for enterprises to execute business operations in a compliant way. This is especially true for IT-driven business processes as enterprises may face considerable fines when violating laws and regulation in their business processes. Through the advent of cloud computing, a new dimension of compliance requirements within the research area of compliant business process design has emerged. Data-sovereignty is one of the major compliance concerns enterprises have to deal with when moving applications and data to the cloud. Enterprises are fully responsible for their data, also when the data is not present within their IT premises anymore. This lead to the policy that specific data must not leave the IT premises of the enterprise. In this paper we present an approach to support the human process designer in modelling compliant business processes. We are focusing on compliance requirements which have to be considered in the field of cloud computing. These requirements have been created to meet laws and regulations. These laws and regulations are considering data which is to other countries, for example. Looking at the characteristics of these requirements, we deal with data-centric compliance rules here.

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

Facilitating compliance management, that is, assisting a company’s management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors—all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company’s compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders—compliance experts and auditors—actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

An approach to combine data-related and control-flow-related compliance rules

Compliance of IT-enabled business processes is a research area gaining more and more attraction for enterprises today. Many enterprises are on the gap of installing workflow systems within their premises. During this process they need to make sure that several regulations, coming from governments or enterprise-internal institutions, are obeyed. We argue that the compliance regulations, enterprises are faced with today, can be built using a number of atomic compliance rules. Until now only control-flow-related atomic compliance rules have been identified in literature. In this paper we extend this list with several data-related atomic compliance rules. We further show how control-flow-related compliance rules and data-related compliance rules can be combined. A fundamental finding that we made in our work with industrial use case partners from EU projects, as well as projects with customers, is that for the specification of control-flow-related compliance rules data issues must also be considered. The main contribution of this paper is a collection of combined compliance rules implementing complex compliance requirements which consist of atomic control-flow related and data-related compliance rules.

MC-Cube: Mastering Customizable Compliance in the Cloud

Outsourcing parts of a companys processes becomes more and more important in a globalized, distributed economy. While architectural styles and technologies such as service-oriented architecture and Web services facilitate the distribution of business process over several departments, enterprises and countries, these business processes still need to comply with various regulations. These regulations can be company regulations, national, or international regulations. When outsourcing IT-functions, enterprises must ensure that the overall regulations are met. Therefore they need evidence from their outsourcing partners that supports the proof of compliance to regulations. Furthermore it must be possible to enforce the adherence to compliance rules at partners. In this paper we introduce so-called compliance interfaces that can be used by customers to subscribe to evidence at a provider and to enforce regulations at a provider. We introduce a general compliance architecture that allows compliance to be monitored and enforced at services deployed in any emerging cloud delivery model.