Vincenzo D'Andrea

Business Compliance Governance in Service-Oriented Architectures

Governing business compliance with regulations, laws, best practices, contracts, and the like is not an easy task, and so far there are only limited software products available that help a company to express compliance rules and to analyze its compliance state. We argue that today’s SOA-based way of implementing and conducting business (e.g., using Web services and business process engines) lends itself very well to the development of a comprehensive compliance government solution that effectively aids companies in being compliant. In this paper, we contextualize the compliance problem in SOA-based businesses, we highlight which are the most salient research challenges that need to be addressed, and we describe our approach to compliance governance, spanning design, execution, and evaluation concerns.

Web service discovery based on past user experience

Web service technology provides a way for simplifying interoperability among different organizations. A piece of functionality available as a web service can be involved in a new business process. Given the steadily growing number of available web services, it is hard for developers to find services appropriate for their needs. The main research efforts in this area are oriented on developing a mechanism for semantic web service description and matching. In this paper, we present an alternative approach for supporting users in web service discovery. Our system implements the implicit culture approach for recommending web services to developers based on the history of decisions made by other developers with similar needs. We explain the main ideas underlying our approach and report on experimental results.

Improving Web Service Discovery with Usage Data

Service-oriented computing and Web services are becoming more popular, enabling organizations to use the Web as a market for selling their own services and consuming existing services from others. Nevertheless, the more services are available, the more difficult it becomes to find the most appropriate service for a specific application. Existing approaches to Web service discovery tend to address different information-processing styles. However, Web services have functional and nonfunctional characteristics that can be difficult to present and control. Service behavior and quality-of-service (QoS) parameters can vary over time, and new services can emerge in certain business areas.

On the design of compliance governance dashboards for effective compliance and audit management

Assessing whether a companys business practices conform to laws and regulations and follow standards, i.e., compliance governance, is a complex and costly task. Few software tools aiding compliance governance exist; however, they typically do not address the needs of who is in charge of assessing and controlling compliance, that is, compliance experts and auditors. We advocate the use of compliance governance dashboards, whose design and implementation is however challenging for these reasons: (i) it is fundamental to identify the right level of abstraction for the information to be shown; (ii) it is not trivial to visualize distinct analysis perspectives; and (iii) it is difficult to manage the large amount of involved concepts, instruments, and data. This paper shows how to address these issues, which concepts and models underlie the problem, and, how IT can effectively support compliance analysis in SOAs.

Evaluating quality of web services: a risk-driven approach

Composing existing web services to obtain new functionalities is important for e-business applications. Deficiencies of aggregated web services can be compensated involving a redundant number of them for critical tasks. Key steps lie in Quality of Service (QoS) evaluation and selection of web services with appropriate quality characteristics in order to avoid frequent and severe faults of a composite web service. This paper, first, surveys the existing approaches for QoS-driven web service selection. Then, it proposes a novel approach for evaluating quality of redundant service compositions through analysis of risk related to the use of external web services. Finally, we describe an improved selection algorithm that takes into account success rate, response time and execution cost of involved web services.

Service License Composition and Compatibility Analysis

Services enable the transformation of the World Wide Web as distributed interoperable systems interacting beyond organizational boundaries. Service licensing enables broader usage of services and a means for designing business strategies and relationships. A service license describes the terms and conditions for the use and access of the service in a machine interpretable way that services could be able to understand. Service-based applications are largely grounded on composition of independent services. In that scenario, license compatibility is a complex issue, requiring careful attention before attempting to merge licenses. The permissions and the prohibitions imposed by the licenses of services would deeply impact the composition. Thus, service licensing requires a comprehensive analysis on composition of these rights and requirements conforming to the nature of operations performed and compensation of services used in composition. In this paper, we analyze the compatibility of service license by describing a matchmaking algorithm. Further, we illustrate the composability of service licenses by creating a composite service license, that is compatible with the licenses being composed.

IC-service: a service-oriented approach to the development of recommendation systems

Recommendation systems have proven to be useful in various application domains. However, current solutions are usually ad-hoc systems which are tightly-coupled with the application domain. We present the IC-Service, a recommendation service that can be included in any system in a loosely coupled way. The implementation follows the principles of service oriented computing and provides a solution to various problems arising in recommendation systems, e.g. to the problem of meta-recommendation systems development. Moreover, when properly configured, the IC-Service can be used by different applications (clients), and several independent instances of the IC-Service can collaborate to produce better recommendations. Service architecture and communication protocols are presented. The paper describes also ongoing work and applications based on the IC-Service.

Leveraging web services discovery with customizable hybrid matching

Improving web service discovery constitutes a vital step for making a reality the Service Oriented Computing (SOC) vision of dynamic service selection, composition and deployment. Matching allows for comparing user requests with descriptions of available service implementations, and sits at the heart of the service discovery process. This paper firstly evaluates the efficacy of several key similarity metrics for matching syntactic, semantic and structural information from service interface descriptions, using a uniform corpus of web services. Secondly, it experiments with a hybrid style of matching that allows for blending various matching approaches and makes them configurable to cater service discovery given domain-specific constraints and requirements.

Managing license compliance in free and open source software development

License compliance in Free and Open Source Software development is a significant issue today and organizations using free and open source software are predominately focusing on this issue. The non-compliance to licenses in free and open source software development leads to the loss of reputation and the high costs of litigation for organizations. Towards an automated compliance management, we use the Open Digital Rights Language to implement the clauses of open source software licenses in a machine interpretable way and propose a novel algorithm that analyzes compatibility between free and open source software licenses. Also, we describe a framework that inductively manages compliance of license clauses in a free and open source software development. We simulate and evaluate the formalized license compliance management by analyzing a real-time open source software project GRASS.

Licensing services: formal analysis and implementation

The distribution of services spanning across organizational boundaries raises problems related to intellectual value that are less explored in service oriented research. Being a way to manage the rights between service consumers and service providers, licenses are critical to be considered in services. As the nature of services differs significantly from traditional software and components, services prevent the direct adoption of software and component licenses. We propose a formalisation of licensing clauses specific to services for unambiguous definition of a license. We extend Open Digital Rights Language to implement the clauses of service licensing, making a service license compatible with all the existing service standards.