Walid Fdhila

On enabling compliance of cross-organizational business processes

Process compliance deals with the ability of a company to ensure that its business processes comply with domain-specific regulations and rules. So far, compliance issues have been mainly addressed for intra-organizational business processes, whereas there exists only little work dealing with compliance in the context of cross-organizational processes that involve multiple business partners. As opposed to intra-organizational processes, for a cross-organizational process, compliance must be addressed at different modeling levels, ranging from interaction models to public process models to private processes of the partners. Accordingly, there exist different levels for modeling compliance rules. In particular, we distinguish between local compliance rules of a particular partner and global compliance rules to be obeyed by all partners involved in the cross-organizational process. This paper focuses on checking the compliance of interaction models. For this purpose, we introduce the notion of compliability, which shall guarantee that an interaction model is not conflicting with a set of imposed global compliance rules.

Towards Compliance of Cross-Organizational Processes and Their Changes

Businesses require the ability to rapidly implement new processes and to quickly adapt existing ones to environmental changes including the optimization of their interactions with partners and customers. However, changes of either intra- or cross-organizational processes must not be done in an uncontrolled manner. In particular, processes are increasingly subject to compliance rules that usually stem from security constraints, corporate guidelines, standards, and laws. These compliance rules have to be considered when modeling business processes and changing existing ones. While change and compliance have been extensively discussed for intra-organizational business processes, albeit only in an isolated manner, their combination in the context of cross-organizational processes remains an open issue. In this paper, we discuss requirements and challenges to be tackled in order to ensure that changes of cross-organizational business processes preserve compliance with imposed regulations, standards and laws.

Partitioning and Cloud Deployment of Composite Web Services under Security Constraints

In this paper, we propose an approach for deploying business processes on the cloud supporting security constraints, thereby ensuring sensitive data exchange. This approach uses partitionning techniques for fulfilling security requirements and optimizing communication costs. The partitions are deployed independently on different cloud platforms. Subsequently, these partitions depend on message exchange synchronization, which defines our choreography on the cloud. Moreover, we consider additional requirements related to data-dependencies and Quality of Service (QoS) disparities to optimize the execution of the outsourced process. Our approach is motivated by an insurance case study and implemented within an open source cloud platform.

Change and Compliance in Collaborative Processes

During their lifecycle, business processes are keen to change. Changes either concern the process model structure or the accompanying rules, e.g. Compliance rules (laws and regulations). In the context of business process collaborations, several process partners collaborate together, and changing one process might result in knock-on effects on the other processes, i.e., Change propagation. Since business processes are often subject to restrictions that stem from laws, regulations or guidelines, i.e., Compliance rules, changing them might lead to the violations of these rules (non-compliability). So far, only the impacts of process changes in choreographies have been studied. In this work, we propose an approach that analyzes and evaluates the impacts of process changes on the different compliance rules and inversely, the impacts of compliance rule changes on the process choreography.

Predicting Resource Allocation and Costs for Business Processes in the Cloud

By moving business processes into the cloud, business partners can benefit from lower costs, more flexibility and greater scalability in terms of resources offered by the cloud providers. In order to execute a process or a part of it, a business process owner selects and leases feasible resources while considering different constraints, e.g., Optimizing resource requirements and minimizing their costs. In this context, utilizing information about the process models or the dependencies between tasks can help the owner to better manage leased resources. In this paper, we propose a novel resource allocation technique based on the execution path of the process, used to assist the business process owner in efficiently leasing computing resources. The technique comprises three phases, namely process execution prediction, resource allocation and cost estimation. The first exploits the business process model metrics and attributes in order to predict the process execution and the requires resources, while the second utilizes this prediction for efficient allocation of the cloud resources. The final phase estimates and optimizes costs of leased resources by combining different pricing models offered by the provider.

Memetic Algorithms for Mining Change Logs in Process Choreographies

The propagation and management of changes in process choreographies has been recently addressed as crucial challenge by several approaches. A change rarely confines itself to a single change, but triggers other changes in different partner processes. Specifically, it has been stated that with an increasing number of partner processes, the risk for transitive propagations and costly negotiations increases as well. In this context, utilizing past change events to learn and analyze the propagation behavior over process choreographies will help avoiding significant costs related to unsuccessful propagations and negotiation failures, of further change requests. This paper aims at the posteriori analysis of change requests in process choreographies by the provision of mining algorithms based on change logs. In particular, a novel implementation of the memetic mining algorithm for change logs, with the appropriate heuristics is presented. The results of the memetic mining algorithm are compared with the results of the actual propagation of the analyzed change events.

Classification and Formalization of Instance-Spanning Constraints in Process-Driven Applications

In process-driven applications, typically, instances share human, computer, and physical resources and hence cannot be executed independently of each other. This necessitates the definition, verification, and enforcement of restrictions and conditions across multiple instances by so called instance-spanning constraints (ISC). ISC might refer to instances of one or several process types or variants. While real-world applications from, e.g., the logistics, manufacturing, and energy domain crave for the support of ISC, only partial solutions can be found. This work provides a systematic ISC classification and formalization that enables the verification of ISC during design and runtime. Based on a collection of 114 ISC from different domains and sources the relevance and feasibility of the presented concepts is shown.

On evolving partitioned Web Service orchestrations

Many researches argue that centralized Web Service (WS) orchestrations stop short in dealing with key requirements such as scalability, privacy and reliability. Consequently, fragmentation and decentralization have been proposed to overcome these limitations. In detail, the centralized orchestration is fragmented into behaviorally equivalent distributed partitions such that their combined execution recreates the function of the original orchestration. However, the evolving nature of business processes created the need for an efficient change support. Since the decentralization leads to the distribution of the activities, the control and data flows, it becomes difficult to specify the changes directly on the derived partitions. Therefore, it is more judicious to specify the changes on the centralized orchestration model and propagate them to the derived partitions. In this paper, we propose a comprehensive change framework for partitioned WS orchestration scenarios and demonstrate how to specify and propagate the changes from the centralized model to its resulting decentralized partitions.

Predicting change propagation impacts in collaborative business processes

During the life cycle of a Business-to-Business (B2B) collaboration, companies may need to redesign or change parts of their service orchestrations. A change request proposed by one partner will, in most cases, result in changes to other partner orchestration. An accurate prediction of the behavior of a change request and an analysis of its impacts on the collaboration allows to avoid significant costs related to unsuccessful propagation, e.g. negotiation fail. This paper focuses on predicting the likelihood of a change request propagation as well as its ripple effects on the overall collaboration. To estimate these values, the approach analyses the collaboration structure through a priori analysis. We will show how the prediction models can be specified and implemented within a proof-of-concept prototype. Discussion will be provided on visualization possibilities and model validation.

Detecting the Effects of Changes on the Compliance of Cross-Organizational Business Processes

An emerging challenge for collaborating business partners is to properly define and evolve their cross-organizational processes with respect to imposed global compliance rules. Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial. Opposed to intra-organizational processes, however, change effects cannot be easily assessed in such distributed scenarios, where partners only provide restricted public views and assertions on their private processes. Even if local process changes are invisible to partners, they might affect the compliance of the cross-organizational process with the mentioned rules. This paper provides an approach for ensuring compliance when evolving a cross-organizational process. For this purpose, we construct qualified dependency graphs expressing relationships between process activities, process assertions, and compliance rules. Based on such graphs, we are able to determine the subset of compliance rules that might be affected by a particular change. Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings.