Your SlideShare is downloading. ×
License DSL translation in COMPAS framework
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

License DSL translation in COMPAS framework

641
views

Published on

This presentation was presented in Virtual goods conference 2010 against the paper submitted by the authors. In the paper author presented a case study in the framework of …

This presentation was presented in Virtual goods conference 2010 against the paper submitted by the authors. In the paper author presented a case study in the framework of COMPAS(http://www.compas-ict.eu/), a research project focused on supporting compliance monitoring and verification in service based systems. In the paper, authors also illustrated how we translate high-level service licenses (specified in Open Digital Rights Language for Services (ODRL-S)) to low-level rules for verifying the compliance requirements at runtime. Authors have validated their approach by architecting a compliance driven service oriented system, where at runtime business processes are monitored for compliance.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
641
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Software licenses
  • Service license different than software licenses Reference of GR’s paper..
  • Compliance governance has been gaining importance in organizations because of new regulations appeared recently (e.g., Sarbanes-Oxley Act, Basel III, Solvency II), non-compliance bringing money loss and reputation damage, and the diversity of compliance sources: business owners consider legislature and regulatory bodies, standards and codes of practice, business partner contracts. Existing approaches rarely deal with different types of compliance sources and cover only few steps of the compliance governance.
  • Two pictures..
  • Compliance-driven Models, Languages, and Architectures for Services
  • Transcript

    • 1. From ODRL-S to Low-level DSL: A Case Study Based on License Compliance in Service Oriented Systems
      Soudip Roy Chowdhury1
      G.R. Gangadharan2, Patrcia Silveira1, Vincenzo D’Andrea1
      1 University Of Trento, Italy
      2 Politecnico Di Milano, Italy
      Virtual Goods 2010,Namur , Belgium 1st October,2010
    • 2. License
      2
    • 3. Service License
      http://odrl.net/Profiles/Services/
      3
    • 4. Service License
      Defines Terms and conditions for usage of service.
      Limit the liability of service provider in case of failure.
      4
    • 5. Compliance Requirement - COMPAS
      http://www.compas-ict.eu/
      5
    • 6. Compliance Governance Runtime Architecture
      6
    • 7. License requirements in COMPAS
      7
    • 8. Conceptual model for compliance management
      8
    • 9. Runtime License verification framework
      9
    • 10. Challenges
      How to associate high-level license concerns(constraints) with the low-level events ( actions)-
      Which low level rules can address the license concerns in Watch-me scenario -
      What is the best strategy for translating ODRL-S license to ESPER rules-
      Bringing IT-Experts into the loop
      Creating ESPER rule template
      Patterns based translation strategy
      10
    • 11. ODRL-S to ESPER rules
      Research challenge 1
      & 2
      ITExperts
      DomainExperts
      Provide low-level process/event information with which license would be attached to, also writes the translation template
      Write license in ODRL-S format
      DesignTime
      Research challenge 3
      Low-level rules (e,g ESPER rule)
      License Translator
      Event Processing Engine (e.g ESPER CEP Server)
      Notifies violation
      Event Processing engine checks the license concern against events,
      infers about the compliance of the system
      Sends Event Information
      CEP online monitor/ Event log
      Business Process Engine
      Run Time
      11
    • 12. License Translator
      License Pattern
      Esper Rule Template
      License Translator
      Esper Rule
      12
    • 13. License Translator contd..
                       
      Writes ODRL-S based license
      Domain Experts
      <o-ex:permission>
         <o-dd:play>
      .
      .
      .
      .
      .
      .
        
       </o-dd:play>
      </o-ex:permission>
       .
      <wm:event name="WatchMeGetVideoStreamEvent">
      .
      .
      .
      </wm:event>
      Provides low level information
      IT Experts
      ODRL-S Pattern
      13
    • 14. License Translator contd..
      create window
      PayPerViewWindow.win
      ..
      from WatchMeGetVideoStreamEvent
      Low level rules in the intermediate format
      Provides
      IT Experts
      Esper Rule Template
      • License Translator looks for specific ODRL-S license pattern, finds the corresponding low -level rule from the rule template.
      • 15. Associates them together and produce low-level rule which are consumed by ESPER Event processing engine for runtime compliance checking.
      14
    • 16. Pay Per View plan in WatchMe scenario 
      .
      .
      .
      <o-ex:permission>
                        <o-dd:play>
      <wm:event name="WatchMeGetVideoStreamEvent">
                                          <o-ex:requirement>
                                          <wm:plan>
                                          <wm:type>Pay-per-view plan</wm:type>
                                          </wm:plan>
                                           <o-dd:prepay>
                                                <o-dd:payment>
                                                        <o-dd:amounto-dd:currency="EUR">29.90</o-dd:amount>
                                                 </o-dd:payment>
                                             </o-dd:prepay>
                                          </o-ex:requirement>
                                              <o-ex:constraint>
                                                    <o-dd:unito-ex:type="watchMe:NumberOfStreams" />
                                                    <o-dd:count>300</o-dd:count>
                                             </o-ex:constraint>
      </wm:event>
                        </o-dd:play>
             </o-ex:permission>
       .
      .
      .
      15
    • 17. License Translator generated Esper rule for Pay-per-view plan
      <?xml version="1.0" encoding="UTF-8" ?>
      <license>
      <ServiceUID> urn: watchMe:service: watchMe-Provider1-PerUse_service</ServiceUID>
      <PlanType>Pay-per-view plan</PlanType>
      <amount>29.90</amount>
      <unit>watchMe:NumberOfStreams</unit>
      <count>300</count>
      <esper>
      <rule1>create window PayPerViewWindow.win:keepall().std:unique(SessionID) as select SessionID, RequesterID from WatchMeGetVideoStreamEvent</rule1>
      <rule2>select count(*) from PayPerViewWindow</rule2>
      </esper>
      </license>
      Low level rules intermediate form
      16
    • 18. Conclusion and Future work
      Currently translation is pattern-based mapping
      This is not efficient for more generic translation
      In future we will also explore on the possibility of semantic based mapping ( semantic mapping between event concepts and license concepts).
      17
    • 19. References
      1. Classen, W.: Fundamentals of Software Licensing. IDEA: The Journal of Law and Technology 37(1) (1996)
      2. Papazoglou, M.P.: Web Services: Principles and Technology. Pearson, Prentice Hall (2008)
      3. Gangadharan, G.R., D’Andrea, V.: Licensing Services: Formal Analysis and Im- plementation. In: Proceedings of the Fourth International Conference on Service Oriented Computing (ICSOC’06), Chicago, USA. (2006) 365–377
      4. Gangadharan, G.R., D’Andrea, V., Iannella, R., Weiss, M.: ODRL Service Licensing Profile (ODRL-S). In: Virtual Goods: Technology, Economy, and Legal Aspects. Nova Publishers, USA (2008)
      5. Bellamy, R.K.E., Erickson, T., Fuller, B., Kellogg, W.A., Rosenbaum, R., Thomas, J.C., Wolf, T.V.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2) (2007) 205–218
      6. Silveira,P.,Rodrguez,C.,Casati,F.,Daniel,F.,D’Andrea,V.,Worledge,C.,Taheri, Z.: On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management. In: Proceedings of NFPSLAM-SOC’09. (2009)
      18
    • 20. Thank you
      19
    • 21. Licensing clause-pay-per view plan
      20
    • 22. Translation Templates
      compositionTemplate =<rule1> create window CompositionWindow$.win:keepall().std:unique(SessionID) as select SessionID,properties.property[1] from pattern [ every (Event (name= $event1_name AND properties.property[2].value= $video_ProviderID ) AND Event (name=$event2_name AND properties.property[2].value =$audio_ProviderID))] </rule1>
      timeTemplate = <rule1> create window TimebasedWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_namewhere($start_Time > current_timestamp()) or (current_timestamp() >$end_Time) </rule1>
      countTemplate = <rule1>create window PayPerViewWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_name </rule1><rule2>select count(*) from PayPerViewWindow$ where count(*) > $count </rule2>
      21