From ODRL-S to Low-level DSL: A Case Study Based on License Compliance in Service Oriented Systems<br />Soudip Roy Chowdhu...
License<br />2<br />
Service License<br />http://odrl.net/Profiles/Services/<br />3<br />
Service License<br />Defines Terms and conditions for usage of service.<br />Limit the liability of service provider in ca...
Compliance Requirement - COMPAS<br />http://www.compas-ict.eu/<br />5<br />
Compliance Governance Runtime Architecture<br />6<br />
License requirements in COMPAS<br />7<br />
Conceptual model for compliance management<br />8<br />
Runtime License verification framework<br />9<br />
Challenges<br />How to associate high-level license concerns(constraints) with the low-level events ( actions)- <br />Whic...
ODRL-S to ESPER rules<br />Research challenge 1<br />& 2<br />ITExperts<br />DomainExperts<br />Provide low-level process/...
License Translator<br />License Pattern<br />Esper Rule Template<br />License Translator<br />Esper Rule<br />12<br />
License Translator contd..<br />                 <br />Writes ODRL-S based license<br />Domain Experts <br /><o-ex:permiss...
License Translator contd..<br />create window <br />PayPerViewWindow.win<br />..<br />from WatchMeGetVideoStreamEvent<br /...
 Associates them together and produce low-level rule which are consumed by ESPER Event processing engine for runtime compl...
Pay Per View plan in WatchMe scenario <br />.<br />.<br />.<br /><o-ex:permission><br />                  <o-dd:play><br /...
License Translator generated Esper rule for Pay-per-view plan <br /><?xml version="1.0" encoding="UTF-8" ?><br /><license>...
Conclusion and Future work<br />Currently translation is pattern-based mapping <br /> This is not efficient for more gener...
References<br />1. Classen, W.: Fundamentals of Software Licensing. IDEA: The Journal of Law and Technology 37(1) (1996)<b...
Thank you<br />19<br />
Licensing clause-pay-per view plan<br />20<br />
Upcoming SlideShare
Loading in …5
×

License DSL translation in COMPAS framework

853 views

Published on

This presentation was presented in Virtual goods conference 2010 against the paper submitted by the authors. In the paper author presented a case study in the framework of COMPAS(http://www.compas-ict.eu/), a research project focused on supporting compliance monitoring and verification in service based systems. In the paper, authors also illustrated how we translate high-level service licenses (specified in Open Digital Rights Language for Services (ODRL-S)) to low-level rules for verifying the compliance requirements at runtime. Authors have validated their approach by architecting a compliance driven service oriented system, where at runtime business processes are monitored for compliance.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
853
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Software licenses
  • Service license different than software licenses Reference of GR’s paper..
  • Compliance governance has been gaining importance in organizations because of new regulations appeared recently (e.g., Sarbanes-Oxley Act, Basel III, Solvency II), non-compliance bringing money loss and reputation damage, and the diversity of compliance sources: business owners consider legislature and regulatory bodies, standards and codes of practice, business partner contracts. Existing approaches rarely deal with different types of compliance sources and cover only few steps of the compliance governance.
  • Two pictures..
  • Compliance-driven Models, Languages, and Architectures for Services
  • License DSL translation in COMPAS framework

    1. 1. From ODRL-S to Low-level DSL: A Case Study Based on License Compliance in Service Oriented Systems<br />Soudip Roy Chowdhury1<br /> G.R. Gangadharan2, Patrcia Silveira1, Vincenzo D’Andrea1<br />1 University Of Trento, Italy<br /> 2 Politecnico Di Milano, Italy<br />Virtual Goods 2010,Namur , Belgium 1st October,2010<br />
    2. 2. License<br />2<br />
    3. 3. Service License<br />http://odrl.net/Profiles/Services/<br />3<br />
    4. 4. Service License<br />Defines Terms and conditions for usage of service.<br />Limit the liability of service provider in case of failure. <br />4<br />
    5. 5. Compliance Requirement - COMPAS<br />http://www.compas-ict.eu/<br />5<br />
    6. 6. Compliance Governance Runtime Architecture<br />6<br />
    7. 7. License requirements in COMPAS<br />7<br />
    8. 8. Conceptual model for compliance management<br />8<br />
    9. 9. Runtime License verification framework<br />9<br />
    10. 10. Challenges<br />How to associate high-level license concerns(constraints) with the low-level events ( actions)- <br />Which low level rules can address the license concerns in Watch-me scenario - <br />What is the best strategy for translating ODRL-S license to ESPER rules- <br />Bringing IT-Experts into the loop<br />Creating ESPER rule template<br />Patterns based translation strategy<br />10<br />
    11. 11. ODRL-S to ESPER rules<br />Research challenge 1<br />& 2<br />ITExperts<br />DomainExperts<br />Provide low-level process/event information with which license would be attached to, also writes the translation template<br />Write license in ODRL-S format<br />DesignTime<br />Research challenge 3 <br />Low-level rules (e,g ESPER rule)<br />License Translator<br />Event Processing Engine (e.g ESPER CEP Server)<br />Notifies violation<br />Event Processing engine checks the license concern against events,<br />infers about the compliance of the system<br />Sends Event Information<br /> CEP online monitor/ Event log<br />Business Process Engine<br />Run Time<br />11<br />
    12. 12. License Translator<br />License Pattern<br />Esper Rule Template<br />License Translator<br />Esper Rule<br />12<br />
    13. 13. License Translator contd..<br />                 <br />Writes ODRL-S based license<br />Domain Experts <br /><o-ex:permission><br />   <o-dd:play><br />.<br />.<br />.<br />.<br />.<br />.<br />  <br /> </o-dd:play><br /></o-ex:permission><br /> .<br /><wm:event name="WatchMeGetVideoStreamEvent"><br />.<br />.<br />.<br /> </wm:event><br />Provides low level information<br />IT Experts <br />ODRL-S Pattern<br />13<br />
    14. 14. License Translator contd..<br />create window <br />PayPerViewWindow.win<br />..<br />from WatchMeGetVideoStreamEvent<br />Low level rules in the intermediate format<br />Provides<br />IT Experts <br />Esper Rule Template<br /><ul><li> License Translator looks for specific ODRL-S license pattern, finds the corresponding low -level rule from the rule template.
    15. 15. Associates them together and produce low-level rule which are consumed by ESPER Event processing engine for runtime compliance checking. </li></ul>14<br />
    16. 16. Pay Per View plan in WatchMe scenario <br />.<br />.<br />.<br /><o-ex:permission><br />                  <o-dd:play><br /> <wm:event name="WatchMeGetVideoStreamEvent"><br />                                    <o-ex:requirement><br />                                    <wm:plan><br />                                    <wm:type>Pay-per-view plan</wm:type><br />                                    </wm:plan><br />                                     <o-dd:prepay><br />                                          <o-dd:payment><br />                                                  <o-dd:amounto-dd:currency="EUR">29.90</o-dd:amount><br />                                           </o-dd:payment><br />                                       </o-dd:prepay><br />                                    </o-ex:requirement><br />                                        <o-ex:constraint><br />                                              <o-dd:unito-ex:type="watchMe:NumberOfStreams" /><br />                                              <o-dd:count>300</o-dd:count><br />                                       </o-ex:constraint><br /> </wm:event><br />                  </o-dd:play><br />       </o-ex:permission><br /> .<br /> .<br /> .<br />15<br />
    17. 17. License Translator generated Esper rule for Pay-per-view plan <br /><?xml version="1.0" encoding="UTF-8" ?><br /><license><br /><ServiceUID> urn: watchMe:service: watchMe-Provider1-PerUse_service</ServiceUID><br /><PlanType>Pay-per-view plan</PlanType><br /><amount>29.90</amount><br /><unit>watchMe:NumberOfStreams</unit><br /><count>300</count><br /><esper> <br /> <rule1>create window PayPerViewWindow.win:keepall().std:unique(SessionID) as select SessionID, RequesterID from WatchMeGetVideoStreamEvent</rule1><br /> <rule2>select count(*) from PayPerViewWindow</rule2><br /> </esper><br /></license><br />Low level rules intermediate form<br />16<br />
    18. 18. Conclusion and Future work<br />Currently translation is pattern-based mapping <br /> This is not efficient for more generic translation<br />In future we will also explore on the possibility of semantic based mapping ( semantic mapping between event concepts and license concepts).<br />17<br />
    19. 19. References<br />1. Classen, W.: Fundamentals of Software Licensing. IDEA: The Journal of Law and Technology 37(1) (1996)<br />2. Papazoglou, M.P.: Web Services: Principles and Technology. Pearson, Prentice Hall (2008)<br />3. Gangadharan, G.R., D’Andrea, V.: Licensing Services: Formal Analysis and Im- plementation. In: Proceedings of the Fourth International Conference on Service Oriented Computing (ICSOC’06), Chicago, USA. (2006) 365–377<br />4. Gangadharan, G.R., D’Andrea, V., Iannella, R., Weiss, M.: ODRL Service Licensing Profile (ODRL-S). In: Virtual Goods: Technology, Economy, and Legal Aspects. Nova Publishers, USA (2008)<br />5. Bellamy, R.K.E., Erickson, T., Fuller, B., Kellogg, W.A., Rosenbaum, R., Thomas, J.C., Wolf, T.V.: Seeing is believing: designing visualizations for managing risk and compliance. IBM Syst. J. 46(2) (2007) 205–218<br />6. Silveira,P.,Rodrguez,C.,Casati,F.,Daniel,F.,D’Andrea,V.,Worledge,C.,Taheri, Z.: On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management. In: Proceedings of NFPSLAM-SOC’09. (2009)<br />18<br />
    20. 20. Thank you<br />19<br />
    21. 21. Licensing clause-pay-per view plan<br />20<br />
    22. 22. Translation Templates<br />compositionTemplate =<rule1> create window CompositionWindow$.win:keepall().std:unique(SessionID) as select SessionID,properties.property[1] from pattern [ every (Event (name= $event1_name AND properties.property[2].value= $video_ProviderID ) AND Event (name=$event2_name AND properties.property[2].value =$audio_ProviderID))] </rule1><br />timeTemplate = <rule1> create window TimebasedWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_namewhere($start_Time > current_timestamp()) or (current_timestamp() >$end_Time) </rule1><br />countTemplate = <rule1>create window PayPerViewWindow$.win:keepall().std:unique(SessionID) as select SessionID, properties.property[1] from $event_name </rule1><rule2>select count(*) from PayPerViewWindow$ where count(*) > $count </rule2><br />21<br />

    ×