Publications in Scientific Journals:
H. Tran, U. Zdun, T. Holmes, E. Oberortner, E. Mulo, S. Dustdar:
"Compliance in service-oriented architectures: A model-driven and view-based approach";
Information and Software Technology,
Volume 54
(2012),
Issue 6;
531
- 552.
English abstract:
Context: Ensuring software systems conforming to multiple sources of relevant policies, laws, and regulations is significant because the consequences of infringement can be serious. Unfortunately, this goal is hardly achievable due to the divergence and frequent changes of compliance sources and the differences in perception and expertise of the involved stakeholders. In the long run, these issues lead to problems regarding complexity, understandability, maintainability, and reusability of compliance concerns.
Objective: In this article, we present a model-driven and view-based approach for addressing problems related to compliance concerns. Method: Compliance concerns are represented using separate view models. This is achieved using domain-specific languages (DSLs) that enable non-technical and technical experts to formulate only the excerpts of the system according to their expertise and domain knowledge. The compliance implementations, reports, and documentation can be automatically generated from the models. The applicability of our approach has been validated using an industrial case study. Results: Our approach supports stakeholders in dealing with the divergence of multiple compliance sources. The compliance controls and relevant reports and documentation are generated from the models and hence become traceable, understandable, and reusable. Because the generated artifacts are associated with the models, the compliance information won´t be lost as the system evolves. DSLs and view models convey compliance concerns to each stakeholder in a view that is most appropriate for his/her current work task.
Conclusions: Our approach lays a solid foundation for ensuring conformance to relevant laws and regulations. This approach, on the one hand, aims at addressing the variety of expertise and domain knowledge of stakeholders. On the other hand, it also aims at ensuring the explicit links between compliance sources and the corresponding implementations, reports, and documents for conducting many important tasks such as root cause analysis, auditing, and governance.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.1016/j.infsof.2012.01.001
Related Projects:
Project Head Schahram Dustdar:
Compliance-driven Models, Languages, and Architectures for Services
Project Head Schahram Dustdar:
INDENICA
Created from the Publication Database of the Vienna University of Technology.