Compliance by Design for Artifact-Centric Business Processes

Compliance to legal regulations, internal policies, or best practices is becoming a more and more important aspect in business processes management. Compliance requirements are usually formulated in a set of rules that can be checked during or after the execution of the business process, called compliance by detection. If noncompliant behavior is detected, the business process needs to be redesigned. Alternatively, the rules can be already taken into account while modeling the business process to result in a business process that is compliant by design. This technique has the advantage that a subsequent verification of compliance is not required. This paper focuses on compliance by design and employs an artifact-centric approach. In this school of thought, business processes are not described as a sequence of tasks to be performed (i. e., imperatively), but from the point of view of the artifacts that are manipulated during the process (i. e., declaratively). We extend the artifact-centric approach to model compliance rules and show how compliant business processes can be synthesized automatically.

[1]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[2]  Niels Lohmann,et al.  Why Does My Service Have No Partners? , 2009, WS-FM.

[3]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[4]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[5]  Natalia Sidorova,et al.  Can I find a partner? Undecidability of partner existence for open nets , 2008, Inf. Process. Lett..

[6]  Karsten Wolf,et al.  Does My Service Have Partners? , 2009, Trans. Petri Nets Other Model. Concurr..

[7]  Diego Calvanese,et al.  Foundations of Relational Artifacts Verification , 2011, BPM.

[8]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[9]  Wil M. P. van der Aalst,et al.  DecSerFlow: Towards a Truly Declarative Service Flow Language , 2006, WS-FM.

[10]  Niels Lohmann,et al.  Artifact-Centric Choreographies , 2010, ICSOC.

[11]  J. C. Cannon,et al.  Compliance Deconstructed , 2006, ACM Queue.

[12]  Niels Lohmann,et al.  Fully-automatic Translation of Open Workflow Net Models into Simple Abstract BPEL Processes , 2008, Modellierung.

[13]  Niels Lohmann,et al.  Wendy: A Tool to Synthesize Partners for Services , 2010, Petri Nets.

[14]  Niels Lohmann,et al.  Artifact-Centric Modeling Using BPMN , 2011, ICSOC Workshops.

[15]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[16]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[17]  Mathias Weske,et al.  Visually specifying compliance rules and explaining their violations for business processes , 2011, J. Vis. Lang. Comput..

[18]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[19]  Mordechai Ben-Ari,et al.  The Temporal Logic of Branching Time , 1981, POPL.

[20]  Ahmed Awad,et al.  BPMN-Q: A Language to Query Business Processes , 2007, EMISA.

[21]  Harald C. Gall,et al.  Consistency of business process models and object life cycles , 2006, MoDELS'06.

[22]  Richard Hull,et al.  Introducing the Guard-Stage-Milestone Approach for Specifying Business Entity Lifecycles , 2010, WS-FM.

[23]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[24]  Grigore Rosu,et al.  Testing Linear Temporal Logic Formulae on Finite Execution Traces , 2001 .

[25]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[26]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[27]  Lutz Lowis,et al.  A Classification Model for Automating Compliance , 2008, 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services.

[28]  Luciano Lavagno,et al.  Petrify: A Tool for Manipulating Concurrent Specifications and Synthesis of Asynchronous Controllers (Special Issue on Asynchronous Circuit and System Design) , 1997 .

[29]  Dirk Fahland,et al.  Instantaneous Soundness Checking of Industrial Business Process Models , 2009, BPM.

[30]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[31]  Niels Lohmann,et al.  Behavioral Constraints for Services , 2007, BPM.