Compliance by design for artifact-centric business processes

Compliance to legal regulations, internal policies, or best practices is becoming a more and more important aspect in business processes management. Compliance requirements are usually formulated in a set of rules that can be checked during or after the execution of the business process, called compliance by detection. If noncompliant behavior is detected, the business process needs to be redesigned. Alternatively, the rules can be already taken into account while modeling the business process to result in a business process that is compliant by design. This technique has the advantage that a subsequent verification of compliance is not required. This paper focuses on compliance by design and employs an artifact-centric approach. In this school of thought, business processes are not described as a sequence of tasks to be performed (i.e., imperatively), but from the point of view of the artifacts that are manipulated during the process (i.e., declaratively). We extend the artifact-centric approach to model compliance rules and show how compliant business processes can be synthesized automatically.

[1]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[2]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[3]  Wil M. P. van der Aalst,et al.  The Application of Petri Nets to Workflow Management , 1998, J. Circuits Syst. Comput..

[4]  Niels Lohmann,et al.  Artifact-Centric Modeling Using BPMN , 2011, ICSOC Workshops.

[5]  Niels Lohmann Compliance by Design for Artifact-Centric Business Processes , 2011, BPM.

[6]  Harald C. Gall,et al.  Consistency of business process models and object life cycles , 2006, MoDELS'06.

[7]  Richard Hull,et al.  Introducing the Guard-Stage-Milestone Approach for Specifying Business Entity Lifecycles , 2010, WS-FM.

[8]  Luciano Lavagno,et al.  Petrify: A Tool for Manipulating Concurrent Specifications and Synthesis of Asynchronous Controllers (Special Issue on Asynchronous Circuit and System Design) , 1997 .

[9]  Lutz Lowis,et al.  A Classification Model for Automating Compliance , 2008, 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services.

[10]  Diego Calvanese,et al.  Foundations of Relational Artifacts Verification , 2011, BPM.

[11]  Grigore Rosu,et al.  Testing Linear Temporal Logic Formulae on Finite Execution Traces , 2001 .

[12]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[13]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[14]  Natalia Sidorova,et al.  Can I find a partner? Undecidability of partner existence for open nets , 2008, Inf. Process. Lett..

[15]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[16]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[17]  Niels Lohmann,et al.  Wendy: A Tool to Synthesize Partners for Services , 2011, Fundam. Informaticae.

[18]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[19]  Mathias Weske,et al.  Visually specifying compliance rules and explaining their violations for business processes , 2011, J. Vis. Lang. Comput..

[20]  Dirk Fahland,et al.  Instantaneous Soundness Checking of Industrial Business Process Models , 2009, BPM.

[21]  Francisco Curbera,et al.  Web Services Business Process Execution Language Version 2.0 , 2007 .

[22]  Niels Lohmann,et al.  Behavioral Constraints for Services , 2007, BPM.

[23]  Karsten Wolf,et al.  Does My Service Have Partners? , 2009, Trans. Petri Nets Other Model. Concurr..

[24]  Mordechai Ben-Ari,et al.  The temporal logic of branching time , 1981, POPL '81.

[25]  Stephan Mennicke,et al.  The Petri Net API A Collection of Petri Net-related Functions , 2010, AWPN.

[26]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[27]  Niels Lohmann,et al.  Artifact-Centric Choreographies , 2010, ICSOC.

[28]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[29]  Ahmed Awad,et al.  BPMN-Q: A Language to Query Business Processes , 2007, EMISA.

[30]  Niels Lohmann,et al.  Why Does My Service Have No Partners? , 2009, WS-FM.

[31]  James L. Peterson,et al.  Petri Nets , 1977, CSUR.

[32]  Wil M. P. van der Aalst,et al.  DecSerFlow: Towards a Truly Declarative Service Flow Language , 2006, WS-FM.

[33]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[34]  J. C. Cannon,et al.  Compliance Deconstructed , 2006, ACM Queue.

[35]  Niels Lohmann,et al.  Fully-automatic Translation of Open Workflow Net Models into Simple Abstract BPEL Processes , 2008, Modellierung.