Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems

Enterprise software systems play an essential role in an organization's business operation. Many business rules and regulations governing an organization's operation can be translated into quality requirements of the relevant software systems, such as security, availability, and manageability. For systems implemented using Web Services , the specification and management of these qualities in the form of Web Service policies are often complicated and difficult to be aligned with the initial business requirements. In this paper, we introduce the Hope (High-Level Objective-based Policy for Enterprises) framework that supports, in a systematic manner, the specification of quality-oriented policies at the business level and their refinement into policies at the system/service level. Quality-oriented business requirements are expressed in Hope as quality objectives applied to business entities and further refined or translated into system-level WS-Policy statements. The refinement relies on an application-specific business entity model and application-independent domain quality models. We demonstrate the approach with a case study involving policy specification and refinement in the security domain.

[1]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[2]  Manfred A. Jeusfeld,et al.  Conceptual Modeling for Novel Application Domains , 2003, Lecture Notes in Computer Science.

[3]  Amit P. Sheth,et al.  Web Service Semantics - WSDL-S , 2005 .

[4]  Junichi Suzuki,et al.  A Model-Driven Development Framework for Non-Functional Aspects in Service Oriented Architecture , 2008, Int. J. Web Serv. Res..

[5]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[6]  Khaled M. Khan,et al.  Assessing security properties of software components: a software engineer's perspective , 2006, Australian Software Engineering Conference (ASWEC'06).

[7]  Giovanni Della-Libera,et al.  Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[8]  L. O'Brien Lero,et al.  Quality Attributes for Service-Oriented Architectures , 2007, International Workshop on Systems Development in SOA Environments (SDSOA'07: ICSE Workshops 2007).

[9]  Robert Meersman,et al.  On the Move to Meaningful Internet Systems 2004: CoopIS, DOA, and ODBASE , 2004, Lecture Notes in Computer Science.

[10]  Myong H. Kang,et al.  Security Ontology for Annotating Resources , 2005, OTM Conferences.

[11]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[12]  Michiaki Tatsubori,et al.  Model-driven security based on a Web services security architecture , 2005, 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1.

[13]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[14]  P. Sarbanes,et al.  Sarbanes-Oxley Act of 2002 , 2002 .

[15]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[16]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[17]  Wolfgang Emmerich,et al.  SLAng: a language for defining service level agreements , 2003, The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, 2003. FTDCS 2003. Proceedings..

[18]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[19]  Mark O'Neill,et al.  Web Services Security , 2003 .

[20]  Tim Ebringer,et al.  A Survey of Policy-Based Management Approaches for Service Oriented Systems , 2008, 19th Australian Conference on Software Engineering (aswec 2008).

[21]  Mike P. Papazoglou,et al.  A Framework for Business Rule Driven Web Service Composition , 2003, ER.

[22]  Heiko Ludwig,et al.  The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services , 2003, Journal of Network and Systems Management.