A comprehensive and policy-based approach to compliance management within inter-organizational service integration platforms
Organizations increasingly need to collaborate with each other in order to achieve their business goals. To this end, software systems of different organizations have to be integrated to enable the execution of distributed operations in a coordinated way. Service orientation is the preferred approac...
Gardado en:
| Autor Principal: | |
|---|---|
| Formato: | doctoralThesis |
| Idioma: | inglés |
| Publicado: |
2019
|
| Subjects: | |
| Acceso en liña: | https://hdl.handle.net/20.500.12008/34980 |
| Tags: |
Sen Etiquetas, Sexa o primeiro en etiquetar este rexistro!
|
| Summary: | Organizations increasingly need to collaborate with each other in order to achieve their business goals. To this end, software systems of different organizations have to be integrated to enable the execution of distributed operations in a coordinated way. Service orientation is the preferred approach to carry out this integration, leading to large-scale, service-oriented systems which interconnect software systems of different, autonomous and geographically distributed organizations sharing common goals. Such integrated service-oriented environments may be supported by integration platforms, which are specialized middleware-based infrastructures providing connectivity and mediation capabilities in order to facilitate the integration of heterogeneous systems, in particular, in inter-organizational contexts. This way, systems in different organizations communicate with each other by invoking services through the platform via message exchanges, which may be processed by integration solutions (e.g. including transformations) in order to solve heterogeneity issues. In turn, compliance management is gaining increasing interest in these collaborative environments be- cause of the large number of regulations that have emerged during the last decades, which may affect not only each organization but also the entire inter-organizational system. Compliance management aims to ensure that organizations act in accordance with multiple established regulations (e.g. laws, techni- cal standards), which introduce compliance requirements that may affect inter-organizational message exchanges and may concern different areas such as quality of service, data quality and data protection. Controlling compliance requirements (i.e. assessing their fulfillment and acting accordingly) is a major issue in these scenarios because any compliance violation may lead to the malfunction of the whole inter-organizational system as well as to organizations facing litigation risks, criminal and financial penalties, and losses of reputation. Organizations are therefore required to develop compliance solutions within their systems in order to carry out this control. In addition, integration platforms constitute a convenient infrastructure for automating the control of compliance requirements affecting message exchanges between organizations (e.g. an integration solu- tion may remove sensitive data from messages in order to comply with data protection laws). However, as integration platforms provide general purpose mediation mechanisms, compliance control solutions are usually developed from scratch and in a per case basis, which hinders their implementation agility, maintainability and reuse as well as the chance of dealing with compliance issues affecting the inte- grated systems in a holistic way. This thesis proposes a comprehensive and policy-based approach to compliance management within inter-organizational service integration platforms. The approach extends and complements existing work in the field by: i) managing compliance in a comprehensive way (i.e. along the whole life cycle and across different compliance areas), ii) providing solutions for scenarios in which organizations collaborate through an integration platform via service-based interactions, iii) focusing on requirements affecting inter-organizational interactions, and iv) controlling requirements by leveraging integration platforms capabilities and policy-based mechanisms. The main elements of the proposal are a compliance management life cycle, a conceptual framework, and a compliance management system. The life cycle comprises four main phases: setup, engineering, control and analysis. The conceptual framework enables the homogeneous management of the differ- ent elements of the approach, along the whole life cycle and across different compliance areas. The compliance management system leverages the conceptual framework and extends integration platforms capabilities in order to support all the phases of the compliance management life cycle. The proposal focuses on the runtime compliance control solution of this system, which consists of a compliance pol- icy language, a system-level compliance control (SCC) subsystem, a business-level compliance control (BCC) subsystem and a formal model of the SCC subsystem. The proposed approach is assessed through: i) the development of a case study within a real world e-government scenario, ii) its support to address common compliance requirements and functionalities identified in existing work, iii) the development and operation of prototypes, and iv) the formal model of the SCC subsystem. This assessment enables us to confirm the comprehensiveness of the approach, the technical feasibility of the proposed solutions and the correct operation of the SCC subsystem in different usage scenarios based on its formalization. |
|---|