Abstract
Enterprise software systems play an essential role in an organization’s business operation. Many business rules and regulations governing an organization’s operation can be translated into quality requirements of the relevant software systems, such as security, availability, and manageability. For systems implemented using Web Services, the specification and management of these qualities in the form of Web Service policies are often complicated and difficult to be aligned with the initial business requirements. In this paper, we introduce the Hope (High-Level Objective-based Policy for Enterprises) framework that supports, in a systematic manner, the specification of quality-oriented policies at the business level and their refinement into policies at the system/service level. Quality-oriented business requirements are expressed in Hope as quality objectives applied to business entities and further refined or translated into system-level WS-Policy statements. The refinement relies on an application-specific business entity model and application-independent domain quality models. We demonstrate the approach with a case study involving policy specification and refinement in the security domain.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Sarbanes, P.: Sarbanes-Oxley Act of 2002. The Public Company Accounting Reform and Investor Protection Act. Washington, DC, US Congress (2002)
Basel, I.: Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework (2004)
O’Brien, L., Merson, P., Bass, L.: Quality attributes for service-oriented architectures. In: SDSOA 2007: Proceedings of the International Workshop on Systems Development in SOA Environments, Washington, DC, USA, p. 3. IEEE Computer Society, Los Alamitos (2007)
Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Langworthy, D., Malhotra, A., et al.: Web Services Policy Framework (WS-Policy). Version 1(2), 2003–2006 (2006)
America, Bank secrecy act of 1970 (1970)
Australia, Privacy act 1988 (1988)
Bücker, A.: ITS Organization IBM Corporation, Understanding SOA Security Design and Implementation. Books24x7.com (2005)
Nadalin, A., Kaler, C., Hallam-Baker, P., Monzillo, R., et al.: Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard 200401 (2004)
Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005)
I. JTC, SC27/WG3. Common Criteria for Information Technology Security Evaluation (1998)
Khan, K.M., Han, J.: Assessing Security Properties of Software Components: A Software Engineer’s Perspective. In: Han, J., Staples, M. (eds.) Proceedings of the 17th Australian Software Engineering Conference (ASWEC 2006), Sydney, Australia, pp. 199–208. IEEE Computer Society Press, Los Alamitos (2006)
Meier, J., Mackman, A., Dunner, M., Vasireddy, S.: Building Secure ASP .NET Applications: Authentication, Authorization, and Secure Communication. Microsoft Patterns and Practices. Microsoft Corporation, pp. 354–362 (2002)
Steel, C., Nagappan, R., Lai, R.: Core Security Patterns. Prentice-Hall, Englewood Cliffs (2006)
McIntosh, M., Gudgin, M., Morrison, K., Barbir, A.: Basic Security Profile Version 1.0. WS-I Standard 30 (2007)
Kaler, C., Nadalin, A., et al.: Web Services Security Policy Language (WS-SecurityPolicy) (2005)
Akkiraju, R., Farrell, J., Miller, J., Nagarajan, M., Schmidt, M., Sheth, A., Verma, K.: Web Service Semantics-WSDL-S, W3C Member Submission (2005)
Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Malhotra, A., Maruyama, H., et al.: Web Services Policy Attachment (WS-PolicyAttachment), W3C Member Submission (April 2006)
Keller, A., Ludwig, H.: The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management 11(1), 57–81 (2003)
Lamanna, D., Skene, J., Emmerich, W.: SLAng: A Language for Defining Service Level Agreements. In: Proc. of the 9th IEEE Workshop on Future Trends in Distributed Computing Systems-FTDCS, pp. 100–106 (2003)
Orriens, B., Yang, J., Papazoglou, M.P.: A Framework for Business Rule Driven Web Service Composition. In: Jeusfeld, M.A., Pastor, Ó. (eds.) ER Workshops 2003. LNCS, vol. 2814, pp. 52–64. Springer, Heidelberg (2003)
Horrocks, I., Patel-Schneider, P., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML, W3C Member Submission (2004)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: Kaos policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), June 2003, pp. 93–96 (2003)
Phan, T., Han, J., Schneider, J.-G., Ebringer, T., Rogers, T.: A Survey of Policy-Based Management Approaches for Service Oriented Systems. In: Hussain, F.K., Chang, E. (eds.) Proceedings of the 19th Australian Software Engineering Conference (ASWEC 2008), Perth, Australia, pp. 392–401. IEEE Computer Society Press, Los Alamitos (2008)
Wada, H., Suzuki, J., Oba, K.: A Model-Driven Development Framework for Non-Functional Aspects in Service Oriented Architecture. International Journal of Web Services Research 5(4), 1–31 (2008)
Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-Driven Security based on a Web Services Security Architecture. In: Proceedings of International Conference on Services Computing, July 2005, pp. 7–15 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Phan, T., Han, J., Schneider, JG., Wilson, K. (2008). Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds) Service-Oriented Computing – ICSOC 2008. ICSOC 2008. Lecture Notes in Computer Science, vol 5364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89652-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-89652-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89647-0
Online ISBN: 978-3-540-89652-4
eBook Packages: Computer ScienceComputer Science (R0)