Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems

  • Tan Phan
  • Jun Han
  • Jean-Guy Schneider
  • Kirk Wilson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5364)


Enterprise software systems play an essential role in an organization’s business operation. Many business rules and regulations governing an organization’s operation can be translated into quality requirements of the relevant software systems, such as security, availability, and manageability. For systems implemented using Web Services, the specification and management of these qualities in the form of Web Service policies are often complicated and difficult to be aligned with the initial business requirements. In this paper, we introduce the Hope (High-Level Objective-based Policy for Enterprises) framework that supports, in a systematic manner, the specification of quality-oriented policies at the business level and their refinement into policies at the system/service level. Quality-oriented business requirements are expressed in Hope as quality objectives applied to business entities and further refined or translated into system-level WS-Policy statements. The refinement relies on an application-specific business entity model and application-independent domain quality models. We demonstrate the approach with a case study involving policy specification and refinement in the security domain.


Service Level Agreement Quality Objective Business Rule Business Policy Security Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Sarbanes, P.: Sarbanes-Oxley Act of 2002. The Public Company Accounting Reform and Investor Protection Act. Washington, DC, US Congress (2002)Google Scholar
  2. 2.
    Basel, I.: Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework (2004)Google Scholar
  3. 3.
    O’Brien, L., Merson, P., Bass, L.: Quality attributes for service-oriented architectures. In: SDSOA 2007: Proceedings of the International Workshop on Systems Development in SOA Environments, Washington, DC, USA, p. 3. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  4. 4.
    Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Langworthy, D., Malhotra, A., et al.: Web Services Policy Framework (WS-Policy). Version 1(2), 2003–2006 (2006)Google Scholar
  5. 5.
    America, Bank secrecy act of 1970 (1970)Google Scholar
  6. 6.
    Australia, Privacy act 1988 (1988)Google Scholar
  7. 7.
    Bücker, A.: ITS Organization IBM Corporation, Understanding SOA Security Design and Implementation. (2005)Google Scholar
  8. 8.
    Nadalin, A., Kaler, C., Hallam-Baker, P., Monzillo, R., et al.: Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard 200401 (2004)Google Scholar
  9. 9.
    Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    I. JTC, SC27/WG3. Common Criteria for Information Technology Security Evaluation (1998)Google Scholar
  11. 11.
    Khan, K.M., Han, J.: Assessing Security Properties of Software Components: A Software Engineer’s Perspective. In: Han, J., Staples, M. (eds.) Proceedings of the 17th Australian Software Engineering Conference (ASWEC 2006), Sydney, Australia, pp. 199–208. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  12. 12.
    Meier, J., Mackman, A., Dunner, M., Vasireddy, S.: Building Secure ASP .NET Applications: Authentication, Authorization, and Secure Communication. Microsoft Patterns and Practices. Microsoft Corporation, pp. 354–362 (2002)Google Scholar
  13. 13.
    Steel, C., Nagappan, R., Lai, R.: Core Security Patterns. Prentice-Hall, Englewood Cliffs (2006)Google Scholar
  14. 14.
    McIntosh, M., Gudgin, M., Morrison, K., Barbir, A.: Basic Security Profile Version 1.0. WS-I Standard 30 (2007)Google Scholar
  15. 15.
    Kaler, C., Nadalin, A., et al.: Web Services Security Policy Language (WS-SecurityPolicy) (2005)Google Scholar
  16. 16.
    Akkiraju, R., Farrell, J., Miller, J., Nagarajan, M., Schmidt, M., Sheth, A., Verma, K.: Web Service Semantics-WSDL-S, W3C Member Submission (2005)Google Scholar
  17. 17.
    Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Malhotra, A., Maruyama, H., et al.: Web Services Policy Attachment (WS-PolicyAttachment), W3C Member Submission (April 2006)Google Scholar
  18. 18.
    Keller, A., Ludwig, H.: The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management 11(1), 57–81 (2003)CrossRefGoogle Scholar
  19. 19.
    Lamanna, D., Skene, J., Emmerich, W.: SLAng: A Language for Defining Service Level Agreements. In: Proc. of the 9th IEEE Workshop on Future Trends in Distributed Computing Systems-FTDCS, pp. 100–106 (2003)Google Scholar
  20. 20.
    Orriens, B., Yang, J., Papazoglou, M.P.: A Framework for Business Rule Driven Web Service Composition. In: Jeusfeld, M.A., Pastor, Ó. (eds.) ER Workshops 2003. LNCS, vol. 2814, pp. 52–64. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Horrocks, I., Patel-Schneider, P., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML, W3C Member Submission (2004)Google Scholar
  22. 22.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: Kaos policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), June 2003, pp. 93–96 (2003)Google Scholar
  24. 24.
    Phan, T., Han, J., Schneider, J.-G., Ebringer, T., Rogers, T.: A Survey of Policy-Based Management Approaches for Service Oriented Systems. In: Hussain, F.K., Chang, E. (eds.) Proceedings of the 19th Australian Software Engineering Conference (ASWEC 2008), Perth, Australia, pp. 392–401. IEEE Computer Society Press, Los Alamitos (2008)CrossRefGoogle Scholar
  25. 25.
    Wada, H., Suzuki, J., Oba, K.: A Model-Driven Development Framework for Non-Functional Aspects in Service Oriented Architecture. International Journal of Web Services Research 5(4), 1–31 (2008)CrossRefGoogle Scholar
  26. 26.
    Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-Driven Security based on a Web Services Security Architecture. In: Proceedings of International Conference on Services Computing, July 2005, pp. 7–15 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tan Phan
    • 1
  • Jun Han
    • 1
  • Jean-Guy Schneider
    • 1
  • Kirk Wilson
    • 2
  1. 1.Faculty of Information & Communication TechnologiesSwinburne University of TechnologyHawthornAustralia
  2. 2.CA Labs, One CA PlazaIslandiaUSA

Personalised recommendations