MC-Cube: Mastering Customizable Compliance in the Cloud

  • Tobias Anstett
  • Dimka Karastoyanova
  • Frank Leymann
  • Ralph Mietzner
  • Ganna Monakova
  • Daniel Schleicher
  • Steve Strauch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5900)


Outsourcing parts of a company’s processes becomes more and more important in a globalized, distributed economy. While architectural styles and technologies such as service-oriented architecture and Web services facilitate the distribution of business process over several departments, enterprises and countries, these business processes still need to comply with various regulations. These regulations can be company regulations, national, or international regulations. When outsourcing IT-functions, enterprises must ensure that the overall regulations are met. Therefore they need evidence from their outsourcing partners that supports the proof of compliance to regulations. Furthermore it must be possible to enforce the adherence to compliance rules at partners. In this paper we introduce so-called compliance interfaces that can be used by customers to subscribe to evidence at a provider and to enforce regulations at a provider. We introduce a general compliance architecture that allows compliance to be monitored and enforced at services deployed in any emerging cloud delivery model.


Business Process Service Composition Enforcement Action Process Instance Complex Event Processing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrawal, R., Gunopulos, D., Leymann, F.: Mining Process Models from Workflow Logs. In: Schek, H.-J., Saltor, F., Ramos, I., Alonso, G. (eds.) EDBT 1998. LNCS, vol. 1377, p. 469. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Anstett, T., Leymann, F., Mietzner, R., Strauch, S.: Towards BPEL in the Cloud: Exploiting Different Delivery Models for the Execution of Business Processes. In: IWCS 2009 (2009)Google Scholar
  3. 3.
    Basel Committee on Banking Supervision. International Convergence of Capital Measurement and Capital Standards (2006)Google Scholar
  4. 4.
    Danylevych, O., Karastoyanova, D., Leymann, F.: Optimal Stratification of Transactions. In: ICWS 2009 (2009)Google Scholar
  5. 5.
    Flegel, U., Kerschbaum, F., Miseldine, P., Monakova, G., Wacker, R., Leymann, F.: Insider Threats in Cybersecurity - And Beyond. Springer, Heidelberg (to Appear, 2009)Google Scholar
  6. 6.
    Gordon, J.W., Appelbe, E.: Dale and Appelbe’s pharmacy law and ethics. Pharmaceutical Press (2005)Google Scholar
  7. 7.
    Karastoyanova, D., Khalaf, R., Schroth, R., Paluszek, M., Leymann, F.: BPEL Event Model. Technical Report Computer Science 2006/10Google Scholar
  8. 8.
    Karastoyanova, D., Leymann, F.: BPEL’n’Aspects: Adapting Service Orchestration Logic. In: ICWS 2009 (2009)Google Scholar
  9. 9.
    Karastoyanova, D., Leymann, F., Nitzsche, J., Wetzstein, B., Wutke, D.: Parameterized BPEL Processes: Concepts and Implementation. In: IWCS 2009 (2009)Google Scholar
  10. 10.
    Khalaf, R., Karastoyanova, D., Leymann, F.: Pluggable Framework for Enabling the Execution of Extended BPEL Behavior. In: WESOA 2007 (2007)Google Scholar
  11. 11.
    Khalaf, R., Leymann, F.: A Role-based Decomposition of Business Processes using BPEL. In: ICWS 2006 (2006)Google Scholar
  12. 12.
    Khalaf, R., Leymann, F.: Coordination Protocols for Split BPEL Loops and Scopes. Technical Report Computer Science 2007/01Google Scholar
  13. 13.
    Lotz, V., Pigout, E., Fischer, P.M., Kossmann, D., Massacci, F., Pretschner, A.: Towards Systematic Achievement of Compliance in Service-Oriented Architectures: The MASTER Approach. Wirtschaftsinformatik (2008)Google Scholar
  14. 14.
    Luckham, D.: The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems. Addison-Wesley Longman, Amsterdam (2002)Google Scholar
  15. 15.
    Mietzner, R., Leymann, F.: Generation of BPEL Customization Processes for SaaS Applications from Variability Descriptors. In: IEEE SCC (2008)Google Scholar
  16. 16.
    OASIS. Web Services Business Process Execution Language Version 2.0 – OASIS Standard (2007)Google Scholar
  17. 17.
    OASIS. Web Services Business Activity (WS-BusinessActivity) Version 1.2 – OASIS Standard (2009)Google Scholar
  18. 18.
    Reichert, M., Dadam, P.: ADEPT flex - Supporting Dynamic Changes of Workflows Without Loosing Control. Journal of Intelligent Information Systems (1998)Google Scholar
  19. 19.
    Reichert, M.U., Rinderle, S.B.: On Design Principles for Realizing Adaptive Service Flows with BPEL. In: EMISA 2006 (2006)Google Scholar
  20. 20.
    Sarbanes, P., Oxley, M.: Sarbanes-Oxley Act of 2002. The Public Company Accounting Reform and Investor Protection Act. Washington DC: US Congress (2002)Google Scholar
  21. 21.
    The European Parliament and the Council of the European Union. Directive 2001/83/EC of the European Parliament and the Council. Official Journal of the European Communities 311 (2001)Google Scholar
  22. 22.
    van der Aalst, W.M.P., van Dongen, B.F., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.M.M.: Workflow mining: A survey of issues and approaches. Data Knowl. Eng. (2003)Google Scholar
  23. 23.
    van der Aalst, W.M.P., Weijters, A.J.M.M., Maruster, L.: Workflow Mining: Discovering Process Models from Event Logs. IEEE Transactions on Knowledge and Data Engineering (2004)Google Scholar
  24. 24.
    van Lessen, T., Leymann, F., Mietzner, R., Nitzsche, J., Schleicher, D.: A Management Framework for WS-BPEL. In: ECOWS 2008 (2008)Google Scholar
  25. 25.
    Weerawarana, S., Curbera, F., Leymann, F., Storey, T., Ferguson, D.F.: Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More. Prentice Hall PTR, Englewood Cliffs (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Tobias Anstett
    • 1
  • Dimka Karastoyanova
    • 1
  • Frank Leymann
    • 1
  • Ralph Mietzner
    • 1
  • Ganna Monakova
    • 1
  • Daniel Schleicher
    • 1
  • Steve Strauch
    • 1
  1. 1.Institute of Architecture of Application SystemsUniversity of StuttgartGermany

Personalised recommendations