Abstract: Models have been used in various engineering fields to help managing complexity and represent information in different abstraction levels, according to specific notations and stakeholder's viewpoints. Model-Driven Engineering (MDE) gives the basic principles for the use of models as primary artefacts throughout the software development phases and presents characteristics that simplify the engineering of software in various domains, such as Enterprise Computing Systems. Hence, for its successful application, MDE processes must consider traceability practices. They help the understanding, capturing, tracking and verification of software artefacts and their relationships and dependencies with other artefacts during the software life-cycle. In this survey, we discuss the state-of-the-art in traceability approaches in MDE and assess them with respect to five general comparison criteria: representation, mapping, scalability, change impact analysis and tool support. As a complementary result, we have identified some open issues that can be better explored by traceability in MDE.

Abstract: To align an IT system with an organization's needs, it is necessary to understand the organization 's position within its environment as well as its internal configuration. In SEAM for enterprise architecture the organization is considered as a hierarchy of systems that span from business down to IT. The alignment process addresses the complete hierarchy. We illustrate the use of SEAM for enterprise architecture with an example in which a new hiring process and an IT system are developed. With this approach it is possible to train new engineers in the design of business and IT alignment. It is also possible to scope projects in a way that integrate both business and IT strategies. This enables the consideration of IT developments in an enterprise-wide context.

Abstract: In aspect-oriented modeling (AOM), a design is described using a set of design views. It is sometimes necessary to compose the views to obtain an integrated view that can be analyzed by tools. Analysis can uncover conflicts and interactions that give rise to undesirable emergent behavior. Design models tend to have complex structures and thus manual model composition can be arduous and error- prone. Tools that automate significant parts of model composition are needed if AOM is to gain industrial acceptance. One way of providing automated support for composing models written in a particular language is to define model composition behavior in the metamodel defining the language. In this paper we show how this can be done by extending the UML metamodel with behavior describing symmetric, signature-based composition of UML model elements. We also describe an implementation of the metamodel that supports systematic composition of UML class models.

Abstract: To unify similar business processes, such as processes of similar business units or similar organizations, the similarities and differences between these business processes must be detected and the differences must be resolved. This paper presents a classification that describes frequently occurring differences between business processes. This classification is helpful in the difference detection step. We discovered the differences in practice by comparing processes that we obtained from different business units in two organizations. The classification helps when merging processes in case of a merger between organizations. It also helps when merging processes to construct a standardized process and when verifying whether a party adheres to that standardized process.

Abstract: Enterprise Architecture is a model-based approach to business-oriented IT management. To promote good IT decision making, an enterprise architecture framework needs to explicate what kind of analyses it supports. Since creating enterprise architecture models is expensive and without intrinsic value, it is desirable to only create enterprise architecture models based on metamodels that support well-defined analyses. This paper suggests a metamodel derived specifically with a set of theory-based system quality analyses in mind. The ISO 9126-based theory behind the system quality analysis is introduced in the shape of an extended influence diagram. Finally, an example illustrates that our theory-based metamodel does support system quality analysis.

Abstract: Using complex event rules for capturing dependencies between business processes is an emerging trend in enterprise information systems. In previous work we have identified a set of requirements for event extensions for business process modeling languages. This paper introduces a graphical language for modeling composite events in business processes, namely BEMN, that fulfills all these requirements. These include event conjunction, disjunction and inhibition as well as cardinality of events whose graphical expression can be factored into flow-oriented process modeling and event rule modeling. Formal semantics for the language are provided.

Abstract: Process modeling and rule modeling languages are both used to document organizational policies and procedures. However, little work has been done to understand their synergies and overlap. Understanding the relationship between the two modeling types would allow organizations to maximize synergies and reduce their modeling effort. In this paper we use the well-established Bunge-Wand-Weber (BWW) representation theory to compare the representation capabilities of both types of languages. We perform a representational analysis of two rule modeling languages, viz., SRML and SBVR. We compare their representation capabilities with those of four popular conceptual business process modeling languages, and focus on the aspects of maximum ontological completeness and minimum ontological overlap. The outcome of this study shows that no single language is internally complete with respect to the BWW representation model and that a combination of two languages, viz. SRML and BPMN, is better suited for process modeling than any single modeling language.

Abstract: Requirements engineering (RE) encompasses a set of activities for eliciting, modelling, agreeing, communicating and validating requirements that precisely define the problem domain for a software system. Several tools and methods exist to perform each of these activities, but they mainly remain separate, making it difficult to capture the global consistency of large requirement documents. In this paper we introduce model-driven engineering (MDE) as a possible technical solution to integrate these activities in a common framework. First, we dicuss how RE can leverage the two main techniques for MDE: metamodelling and model transformation. Then, we introduce a metamodel for requirements and present how we have implemented this metamodel to make it executable and usable through a constrained natural language for requirements definition.

Abstract: Mobile devices are today capable to run and maintain long running interaction and communication between people and external systems over cell and local proximity networks. In this paper, we will describe a mobile workflow system which provides a platform for deploying and managing process oriented applications and services in mobile devices. We will discuss the architecture and the implementation aspects of our prototype. We will discuss the value of this system to the users in managing and partly automating their regular activities in both personal and professional life. In addition, we will argue the use of standards and the advantages of integrating two open standards on web forms and web services in order to execute the mobile workflows.

Abstract: The increasing ubiquity of mobile embedded systems has been matched by the evolution of a variety of wireless network standards and technologies. The major constraints of wireless embedded systems are limitations of communication bandwidth, processing capabilities, and battery power. Remote wireless embedded systems often act as sensors, which provide data to a certain community. The exchange of data is nowadays usually realized through Web services. For standard Web services an XML parser is required, which demands a lot of processing power whereas embedded devices with their resource constraints provide only limited processing capabilities. Another drawback of standard Web services is the huge communication overhead due to the use of human readable XML. On the other hand using standard Web service technology enables service developers to easily integrate new embedded devices to their network or to the Internet. This paper reports on the on-going work of the key European research project MORE, which brings the embedded system world together with the Web services world. MORE introduces a new connector concept easing the handling of heterogeneous communication channels and muSOA for reducing the message size and processing demands for parsing XML messages.

Abstract: The decentralized process of configuring enterprise applications is complex and error-prone, involving multiple participants/roles and numerous configuration changes across multiple files, application server settings, and database decisions. This paper describes an approach to automated enterprise application configuration that uses a feature model, executes a series of probes to verify configuration properties, formalizes feature selection as a constraint satisfaction problem, and applies constraint logic programming techniques to derive a correct application configuration. To validate the approach, we developed a configuration engine, called Fresh, for enterprise Java applications and conducted experiments to measure how effectively Fresh can configure the canonical Java Pet Store application. Our results show that Fresh reduces the number of lines of hand written XML code by up to 92% and the total number of configuration steps by up to 72%.

Abstract: Modern business process modeling languages such as BPMN or EPC provide users with more constructs to represent real world situations than their predecessors such as IDEF or Petri Nets. But this apparent increase in expressiveness is accompanied by an increase in language complexity. In practice many organizations choose to only use a subset of the available modeling constructs. Using a well established ontology-based theory of representation, we analyze how this voluntary restriction affects the expressiveness and complexity of the resulting modeling vocabulary. We compare our empirical findings with two notation sets of the popular language BPMN - the core and full set. Our findings indicate that users are willing to accept ambiguity among modeling constructs and that the full element set of BPMN adds little expressiveness at the expense of considerably decreased ontological clarity. The findings are a first step towards an understanding of an optimal cost-effectiveness ratio for process modeling languages both in theory and practice.

Abstract: Requirements documentation is a collection of partial specifications produced by different stakeholders. Obtaining a global specification is a fundamental step of a requirement analysis process. Merging requirement specifications is indeed a way to reveal inconsistencies between them. We propose in this paper a model-driven mechanism for that purpose. It takes as inputs a set of texts or models which conform to input requirement languages and produces a global requirements model. This mechanism is integrated in a platform called R2A which stands for "requirements to analysis". The R2A core element is its core requirement metamodel which has been defined for capturing the global requirements model. We illustrate our approach with requirement specifications expressed in a constrained natural language. This platform and its mechanism have been completely implemented with MDE (model driven engineering) technologies. As such, it is a good example of how MDE technologies can contribute to requirements engineering as a technical solution.

Abstract: SBVR is a new standard that defines a metamodel for business-layer vocabularies and rules This paper summarizes SBVR features and argues that the SBVR enables definition of true ontologies The paper also summarizes experience with a partial SBVR implementation in the context of an existing technique for modeling businesses and transforming the models into implementations The work contributes to understanding the issues around the integration of business rules with business processes and ontologies The paper argues that these three should be seen as peer business modeling elements with important and useful inter-relationships

Abstract: Aligning requirements of a business with its information technology is currently a major issue in enterprise computing. Existing literature indicates important criteria to judge the level of alignment between business and IT within a single enterprise. However, identifying such criteria in an inter-enterprise setting - or re-thinking the existing ones - is hardly addressed at all. Business-IT alignment in such settings poses new challenges, as in inter-enterprise collaborations, alignment is driven by economic processes instead of centralized decision-making processes. In our research, we develop a maturity model for business-IT alignment in inter-enterprise settings that takes this difference into account. In this paper, we report on a multi-method approach we devised to confront the validation of the business-IT alignment criteria that we included in the maturity model. As independent feedback is critical for our validation, we used a focus group session and a case study as instruments to take the first step in validating the business-IT alignment criteria. We present how we applied our approach, what we learnt, and what the implications were for our model.

Abstract: Benchmarking is the process of comparing one's own performance to the statistics of a group of competitors, named peer group. It is a common and important process in the business world for many important business metrics, called key performance indicators (KPI). Privacy is of the utmost importance, since these KPIs allow the inference of sensitive information. Therefore several secure multiparty computation (SMC) protocols for securely and privately computing statistics of KPIs have recently been developed. These protocols are the basic building block for a privacy-preserving benchmarking system, but in order to complete an enterprise system that offers a benchmarking service to its customers more problems need to be solved. This paper addresses two remaining problems: peer group formation and protocol orchestration. We first analyze how peer group participation impacts privacy and vice-versa. Given current network performance limitations we conclude that in order for KPIs to remain private one subscriber can participate in at most one peer group. Peer group formation is the process of forming sensible peer groups out of the set of subscribers. A sensible peer group is one that is useful for benchmarking, i.e. a group of similar companies, under the constraint that one subscriber can participate in at most one peer group. We characterize subscribers by a set of discrete criteria and therefore view the automatic peer group formation as a data clustering problem. A data clustering algorithm customized for automatic peer group formation is required to build clusters whose size does not fall below a minimum threshold. We present a high-performance modification of k-means clustering that takes the minimum cluster size as an additional parameter which might be of independent interest. In a simulation we evaluate its practical applicability to automatic peer group formation. Our final approach is the first automatic peer group formation algorithm for an enterprise benchmarking system. Polling-based protocol orchestration allows the subscribers to remain passive clients, i.e. require no inbound connection, e.g. through a company firewall. We show through simulation that such a polling-based orchestration can be expected to complete within one polling interval.

Abstract: As enterprise computing transforms to accommodate network centric (net-centric) systems and services, comprehensive monitoring capabilities for Service Oriented Architecture (SOA)-based applications are critical in order to unite business requirements with emerging technologies. These capabilities enable network operators and service providers to observe and proactive ly respond to events that occur during deployment and operation of enterprise computing systems. This paper presents a novel approach for SOA monitoring applied to these systems. Metrics for SOA monitoring are presented along with an SOA monitoring framework and reference monitoring architecture. Examples are provided to demonstrate the usefulness of this architecture for enterprise computing systems.

Abstract: Compliance management (CM) is the management process that an organization implements to ensure organizational compliance with relevant requirements and expectations. It is a continual, manual and labor intensive process that is proved to be of great challenge for many organizations. CM affects almost every aspect of an organization and is in nature a complex problem due to voluminous knowledge and data involved. In our attempts to automate and simplify compliance, we propose and examine a semantic rule-based approach for modeling compliance knowledge with the use of semantic Web rules (SWRL) and Web ontology language (OWL). We study the use of exception handling approach to create a more robust rule base to deal with data incompleteness in the semantic Web.

Abstract: Software cities alias application landscapes of large enterprises comprise tens or even hundreds of IT applications. Structuring software cities into domains is an important task of enterprise architects. The quality of the resulting domain model is crucial for the success of enterprise architecture management and an important tool for the governance of the development of an enterprise's application landscape. This paper presents a novel method for constructing domain models based on business services, business objects, and business dimensions. The method has been validated in numerous industrial projects.

Abstract: The discovery of a semantic web service (SWS) is the act of locating a machine-processable description of a SWS-related resource that may have been previously unknown and that meets certain functional criteria. The increasing availability of services that offer similar functionalities requires the discovery process to be enhanced with a selection phase that considers non-functional properties (NFPs) of services. This paper proposes a model to describe these properties and a novel approach to service selection. Our approach is based on the design of matching rules by means of mediators defined by sets of rules stating the condition for successful matches. These rules are based on the ontological description of objects representing NFPs that are required and offered. In particular, we define a set of rule schemas to support mediation and matching for a class of user-defined NFP-constraints clustered according to specified constraint operators. Rules support matching for both qualitative and quantitative non-functional properties.

Abstract: In order to make business service more flexible and reusable, it is desirable to provide users or applications the same service but with different service quality, different interaction paths, or with different outcomes. We call this design principle as Service Differentiation. This paper describes a fully functional mechanism where variability is externalized as usage context and context aware policies so that the core business process(es) need not to be altered for any anticipated changes. Service differentiation is realized by configured business processes and interfaces, and the dynamic 'binding' between user/application with a specific interface is determined by usage context during service invocation time.

Abstract: The paper considers distributed applications where interactions between constituent services take place via messages in an asynchronous environment with unpredictable communication and processing delays; further, interacting parties are not required to be online at the same time. Message-oriented middleware (MoM) is commonly used for connecting such loosely coupled distributed applications. Despite loose coupling, many service interactions have temporal and message validation constraints. A failure to deliver a valid message within its time constraint could cause mutually conflicting views of an interaction (one party regarding it as timely whilst the other party regarding it as untimely) leading to application level inconsistencies. In a loosely coupled system, such inconsistencies could remain undetected for a long time, requiring costly application level recovery procedures. This paper describes how synchronisation support providing multilateral consistency guarantees can be provided using the underlying MoM to prevent inconsistencies from reaching application level.

Abstract: This paper describes a new strategic information system planning methodology, called ISISP (integrated strategic information system planning), which combines both top- down and bottom-up methodologies for strategic information system planning. In ISISP, portfolio derived from CRUD matrix will union with portfolio derived from SWOT/strategic themes which results in three sets of applications, namely the existing non-core applications, the core applications and the future applications. Then application transformation is applied to both core and non core application groups. For the future application group, each application will be mapped onto the existing CRUD matrix resulting in a new CRUD matrix, called ICRUD, which represents the information architecture that bridges the existing applications to the future strategically derived mission critical applications. The ISISP methodology therefore facilitates the actual implementations since all application boundaries will be derivable for the ICRUD matrix. Also, the business areas will be focused and realistic. The resultant application portfolio would be more suitable for creating IT-enabled enterprise since both existing and future strategic applications are taken care for.

Abstract: Domain Specific Languages (DSLs) play a cornerstone role in Model-Driven Software Development for representing models and metamodels. DSLs are usually defined in terms of their abstract and concrete syntax only. This allows the rapid and inexpensive development of DSLs and their associated tools (e.g., editors), but does not allow the representation of their behavioral semantics, something especially important for model operations like simulation and verification. In this paper we explore the use of Maude as a formal notation for describing models and metamodels, including the specification of their dynamic behavior.

Abstract: The process of composing a service from other services typically involves multiple models. These models may represent the service from distinct perspectives, e.g., to model the different roles of systems involved in the service, and at distinct abstraction levels, e.g., to model the service's capability, interface or the orchestration that implements the service. The consistency among these models needs to be maintained in order to guarantee the correctness of the composition process. Two types of consistency relations are distinguished: interoperability, which concerns the ability of different roles to interoperate, and conformance, which concerns the correct implementation of an abstract model by a more concrete model. This paper discusses the need for and use of techniques to assess interoperability and conformance in a service composition process. The paper shows how these consistency relations can be described and analysed using concepts from the COSMO framework. Examples are presented to illustrate how interoperability and conformance can be assessed.

Abstract: The UNICORE grid system provides a seamless, secure and intuitive access to distributed grid resources. In recent years, UNICORE 5 is used as a well-tested grid middleware system in production grids (e.g. DEISA, D-Grid) and at many supercomputer centers world-wide. Beyond this production usage, UNICORE serves as a solid basis in many European and International research projects and business scenarios from T-Systems, Philips Research, Intel, Fujitsu and others. To foster ongoing developments in multiple projects, UNICORE is open source under BSD license at SourceForge. More recently, the new Web services-based UNICORE 6 has become available that is based on open standards such as the Web services addressing (WS-A) and the Web services resource framework (WS-RF) and thus conforms to the open grid services architecture (OGSA) of the open grid forum (OGF). In this paper we present the evolution from production UNICORE 5 to the open standards-based UNICORE 6 and its various Web services-based interfaces. It describes the interface integration of emerging open standards such as OGSA-BES and OGSA-RUS and thus provides an overview of UNICORE 6.

Abstract: The ODP reference model is one of a number of specification frameworks which are based on the definition of a set of viewpoints that are coupled together by the definition of correspondences between terms. Wherever a correspondence is declared, any real world entity that is represented by a term in one viewpoint must also satisfy the requirements placed by the occurrence of the corresponding term in the other viewpoint. Although this idea represents an intuitively simple and satisfying way of talking about the design of complex systems, the idea of a correspondence is not as simple as it might, at first sight, appear. This paper uses simple examples to illustrate some of the complexities resulting from the coupling of object models and examines the consequences for claims of conformance to the complete system of specifications.

Abstract: Existing approaches for Trust Management through software alone - by their very principle - are uncompromising and have inherent weaknesses. Once the information leaves the service provider platform, there is no way to guarantee the integrity of the information on the client (or service requestor) platform. The Trusted Computing Group proposed a quantum leap in security, a hardware based "root of trust" by which the integrity of a platform - be a client or service provider can be verified. However, there is no approach for the integration of this novel but essentially straight forward concept into the distributed application development. We believe that the complexity of Trusted Computing (TC) is one of the key factors that will hinder its successful integration within the web services based distributed application realm. Model-driven techniques offer a promising approach to alleviate the complexity of platforms. This contribution has three objectives. First, we detail SECTET - a model-driven framework for leveraging TC concepts at a higher level of abstraction. We secondly elaborate the integration of platform-independent XACML policies with the platform-specific SELinux policies. Thirdly, we share our experiences regarding the implementation results of the SECTET on TC based systems.

Abstract: Information privacy typically concerns the confidentiality of personal identifiable information (PII) and protected health information (PHI) such as electronic medical records. Thus, the information access control mechanism for e-health services must be embedded with privacy-enhancing technologies. Role-based access control (RBAC) model has been widely investigated and applied to various applications for a period of time. This paper presents an extended framework of RBAC with privacy-based extensions to tackle such a need. With the context of e-health care informatics, this paper proposes an aggregation decision-making layer interacted with a set of autonomous RBAC models to aggregate PHI.