Abstract: Single sign-on (SSO) protocols allow one person to use the same login credentials for several organizations Enterprises face increasing competitive pressure to position themselves with regard to SSO, yet the ramifications of a move to SSO are not fully understood In this paper we discuss OpenID, a relatively new SSO protocol that is gaining traction on the web We apply enterprise application modelling techniques to OpenID in order to obtain well-founded decision aids for enterprises: we show how published modelling approaches can be used to analyse risks in OpenID, and show that these can identify security problems with common OpenID practice Finally, we propose analysis principles that condense important general insights of authentication modelling

Abstract: In this paper we address the problem of modeling collaborative decision and knowledge intensive business processes (sometimes referred to as Decision Intensive Processes, or DIP processes). DIP processes assist users in performing decision intensive tasks, and provide users with a guidance relevant to process execution context. DIP processes are by nature collaborative, data-driven, need to support various kinds of flexibility at design and run time, and need to integrate with external services and information sources. Such a combination presents significant challenges for contemporary business processes technologies. We present a solution based on a business artifacts paradigm (a.k.a. business entities with lifecycles) using a Guard-Stage-Milestone (GSM) model for declarative lifecycles specification. We introduce a CoreControl -- MicroProcess process design pattern, which allows a natural blending of a business functional process structure (usual for most business processes), with a decision & knowledge driven structure providing domain specific decision guidance to users. The proposed design pattern along with the declarative GSM BA approach provide suitable design primitives for DIP process, as demonstrated on a real problem from the supply chain solutions enablement domain.

Abstract: In recent years, enterprise architecture (EA) management has become an intensively discussed approach in both industry and academia for managing the complexity of an enterprise from a holistic perspective. While there is a strong academic and practical interest in EA frameworks and EA modeling, there is a notable insecurity about the cost benefit ratio of EA. In this paper, we address this research problem with a qualitative research design. We conduct a series of semi-structured interviews with industry experts on enterprise architecture in order to identify classes of EA goals, corresponding EA frameworks adoption to achieve these goals and employed EA benefit assessment approaches. The findings point to, among others, a fairly stable set of EA goals that shift over time and EA frameworks that lack modularity and adjustment capabilities to easily customize towards these goals. This paper is part of an ongoing exploratory research that aims at researching which benefits emanate from EA.

Abstract: Most agree that enterprise architecture (EA) artifacts include not only representation models, but also design principles [35]. While EA modeling and EA models are covered broadly in the EA state-of-the-art, design activity issues and design principles in particular are still neglected. While there has been some work on EA principles recently, their use has not been systematically surveyed so far. This is surprising because EA principles play an important role in practice. Based on a review of the state-of-the-art of EA principle understanding, we summarize findings from a survey among 70 participants from Swiss and German companies. While EA principles are widely defined, well documented, based on IT strategy and generally perceived as useful, deficiencies are apparent regarding stakeholder involvement, business architecture principles (definition as well as usage), regular principle reviews, and business alignment.

Abstract: Enterprise architecture (EA) management provides an engineering approach for the continuous advancement of the enterprise as a whole. The high number of involved components and their dense web of interdependencies nevertheless form a major challenge for such approach and demand high initial investment into documentations, communications, and analysis. Aforementioned fact has in the past been an impediment for successful EA management in practice. In the field of software engineering recently lightweight and agile methods have become more and more important. These methods aim at quickly creating results, while staying flexible in respect to the design goals to attain. In this article we explore to which extent the de-facto standard for agile methods, namely Scrum, can be applied to EA management. Thereby, we derive challenges for an agile EA management approach and revisit current approaches regarding their agility. Finally, we outline how agile EA management can be implemented based on the method of Scrum.

Abstract: ITIL is the most popular "best practices" framework for managing Information Technology (IT) services. However, implementing ITIL is not only very difficult but also there are no recommendations and guidelines for it. As a result, ITIL implementations are usually long, expensive and risky. In a previous paper we proposed a maturity model to assess an ITIL implementation and provided a roadmap for improvement based on priorities, dependencies, and guidelines. In this paper, we demonstrate a practical application of the proposed model with a questionnaire to assess the Incident Management and Configuration Management processes as well as the Service Desk Function. We evaluate the questionnaires in 13 assessments in five Portuguese organizations and then implemented a prototype to support the assessments. We finally draw conclusions that could be very useful for organizations that are considering ITIL implementation.

Abstract: Creating and maintaining an enterprise architecture model that is both up-to-date and accurate is a difficult task due to the size and complexity of the models and the dispersed nature of EA information in organizations. In current EA maintenance processes, the models are maintained manually with only little automation, which is a time consuming task. Literature from research and practice has identified this challenge, but only few scientific publications actually address the issue of EA model maintenance and its automation. In our research effort on Living Models, we are working towards solutions for a closer connection between EA models and what they represent in the real world. In this article we present (semi-)automated processes for maintaining enterprise architecture models by gathering information from both human input and technical interfaces and discuss implementation issues for realizing the processes in practice. This work is one of the first steps in the direction of minimizing manual work for EAM by automation and increasing EA data quality attributes such as consistency and actuality.

Abstract: Enterprise Architecture approaches are used to provide rigorous descriptions of the organization-wide environment, manage the alignment of deployed services to the organization's mission, end ensure a clear separation of the concerns addressed in an architecture. Thus, an effective Enterprise Architecture approach assists in the management of relations and dependencies of any components of the organization environment and supports the integration and evolution of the architecture. However, the quality of that approach is strongly influenced by the precision of the architecture context description, a fact which is not always recognized. This paper focuses on the architecture context description and addresses the gap between the stakeholders' concerns and the resulting architecture. Based on a combination of established references and standards, we show how an explicit integration of the architecture context into the architecture model improves the linking of concerns and key elements of the architecture vision. We apply our approach to a subject of increasing concern in the Information Systems area: longevity of information. Digital preservation is an interdisciplinary problem, but existent initiatives address it in a very domain-centric way, making it impossible to integrate documented knowledge into an overall organization architecture. We analyze several references and models and derive a description of the architecture context and a capability model that supports incremental development through an explicit distinction between systems and their capabilities. The presented approach allows not just any organization to assess their current digital preservation awareness and evolve their architectures to address this challenge, but in particular demonstrates the added value of an explicit architecture context model in an Enterprise Architecture approach.

Abstract: In the paper, we investigate principles for modeling flexible business processes enhanced by business rules. In our work, we start from a set of rule patterns, which are identified in the literature as a mean for increasing flexibility of business processes. The previous work on these patterns only considered the implementation level, but not the implications on the modeling level. Moreover, the potential for business process flexibility have not been fully leveraged due to some limitations in externalization of business logic into business rules. In this work, we report on the experience in modeling the set of rule patterns by using a rule-enhanced business process modeling language (rBPMN), and demonstrate the applicability of our findings on a business process case study.

Abstract: We present a case study of the use of Dynamic Condition Response (DCR) Graphs, a recently introduced declarative business process model, in the design of a cross-organizational case management system being developed by Exformatics A/S, a Danish provider of knowledge and workflow management systems. We show how DCR Graphs allow to capture directly both the behavioral constraints identified during meetings with the customer and the operational execution as markings of the graph. In comparison, imperative models such as BPMN, Petri Net, UML Sequence or Activity diagrams are only good at describing the operational way to fulfill the constraints, leaving the constraints implicit. In particular, we point out that the BPMN ad-hoc sub process activity, intended to support more loosely structured goal driven ad-hoc processes, is inconsistently described in the final version of the BPMN 2.0 standard. The case study motivated an extension of the DCR Graphs model to nested graphs and the development of graphical design and simulation tools to increase the understanding of the models. The study also revealed a number of challenges for future research in techniques for model-driven design of cross-organizational process-aware information systems combining declarative and imperative models.

Abstract: Compliance regulations require enterprises to review their SOA applications to ensure that they satisfy the set of relevant compliance requirements. Despite an increasing number of methods and tools, organizations have a pressing need for a comprehensive compliance framework to help them ensure that their business processes comply with requirements set forth by regulations, laws, and standards. In this paper we explain how to cope with business process compliance requirements and present a framework to capture and manage compliance requirements. We introduce a declarative Compliance Request Language for specifying compliance requirements. We also examine a set of compliance patterns to support the definition of frequently recurring compliance requirements in association with business processes. This approach enables the application of automated tools for compliance analysis and verification.

Abstract: Business processes spanning across organizational boundaries inside and outside an enterprise are increasingly becoming common practice in today's networked business environments. Service level agreements (SLAs) are negotiated between enterprises to measure, ensure and enforce service fulfillment and quality in this dynamic context. Often, SLA violations are directly associated with penalty costs, making it crucial to stick to agreed SLAs and proactively intervene in case of potential violations. Thus, a framework is required which allows for (1) efficient business process compliance monitoring, and (2) taking immediate action in case of compliance violations in order to minimize the business impact. In this paper we present a novel compliance monitoring framework based on a Complex Event Processing (CEP) engine. It allows modeling business processes as event flows, whereby events reflect state changes in a process or the business environment. Compliance checkpoints are added to an event flow and signify aspects which may be relevant to monitor, such as the relative timeframe between two events. Upon these, monitoring rules are defined to detect compliance violations and automatically trigger corrective actions.

Abstract: Currently most governing bodies publish their data on the World Wide Web (WWW). These data are available on e-Government Web Portals in unstructured formats using current Web languages, making them difficult to reuse and to generate new information. In this context, access to relevant, accurate public information, and possible reuse by other applications become increasingly complex. Open Government Data (OGD) means the publication of data in open raw formats (open data). There are tools to put open data on the WWW. However, this tools doesn't work with an architecture covering all aspects of data reuse. The aim of this paper is to show an architecture called Delivering Information of Government (DIGO) to allow access to primary data by machines in open data so that citizens interested in doing so can combine them (linked open data) and produce new information and mashup applications, consequently, enabling OGD and data fusion on the Linking Open Data (LOD) cloud.

Abstract: Software engineering processes are a challenging domain for the application of workflow engines due to their high dynamicity, often evolutionary nature, abstract process models, and the informational and environmental dependencies of their activities. In order to offer automated and relevant process guidance to software developers, the operational-level guidance must be capable of situational adaptation as processes evolve. A declarative workflow modeling approach driven by semantic technology is described that contextually constructs workflows on-the-fly from candidate activities. Thus, automated process guidance in dynamic environments is facilitated while retaining correctness properties, simplifying modeling, and fostering reuse.

Abstract: In parallel to the effort of creating Open Linked Data for the World Wide Web there is a number of projects aimed for developing the same technologies but in the context of their usage in closed environments such as private enterprises. In the paper, we present results of research on interlinking structured data for use in Idea Management Systems - a still rare breed of knowledge management systems dedicated to innovation management. In our study, we show the process of extending an ontology that initially covers only the Idea Management System structure towards the concept of linking with distributed enterprise data and public data using Semantic Web technologies. Furthermore we point out how the established links can help to solve the key problems of contemporary Idea Management Systems.

Abstract: The present way of doing business increasingly requires enterprises (and other organisations) to collaborate with each other, networked business allows enterprises to focus on their key competences and still capture market share with added-value, composed services jointly with trusted business partners. However, the present solutions for setting up new collaborations are based on ad hoc methods, or require integration through shared computing and communication platforms. These solutions leave collaborations with major risks on not detecting failures, functional or non-functional, breaches of trust or contractual state, or without systematic support on reacting to the changes in the business environment. This paper proposes service ecosystem governance principles, which are illustrated through the example analysis of the Pilarcos framework for service ecosystems. Service ecosystem governance supports correctness in dynamic collaborations despite strong autonomy of the partners, adaptability to changing business situations, and the manageable evolution of the service ecosystem that is necessary for sustainable networked business.

Abstract: Enterprise Architecture (EA) is rapidly becoming an established discipline. However, this does not mean that the practice of EA is already fully standardized. Practitioners as well as researchers report various techniques being used in the EA practice. And although EA has various potential benefits, evidence of real benefits is only just emerging. This paper presents empirical evidence of the relations between EA techniques used and EA benefits perceived, as well as the influence of contextual factors. The evidence is based on the results of a survey (n=293) held among both architects and stakeholders of EA in a wide variety of organizations. Employing multivariate regression analysis we found that the combination of project compliance, EA choices being explicitly linked to business goals and organized knowledge exchange between architects is a strong predictor for EA being perceived as a good instrument. We also established that significant differences exist in EA practice effectiveness between different economic sectors. Government appears to reap less benefits from EA than other sectors. The empirical evidence furthermore shows only a small influence of organizational size and number of architects on EA effectiveness.

Abstract: Regulatory compliance management is now widely recognized as one of the main challenges still to be efficiently dealt with in information systems. In the discipline of business process management in particular, compliance is considered as an important driver of the efficiency, reliability and market value of companies. It consists of ensuring that enterprise systems behave according to some guidance provided in the form of regulations. This paper gives a definition of the research problem of regulatory compliance. We show why we expect a formal policy-based and model-driven approach to provide significant advantages in allowing enterprises to flexibly manage decision-making related to regulatory compliance. For this purpose, we contribute CoReL, a domain-specific modeling language for representing compliance requirements that has a graphical concrete syntax. Informal semantics of CoReL are introduced and its use is illustrated on an example. CoReL allows to leverage business process compliance modeling and checking, enhancing it with regard to, among other dimensions, user-friendliness, genericity, and traceability.

Abstract: With the new trend of shifting from traditional architectures towards Service-Oriented Architectures (SOAs) today, the need to model integration becomes increasingly apparent. This study analyzes two main approaches for SOA integration modeling: using Unified Modeling Language (UML) and Service-oriented architecture Modeling Language(SoaML), having as a fundament a literature study, an evaluation between the two is made, based on a defined set of criteria. The results show where SoaML brings added advantages to UML and why it may be worth being used on a large scale.

Abstract: Service oriented architecture plays a prominent role in creating and utilizing business services in enterprise computing environments. The service composers produce value by aggregating lower-level re-usable services, scattered across the internet to create application level services. Web service middleware facilitates in defining service compositions in a comprehensive manner. However, in order to ensure the business viability amidst unpredictably changing business requirements, such compositions may need to adapt during the runtime. Such changes might vary from a minor regulation to a major re-structuring of the IT service composition. However, the complexity of the composition shouldn't increase and the runtime interruptions to the service delivery need to be kept to a minimum. In this paper we introduce ROAD4WS, which is a middleware extension to the popular Apache Axis2 web service engine. The extension brings together the modular adaptive architecture of the Role Oriented Adaptive Design (ROAD) with the web services deployment and consumption capabilities of the Apache Axis2 engine, in order to facilitate deploying adaptive service compositions.

Abstract: Run-time adaptability is a key feature of dynamic business environments, where the processes need to be constantly refined and restructured to deal with exceptional situations and changing requirements. The execution of such a system results in a set of adapted process variants instantiated on the same process model but dynamically restructured to handle specific contexts. Process evolution exploits the information on process variants to identify the best performing recurring adaptations and adopt them as general solutions in the process model. However, process variants are strictly related to specific execution contexts and cannot be adopted as general solutions. We propose a framework supporting context-aware evolution of business processes based on process instance execution and adaptation history. Instead of looking for recurring adaptations, we propose to look for recurring adaptation needs (i.e., process instances with the same context constraint violation and system configuration). Based on the analysis of adapted instances, we automatically construct and rank corrective evolution variants which can handle the problematic context. At the same time, we try to identify preventive evolution variants by constructing process variants which can prevent the adaptation need. We demonstrate the benefits of our approach using a car logistics scenario.

Abstract: Local governments cover multiple service sectors and are typically organized into diversified, deeply hierarchical organizations. Public services offered are tangible, mostly non-IT-critical, and heavily dependent on human resources. Information management is mainly manual in strategy and management processes. In this case study of a large Finnish local government organization, enterprise architecture (EA) is proposed as a tool for improving the coherency of the local government and its alignment to IT and other resources. We ask, what kind of EA descriptions local government agencies need for coherency management, and how to organize them. We apply action design research principles at the Kouvola City concern by adapting the Finnish Government EA Grid there. The business architecture is unfolded to evaluate the target state for a planned change. The results give new insights into transformation of the local government towards new public management related operation models, government-IT alignment, and further development of EA description tools and repositories for public administration use.

Abstract: It is crucial for enterprises to execute business operations in a compliant way. This is especially true for IT-driven business processes as enterprises may face considerable fines when violating laws and regulation in their business processes. Through the advent of cloud computing, a new dimension of compliance requirements within the research area of compliant business process design has emerged. Data-sovereignty is one of the major compliance concerns enterprises have to deal with when moving applications and data to the cloud. Enterprises are fully responsible for their data, also when the data is not present within their IT premises anymore. This lead to the policy that specific data must not leave the IT premises of the enterprise. In this paper we present an approach to support the human process designer in modelling compliant business processes. We are focusing on compliance requirements which have to be considered in the field of cloud computing. These requirements have been created to meet laws and regulations. These laws and regulations are considering data which is to other countries, for example. Looking at the characteristics of these requirements, we deal with data-centric compliance rules here.

Abstract: Quality of care is nowadays an important element of clinical health care delivery improvement efforts. Process-based quality measures can help, to support the effectiveness and efficiency of clinical care as well as to enhance a continuous performance measurement. Clinical process models can enable process monitoring and quality controlling in health care facilities. We present a clinical reference process model describing the integration of clinical meaningful Key Performance Indicators (KPIs) for acute diseases taking additionally into account the possibilities for automatic extraction of KPIs from clinical information systems and considering the characteristics of the clinical environment, such as flexible workflows and modular process structure during a patient's stay in hospital.

Abstract: Fact-orientation is a conceptual approach to modeling information systems that captures the facts of interest in natural sentence structures without forcing some aspects to be modeled as attributes of other structures. Its graphical notation for data modeling enables a vast variety of business constraints to be depicted visually, while its formal basis in logic enables models to be transformed into implementation targets for execution. This paper provides a state-of-the-art overview of fact-orientation in general and second-generation Object-Role Modeling (ORM) in particular, highlighting its conceptual and visual support for logic-based modeling, and contrasting it with other data modeling approaches.

Abstract: Software process models formalize the way a group of agents (e.g. developers, testers, managers etc) interact in order to produce a desired outcome (e.g. a product, an artifact etc). In this context, a "deviation" is a mismatch between the process executed by the agents and the process model. Existing approaches for deviation detection and handling force the agents to either pursue a deviation-free process execution, which is unrealistic, or to selectively ignore them, which may be risky to the desired outcome of the project. In this paper, we propose an approach that allows agents to deviate from the process specification, but also allows them to correct these deviations later in the process enactment. Additionally, they are informed about the risks implied by each non-handled deviation. During the correction phase, the process agents are assisted by the means of a set of correction plans that are automatically generated by the approach. These plans aim at reducing the risk of non resolved deviations. This paper presents a preliminary evaluation of this approach as a prototype implementation.

Abstract: As business process management technology matures, organisations accumulate hundreds, even thousands of models whose management poses real challenges. One of these challenges concerns model retrieval where support should be provided for the formulation and efficient evaluation of business process model queries. Recent years, queries based on behavioral information attracted more and more attentions both in the academic and industrial fields. However, there is not a widely accepted formal language to express the behavioral requirements. And the efficiency of the behavioral queries is another challenge when the process models contains arbitrary loop and/or extra-large parallel structures. The complete finite prefix (CFP) has been widely used to express the partial-order semantics of a Petri net. In this paper, we first extend CFP by connecting the cut-off events to continuation events, we call it temporal-order preserving complete finite prefix (TPCFP), where all the temporal relations between tasks can be extracted. Then we employ linear temporal logic formulae as the behavioral query language, whose formal semantics are defined over the TPCFP. The related algorithms are implemented in BeehiveZ. Experimental results are investigated with real-life processes and artificial processes in detail.

Abstract: This paper describes an approach and accompanying process for the development and use of architecture principles In doing so, it builds on earlier work in which we defined the concept of architecture principle itself The approach presented in this paper is based on a combination of experiences gathered from practice, as well as a synthesis of past work and other sources from both academia and industry, including standards such as TOGAF The approach is practical in the sense that it provides more detail on how to develop architecture principles than offered by other source Also, it shows the 'magic' involved in how to translate drivers to architecture principles

Abstract: As the size and complexity of services has grown over the years, so has the number of different models and view types used to visualize them. However, in most development environments used today, views are usually organized in a fairly simple way within an arrangement of trees, and are often mixed arbitrarily with the artifacts they contain or visualize. In this position paper we propose a new paradigm for creating, organizing and managing the different views that are required in modern software development projects inspired by the orthographic projection paradigm that has been used for many years in other engineering disciplines. The approach therefore makes software engineering environments more like computer-aided design (CAD) tools for physical products. After explaining the basic idea behind the approach, which we refer to as Orthographic Service Modeling (OSM), we outline its three key ingredients - (1) on- demand view generation, (2) dimension-based navigation (3) and an inherently view-based method.