Abstract: This paper investigates and enhances the suitability of the Archi Mate enterprise architecture modeling language to support the modeling of business strategy concepts and architecture-based approaches to IT portfolio valuation. It gives an overview of existing strategy and valuation concepts and methods in the literature and motivates the need for enterprise architecture and business requirements modeling to capture these aspects as well. This overview results in the identification of strategy and value related concepts, such as value, risks, resources, capabilities, competencies and constraints. The paper provides an analysis of the extent to which Archi Mate may support some of the above-mentioned concepts and extends it with the missing concepts. The proposed language extension is formalized in terms of a met model fragment, which is aligned with the Archi Mate metamodel. The approach is also illustrated by means of an application portfolio consolidation case study in which we demonstrate how a constrained optimization valuation method can be applied to architecture models enhanced with the new concepts.

Abstract: The increasing availability of event data recorded by information systems, electronic devices, web services and sensor networks provides detailed information about the actual processes in systems and organizations. Process mining techniques can use such event data to discover processes and check the conformance of process models. For conformance checking, we need to analyze whether the observed behavior matches the modeled behavior. In such settings, it is often desirable to specify the expected behavior in terms of a declarative process model rather than of a detailed procedural model. However, declarative models do not have an explicit notion of state, thus making it more difficult to pinpoint deviations and to explain and quantify discrepancies. This paper focuses on providing high-quality and understandable diagnostics. The notion of activation plays a key role in determining the effect of individual events on a given constraint. Using this notion, we are able to show cause-and-effect relations and measure the healthiness of the process.

Abstract: Nowadays, many organizations use BPM for capturing and monitoring their business processes. The introduction of BPM in an organization may become expensive, because of the upfront investments on software and hardware. Therefore, organizations can choose for a cloud-based BPM system, in which a BPM system can be used in a pay-per-use manner. Opting for cloud-based solutions may normally raise concerns in organizations such as privacy, security, legal constraints and control. By combining cloud-based and traditional BPM, organizations can benefit from the best of both worlds. This paper proposes a distribution solution in which a business process is separated into individual business processes to be executed in the cloud and on-premise. This solution gives users the freedom to place sensitive data and non-computation-intensive activities within the borders of their organization, whereas less sensitive data and computation-intensive activities can be placed in the cloud. In our proposed approach, the business processes for both on-premise and the cloud are created by performing a transformation on the original business processes, guided by a distribution list in which the placement of each activity and data element is defined. This paper discusses the challenges of implementing this transformation.

Abstract: Security is seen as one of the major challenges of the Cloud computing. Recent malware are not only becoming more sophisticated, but have also demonstrated a trend to make use of components, which can easily be distributed through the Internet to develop newer and better malware. As a result, the key problem facing Cloud security is to cope with identifying diverse sets of malware. This paper presents a method of detecting malware by identifying the symptoms of malicious behaviour as opposed to looking for the malware itself. This can be compared to the use of symptoms in human pathology, in which study of symptoms direct physicians to diagnosis of a disease or possible causes of illnesses. The main advantage of shifting the attention to the symptoms is that a wide range of malicious behaviour can result in the same set of symptoms. We propose the creation of Forensic Virtual Machines (FVM), which are mini Virtual Machines (VM) that can monitor other VMs to discover the symptoms. In this paper, we shall present a framework to support the FVMs so that they collaborate with each other in identifying symptoms by exchanging messages via secure channels. The FVMs report to a Command a Control module that collects and correlates the information so that suitable remedial actions can take place in real-time. The Command a Control can be compared to the physician who infers possibility of an illness from the occurring symptoms. In addition, as FVMs make use of the computational resources of the system we will present an algorithm for sharing of the FVMs so that they can be guided to search for the symptoms in the VMs with higher priority.

Abstract: In a service-oriented architecture, adaptive and evolvable applications should be able to select, configure and compose different existing application services to deal with the changes which can arise from runtime contextual changes or the change of user requirements and preferences. To support this, hybrid service composition approaches have been proposed, in which the core of application logic, which is rather stable, is specified in terms of processes while rules are employed to specify the conditions and constraints to adapt the application behaviour. The rules are then exposed as a decision service which can be employed by the process to make adaptation decision with respect to runtime circumstances. The interaction between processes and decision services are generally performed in synchronous request-response manner. We argue that such an interaction is not efficient to support different types of adaptation at runtime and therefore asynchronous interaction should also be supported. In this paper, we present an adaptive service provisioning architecture and a decision service template allowing both synchronous request-response interaction and asynchronous notification. To motivate the proposed architecture and the decision service template, we use a blood pressure monitoring scenario from the homecare domain. We also explain the implementation of the proposed approach based on commercially available rule and process engines. Finally, we discuss: 1) what is the efficient way (synchronous request-response interaction vs. asynchronous notification) of calling decision service to execute different types of decision rules? and 2) to what extent the use of decision service facilitates dealing with the unforeseen changes?

Abstract: ITG has been recognized as a CIO top-10 issue for more than five years and has risen in priority between 2007 and 2009. Several Frameworks exist to help organizations in ITG implementation but lack scientific viewpoint, are complex, and also overlap each other. In this paper we make a literature review to leverage the ITG Contingency factors, ITG general guidelines and main ITG and ITM areas in order to provide a scientific viewpoint validation. Such artefacts are used to build an integrated ITG and ITM framework. We also evaluate our artefacts with expert's interviews in order to provide practitioner viewpoint validation. Finally, we conclude our research with main contributions and future work.

Abstract: As the number of Web services dramatically increases, it is becoming more difficult and time consuming for user to find the desired Web services. Collaborative tagging provides a convenient way to annotate shared content by allowing users to use any tags. User tags have proven to be a useful technique to smooth browsing experience in large document collections. Some web service search engines, such as Seekda, already propose this kind of facility. One of main advantages of tags is that they are very easy to create, where users do not need any constraint or experience. Nevertheless, users have different intentions when tagging. Tags not only describe the functions of Web services, but also express additional semantical information, such as topic domain, location and qualities. These tags between co-occurring represent quite a few different aspects of the Web services. In this paper, we first investigate the different collaborative intention between co-occurring tags in Seekda as well as their dynamical aspects. Inspired by the relationships between co-occurring tags, we designed the social tag network. In order to reveal the collaborative intention, we then analyze the dynamics structure and social properties of social tag network using graph theory. Finally, network analysis results show that the social tag network has small world effect and power law distribution to some extent, and also has obvious densely connected semantic communities surrounding few hub tags. Meanwhile, we provide some beneficial suggestions for tag clustering, service discovery and recommendation based on the network analysis results.

Abstract: This paper presents a model-driven approach to the specification of situations and situation detection. We offer two main contributions: (i) a Situation Modeling Language (SML), which is a graphical language for situation modeling, and (ii) an approach to situation detection based on the transformation of a SML model into a set of rules to be executed on a rule-based platform. We exemplify our situation-based development approach with an application scenario in the domain of (mobile) banking, in which situations for detecting fraud-susceptible behavior are defined in SML. Based on the SML models, we discuss the rules that can be deployed on Drools for situation detection. The approach supports situation types defined in terms of patterns of facts, as well as complex situations in terms of reusable situation types, both at the specification level and realization level.

Abstract: The software systems running in an enterprise consist of countless components, having complex dependencies, are hosted on physical or virtualized environments, and are scattered across the technical infrastructure of an enterprise, ranging from on-premise data centers up to public cloud deployments. The resulting topology of the current IT landscape of an enterprise is often extremely complex. We show that information about this complex ecosystem can be captured in a graph-based structure, the enterprise topology graph. We argue that, using such graph-based representation, many challenges in Enterprise Architecture Management (EAM) can be tackled through the aid of graph processing algorithms. However, the high complexity of an enterprise topology graph is the main obstacle to this approach. An enterprise topology graph may consist of millions of nodes, each representing an element of the enterprise IT landscape. Further, these nodes comprise a large variety of properties and relationships, making the topology hardly manageable by human users and software tools. To address this complexity problem, we propose different mechanisms to make enterprise topology graphs manageable. Segmentation techniques, tailored to specific use cases, extract manageable segments from the enterprise topology graph. Based on a set of formally defined transformation operations we then demonstrate the power of the approach in three application scenarios.

Abstract: Today, enterprises are confronted with a continuously increasing amount of data. Examples of such data include office files, e-mails, process descriptions, and data from process-aware information systems. This data overload makes it difficult for knowledge-workers to identify the information they need to perform their tasks in the best possible way. Particularly challenging is the alignment of process-related information with business processes. In fact, process-related information and business processes are usually managed separately. On the one hand, enterprise content management systems, shared drives, and Intranet portals are used for organizing information, on the other hand, process management technology is used to design and enact business processes. With process-oriented information logistics (POIL) this paper presents an approach for bridging this gap. POIL enables the process-oriented and context-aware delivery of process-related information to knowledge-workers. We also present a clinical use case and a proof-of-concept prototype to demonstrate the application and benefits of POIL.

Abstract: Distributed systems like crisis management are subject to the dissemination of a huge volume of heterogeneous events, ranging from low level network data to high level crisis management intelligence, depending on the role of the rescue teams involved. In such systems, Complex Event Processing (CEP) has emerged as a solution to detect and react (in real-time) to complex events, which are correlations of more primitive events. Although various CEP engines implement the support for dealing with the business heterogeneity of events, the technological integration of these events remains uncovered. Therefore, in this paper we introduce DiCEPE (Distributed Complex Event Processing Engine), a platform which focuses on the integration of CEP engines in distributed systems. DiCEPE provides a native support for various communication protocols in order to federate CEP engines and ease the deployment of complex systems-of-systems. We illustrate our proposal using a nuclear crisis management scenario and show how DiCEPE leverages the coordination and the federation of different CEP engines.

Abstract: Nowadays, process-centric Web Applications (WAs) are extensively used in contexts where multi-user, coordinated work is required. Recently, Model Driven Engineering (MDE) techniques have been investigated for the development of this kind of applications. However, there are still some open issues. First, a complete roundtrip engineering support is still missing. Second, the lack of a proper integration of the existing MDE methodologies with workflow modeling techniques does not allow the developers to model the components of a WA in a compact and easy way. Third, the existing MDE approaches are based on procedural languages and not on declarative languages, even if these are more suitable to describe processes characterized by high variability. To address these issues, in this paper, we adopt a conservative approach to roundtrip engineering for the development of process-centric WAs and propose the integration of three MDE metamodels used to represent the main components of a WA with the metamodel of Declare, a declarative language to represent business processes. The proposed approach has been used to develop an online system for visit reservation in a hospital in order to validate its feasibility, correctness and effectiveness.

Abstract: Software measurement is a key process for software process improvement (SPI). Measurement provides useful information for organizations making decisions that impact their business performance. At high maturity levels, such as CMMI levels 4 and 5, SPI involves carrying out statistical process control (SPC), which requires measures and data suitable for this context. However, measurement problems are pointed as one of the main obstacles for a successful implementation of SPC in SPI efforts. With this scenario in mind, we proposed a strategy to help software organizations prepare themselves regarding measurement aspects in order to implement SPC. The strategy is made of three components. One of them is a reference software measurement ontology. In this paper, we discuss how this ontology helped us to develop the other components and how the use of these components aided to evaluate the conceptualization defined by the ontology.

Abstract: In a model-driven service-oriented architecture (SOA), the services are in large parts generated from models. To facilitate monitoring, governance, and self-adaptation the information in these models can be used by services that monitor, manage, or adapt the SOA at runtime. If a service for monitoring, management, or adaptation in an SOA is dependent on models, and the metamodel changes, usually the service needs to be manually adapted to work with the new version, recompiled, and redeployed. This manual effort impedes the use of models at runtime. To address this problem, this paper introduces model-aware services that work with models at runtime. These services are supported using a service environment, called Morse. Hiding the complexity of implicit versioning of models from users while respecting the principle of Universally Unique Identifiers (UUIDs), it realizes a novel transparent UUID-based model versioning technique. It uses the model-driven approach to automatically generate and deploy Morse services that are used by the model-aware services to access models in the correct version. In this way, monitoring and adaptation in SOAs can be better supported, and the manual effort to evolve services for monitoring, management, or adaptation, which are based on models at runtime, can be minimized.

Abstract: Service Networks (SNs) are open systems accommodating the co-production of new knowledge and services through organic peer-to-peer interactions. Key to broad success of SNs in practice is their ability to foster and ensure a high performance. By performance we mean the joint effort of tremendous interdisciplinary collaboration, cooperation and coordination among the network participants. However, due to the heterogeneous background of such participants (i.e., business, technical, etc.), different interpretations of the shared terminology are likely to happen. Thus, confusion may appear in the multi-disciplinary communication of SNs participants which in turn may lead to performance anomalies. To deal with such a problem, we propose a novel framework of bi-dimensional (business vs technical) performance metric indicators built on the basis of a systems thinking mindset. By using our framework, a holistic picture of the multiple dimensions and structure of SNs is provided, so that the interdisciplinary service participants have a correct understanding of the service scope and required resources in operation. Moreover, and most importantly, it provides a way to examine the performance traceability of the services within a SN.

Abstract: In this industry case study, we introduce the concept of semantic mediation that enables service interoperability through common ontologies, even when the services are implemented using different data models and message standards. Leveraging open standards such as Web Ontology Language (OWL) and Semantic Annotations for XML Schema and WSDL (SAWSDL), the Semantic Mediation Bus (SMB) removes the need to perform manual correlation among disparate data sources by extending the Enterprise Service Bus (ESB) infrastructure for ontology-based runtime service mediation.

Abstract: Much research work has been discussing the transformation between different process modeling languages. The focus was often put on model syntax rather than on the integrity of process content. Here an established approach for evaluating information content is used to assess the information content change that results due to process model transformation from EPC to BPMN business process representation. The results show that induced information change is not significant and provides insights into EPC and BPMN language structures. Contribution of this paper is thus a generic strategy for information content measurement in business process models as well as information theoretical view on business process modeling notations. The findings have implications for analysts and modelers in that they provide guidance on language choice and reduce uncertainty of model transformation.

Abstract: The ODP Enterprise Language is used to describe the organizational objectives and policies that apply to the system to be specified. It also captures constraints associated with the environment in which the system is to be used. Because the enterprise specification is concerned more with organizational issues than technical details of the system, there is considerable emphasis in the language design on obligations and norms, rather than on the declaration of some single rigidly required behaviour. This leads to a requirement for specification techniques that encompass a wide range of behaviour and then identify which behaviour should occur and how exceptions are to be handled, this is more challenging than computational specification, where the specification is essentially a recognizer for correct behaviour and does not define what is to happen if there are violations. This paper describes work currently in progress within the International Organization for Standardization (ISO) to extend the Enterprise Language so that it is able to express more directly the necessary obligations and other deontic concepts, such as permissions and prohibitions. The approach being taken is to introduce a new kind of object that reifies the deontic constraints and thereby simplifies the description of the behaviour expected. Once the basic concepts are in place, they can be used to define a wide range of organizational matters, such as delegation rules and the way communities respond dynamically to changes in their structure.

Abstract: Audit is an independent activity that employs standardized methods to evaluate and improve the effect in the process of compliance and control in order to help the organization achieve its goals. Nowadays, the current audit management process is costly and requires a high effort since there is a high amount of resources and used assets needed. This happens due to the large number of regulations with which it is crucial to comply. However, there are several frameworks which bring uncertainty and complexity to an organization. We intend to analyze the most important frameworks, elicit the needed requirements and use them to formalize the IT audit management process. Our work is important since a formalization of the IT audit management process is still missing and organizations keep struggling with so many frameworks in the market. Thus, organizations can achieve an improvement in their audits performance and an improvement on the analyses of their internal controls and compliance requirements.

Abstract: This paper deals with the problem, coming from an industrial context, of ontology transformations. EADS, as a major aircraft manufacturer faces the problem of integrating works of experts from different domains using different notations. Addressing this Domain-Specific Language (DSL) problem, we previously developed a solution based on OWL2 ontologies for the integration of multiple domains at the abstract syntax level. Our next step is then the production of visual concrete syntaxes from this abstract syntax, for each domain. Considering this problem as a transformation issue, we raise the challenge of ontology transformations. We provide an OWL2-based rule language for the expression of such transformations. Validating this approach, our rule language has been implemented in a rule and transformation engine and tested on applications coming from the industry.

Abstract: In Enterprise Architecture (EA) model analysis activities, it is critical to make early statements and diagnosis from a high level of abstraction. Currently, these tasks are difficult to perform, and they require both the involvement of experts and the elaboration of specialized artifacts. Further-more, the complexity of the tasks increases as models become bigger, more detailed, and start covering more domains. In other contexts, it has been noticed that total / holistic / unfiltered visualizations may give insight about the models, providing analysts a starting point for exploration and general pattern discovery. In this paper, we offer an evaluation framework to assess the strengths and weaknesses of visualization tools to support EA analysis activities. The framework is based on a set of 14 requirements which are either visualization-related or specific to EA analysis, and which where harvested from experimentation and from a survey of current EA and visualization tools. The requirements were defined around the design principle of cognitive effectiveness, and they favor a broader use of visual languages in order to enhance the semantics of EA visualizations.

Abstract: Enterprise Engineering is a means of applying engineering method to Enterprise Architecture, developing and evolving the mapping enterprise strategy to its resources. The potential benefits of service orientation have long been considered a driver for Enterprise Engineering. However, the service development discipline as a whole is still in it early stages. Do-main-specific frameworks and methodologies exist but none effectively deals with the teleological aspects of services, generally dismissed as subjective matter. In this paper, we analyze relevant state of the art in the areas of General Systems Theory, Service Science, Enterprise Engineering, Value Modeling, Enterprise Architecture and Business Modeling. The main shortcomings identified essentially reside in the lack of capability to model the purpose of a given service system in a structured way to guide current and future development efforts, which also implies having flexibly dealing with relativity of enterprise frontier definition. To address these issues, our research is focused on modeling different perspectives of enterprises as service systems, along three perspectives, namely construction, function and contribution. The approach presented in this paper involves 1) distinguishing the three mentioned perspectives and 2) articulating the concepts of each perspective so that an end-to-end, integrated, model is provided. The most distinguishing feature is using the concept of value proposal of a system to express the motivation that drives its development. We propose to follow an engineering approach that is grounded on social actor communication theory, taking into account the social meaning of service provisioning and consumption. Moreover, the mapping of this model to the elements that compose a system should be supported by design. To this end, both e3Value, from Value Modeling, and DEMO, from Enterprise Engineering, are considered and their integration is described.

Abstract: Cloud-computing is spreading quickly in industry. In the beginning, single cloud services have been in the center of interest. Nowadays, so called cloud environments are quickly gaining momentum. Cloud environments are collections of cloud services and resources. Cloud environments allow to build cloud based information systems. Cloud based information systems are configurations of services and resources provided by dynamic cloud-environments. To promote the development of a design methodology cloud based information systems are conceptualized using the entities provided by cloud environments. This static view is complemented by the definition of a life cycle described for cloud based information systems. Furthermore the notion of flexibility in cloud based information systems is discussed and first ideas for the enactment of business processes are introduced.

Abstract: The passage from monolithic, product driven business models to networked and service-based business has given raise to the emergence of service ecosystems. A service ecosystem is a socio-technical complex system that enables service-based collaboration between entities such as enterprises, institutions or individuals. Contemporary service ecosystems are established and managed typically in an ad~hoc -- manner and are lacking in support for ecosystem sustainability. This paper presents the Service Ecosystem Architecture Framework which facilitates sustainability of service ecosystems by supporting activities and addressing concerns of ecosystem stakeholders. The framework provides means for design and analysis of service ecosystems. Conceptual completeness of the architecture framework is validated by modelling a modern open service ecosystem. Applicability of the architecture framework is demonstrated with respect to service ecosystem concerns.

Abstract: During a stateful interaction, a partner service may become unavailable because of a server crash or a temporary network failure. Once the failed service becomes available again, the interaction partners do not have any knowledge about each other's state, possibly resulting in errors or deadlocks. This paper proposes an approach to the recovery of stateful interactions based on service interaction patterns and process transformations. Our recovery approach works without a central management node and without additional communication protocols. We also minimize the changes to the description of the service supported by the recovery-enabled process. Our approach allows one partner process to be modified in order to support failures in a way that interaction with the other (unchanged) processes is still possible.

Abstract: In this paper, we present an approach to modeling and analyzing the quality of service (QoS) characteristics of compositional cloud services in a federated ecosystem. Our approach first synthesizes service compositions of federated services into a small number of primitive models, basic elements and associative characteristics as common patterns, each of which has an analytical model of its QoS characteristics. A cloud-based federated system is defined through recursive composition of the primitive models and thus can be modeled and analyzed through a decomposition and aggregation process based on the QoS characteristics of primitive models. The main objective of our approach is to support the design of cloud-based federated ecosystems and the management of service level agreements for business applications in such systems. We examine cases and conditions within which a composite model's QoS characteristics have analytical solutions as a composition of the QoS characteristics of primitive models and those that may not have an analytical solution and therefore simulation-based solutions are required. Test results are discussed for comparison of analytical and simulation approaches.

Abstract: Two orchestrated processes interacting with each other have to maintain their own states. Messages are used to synchronize states between orchestrated processes. Server crash and network failure may result in loss of messages and therefore result in a state change performed by only one party. Thus, the states of the parties are no longer synchronized, resulting in state inconsistencies and in worst case deadlocks. In this paper, we propose a mechanism for guaranteed state synchronization of orchestrated processes with system and network failures. Our mechanism is based on interaction patterns and process transformations. The basic idea is to redesign the original processes into their state synchronization-enabled counterparts via process transformations that can be automated. The transformation mechanism is formalized based on Colored Petri Nets. We present the formal proof of the correctness of our mechanism and give the overhead analysis to illustrate its practicability.

Abstract: Most modern contributions for flexible workflow management propose proprietary solutions or extensions of standard workflow execution engines to enable the required runtime control-flow deviations. This fact results from the widespread viewpoint that for the realization of deviations, manipulations should be performed directly on the concerned workflow model or instance. It is neglected that most contemporary workflow management systems already contain a very strong concept for runtime deviations, namely sub-processes which can be replaced with new versions at any time. In this paper, we show that execution flexibility concepts like variant construction, aspect orientation and runtime adaptation can be emulated by regular workflow models. For this purpose, we propose a generic automated design-time model transformation technique which extracts variant workflow parts to sub-processes, makes use of "adaptation processes" following a specific pattern syntax and generates a selector structure performing recursive sub-process calls supported by a rule engine. Its main benefit consists in a general reduction of implementation efforts for flexible workflow engines. For evaluation purposes, a reference implementation of our model transformation approach was realized in SAP Net Weaver BPM/BRM and produces fully BPMN2 compliant executable artifacts together with a rule set, which is used as the main interface for the specification of frequently changing process deviations.

Abstract: Social media have become a global phenomenon affecting people in their private lives and in their personal interactions, particularly among younger people. It is thus not surprising that social media are also being explored in professional contexts such as in enterprises, where a number of social media platforms and social extensions to existing workgroup and collaboration systems have been emerging. In this paper, we consider one such platform that was developed for the internal use in a large global enterprise (HP). We present data and analysis of how this social media platform has been used in HP over the past five years. We then present conclusions from this analysis and relate them to work patterns in enterprises with the goal of advancing social media to the next level making them better fit the work context and more relevant for people in their work functions. We consider enterprise sales processes as a case study and present a number of extensions for our social media platform.