Abstract
Key to broad use of process management systems (PrMS) in practice is their ability to foster and ease the implementation, execution, monitoring, and adaptation of business processes while still being able to ensure robust and error-free process enactment. To meet these demands a variety of mechanisms has been developed to prevent errors at the structural level (e.g., deadlocks). In many application domains, however, processes often have to comply with business level rules and policies (i.e., semantic constraints) as well. Hence, to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they are able to meet the requirements and which challenges still have to be tackled. In order to tackle the particular challenge of providing integrated compliance support over the process lifecycle, we introduce the SeaFlows framework. The framework introduces a behavioural level view on processes which serves a conceptual process representation for constraint specification approaches. Further, it provides general compliance criteria for static compliance validation but also for dealing with process changes. Altogether, the SeaFlows framework can serve as formal basis for realizing integrated support of semantic constraints in PrMS.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
\(\tilde{\sigma}\bar{\sigma}\) denotes the concatenation of \(\tilde{\sigma}\) and \(\bar{\sigma}\).
\(\tilde{\sigma} \Delta_e \breve{\sigma}\) denotes the concatenation of \(\tilde{\sigma}\), Δ e , and \(\breve{\sigma}\).
\(\tilde{\sigma} \Delta_e \) denotes the concatenation of \(\tilde{\sigma}\) and Δ e .
References
Agrawal, R., Johnson, C., Kiernan, J., & Leymann, F. (2006). Taming compliance with Sarbanes-Oxley internal controls using database technology. In Proc. of the 22nd int’l conf. on data engineering (ICDE’06) (p. 92). Los Alamitos: IEEE Computer Society.
Alberti, M., et al. (2006). Computational logic for run-time verification of web services choreographies: Exploiting the SOCS-SI tool. In Proc. 3rd int’l workshop on web services and formal methods. LNCS (Vol. 4184, pp. 58–72). New York: Springer.
Alberti, M., et al. (2007). Expressing and verifying business contracts with abductive logic. In Normative multi-agent systems, dagstuhl seminar proceedings (No. 07122). Internationales Begegnungs- und Forschungszentrum fuer Informatik.
Attie, P., Singh, M., Sheth, A., & Rusinkiewicz, M. (1993). Specifying and enforcing intertask dependencies. In Proc. VLDB ’93 (pp. 134–145). San Mateo: Morgan Kaufmann.
Baader, F., et al. (2003). The description logic handbook—theory, implementation and applications. Cambridge: Cambridge University Press.
Blackburn, P., de Rijke, M., & Venema, Y. (2002). Modal logic. Cambridge tracts in theoretical computer science. Cambridge: Cambridge University Press.
Bobrik, R., Reichert, M., & Bauer, T. (2005). Requirements for the visualization of system-spanning business processes. In Proc. 1st int’l workshop on business process monitoring and performance management (BPMPM’05).
Casati, F., Ceri, S., Pernici, B., & Pozzi, G. (1998). Workflow evolution. Data & Knowledge Engineering, 24(3), 211–238.
Dadam, P., et al. (2008). Towards truly flexible and adaptive process-aware information systems. In Proc. UNISCON ’08. Klagenfurt, Austria.
Davulcu, H., Kifer, M., Ramakrishnan, C. R., & Ramakrishnan, I. V. (1998). Logic based modeling and analysis of workflows. In PODS ’98 (pp. 25–33).
Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 (2006). http://www.eur-lex.europa.eu.
Dwyer, M. B., Avrunin, G. S., & Corbett, J. C. (1999). Patterns in property specifications for finite-state verification. In Proc. of the 21st int’l conf. on software engineering (pp. 411–420).
Ellis, C., Keddara, K., & Rozenberg, G. (1995). Dynamic change within workflow systems. In Proc. of the int’l ACM conf. COOCS ’95 (pp. 10–21).
Emprise (2008). BONAPART Sarbanes-Oxley analyzer.
Foster, H., Uchitel, S., Magee, J., & Kramer, J. (2006). Model-based analysis of obligations in web service choreography. In Proc. of the advanced int’l conf. on telecommunications and int’l conf. on internet and web applications and services (p. 149). Los Alamitos: IEEE Computer Society.
Förster, A., Engels, G., Schattkowsky, T., & Van der Straeten, R. (2007). Verficiation of business process quality constraints based on visual process patterns. In Proc. 1st joint IEEE/IFIP symposium on theoretical aspects of sofware engineering.
Fötsch, D., Pulvermüller, E., & Rossak, W. (2006). Modeling and verifying workflow-based regulations. In Workshop on regulations modelling and their validation and verification.
Ghose, A., & Koliadis, G. (2007). Auditing business process compliance. In Proc. ICSOC ’07. LNCS (Vol. 4749, pp. 169–180). New York: Springer.
Giblin, C., Müller, S., & Pfitzmann, B. (2006). From regulatory policies to event monitoring rules: Towards model-driven compliance automation. Tech. Rep. Research Report RZ-3662, IBM Research GmbH.
Goldszmidt, G., Joseph, J., & Sachdeva, N. (2005). On demand business process life cycle, part 6: Apply customization policies and rules. Tech. rep., IBM.
Gomez-Perez, A., Fernandez-Lopez, M., & Corcho-Garcia, O. (2004). Ontological engineering. New York: Springer.
Governatori, G. (2005). Representing business contracts in RuleML. International Journal of Cooperative Information System, 14(2–3), 181–216.
Governatori, G., Hoffmann, J., Sadiq, S., & Weber, I. (2008). Detecting regulatory compliance for business process models through semantic annotations. In Proc. of the 4th int’l workshop on business process design.
Governatori, G., Milosevic, Z., & Sadiq, S. (2006). Compliance checking between business processes and business contracts. In Proc. EDOC’06 (pp. 221–232). Los Alamitos: IEEE Computer Society.
Greiner, U., Ramsch, J., Heller, B., Löffler, M., Müller, R., & Rahm, E. (2004). Adaptive guideline-based treatment workflows with adaptflow. In Proc. of symposium on computerized guidelines and protocols, (Vol. 101, pp. 113–117). Amsterdam: IOS.
Heinlein, C. (2001). Workflow and process synchronisation with interaction expressions and graphs. In Proc. of the 17th int’l conf. on data engineering (ICDE ’01). Piscataway: IEEE.
Herbst, H., Knolmayer, G., Myrach, T., & Schlesinger, M. (1994). The specification of business rules: A comparison of selected methodologies. In Methods and associated tools for the information system life cycle (pp. 29–46). Amsterdam: Elsevier.
Huth, M., & Ryan, M. (2004). Logic in computer science—modelling and reasoning about systems. Cambridge: Cambridge University Press.
IDS Scheer (2008). Governance, risk and compliance management with ARIS. (in german).
ILOG (2005). ILOG JRules and IBM MQWF—White paper.
Kharbili, M.E., Stein, S., Markovic, I., & Pulvermüller, E. (2008). Towards a framework for semantic business process compliance management. In Proc. of the 1st int’l workshop on governance, risk and compliance (GRCIS’08) (pp. 1–15).
Konyen, I., et al. (1996). Process design for minimally-invasive surgeries. Interne Ulmer Informatik-Berichte DBIS-14, Ulm University. (in german).
Lenz, R., & Reichert, M. (2007). It support for healthcare processes—premises, challenges, perspectives. Data & Knowledge Engineering, 61(1), 39–58.
Linehan, M., & Ferguson, D. (2005). Business rule standards—interoperability and portability. In W3C workshop on rule languages for interoperability.
Liu, Y., Müller, S., & Xu, K. (2007). A static compliance-checking framework for business process models. IBM Systems Journal, 46(2), 335–261.
Lu, R., Sadiq, S., & Governatori, G. (2008). Compliance aware process design. In Proc. BPM workshops ’07. LNCS (Vol. 4928, pp. 120–131). New York: Springer.
Lu, R., Sadiq, S., Padmanabhan, V., & Governatori, G. (2006). Using a temporal constraint network for business process execution. In Proc. of the 17th Australasian database conference (pp. 157–166). Adelaide: Australian Computer Society.
Ly, L. T., Rinderle, S., & Dadam, P. (2006). Semantic correctness in adaptive process management systems. In Proc. BPM’06. LNCS (Vol. 4102, pp. 193–208). New York: Springer.
Ly, L. T., Rinderle-Ma, S., & Dadam, P. (2007). Integration and verification of semantic constraints in adaptive process management systems. Data & Knowledge Engineering, 64, 3–23.
Marchetti, A. M. (2007). Sarbanes-Oxley ongoing compliance guide: Key processes and summary checklists. New York: Wiley.
Milosevic, Z., Josang, A., Dimitrakos, T., & Patton, M. (2002). Discretionary enforcement of electronic contracts. In Proc. EDOC ’02 (pp. 3–14). Los Alamitos: IEEE Computer Society.
Müller, D., Herbst, J., Hammori, M., & Reichert, M. (2006). IT support for release management processes in the automotive industry. In Proc. BPM’06. LNCS (Vol. 4102, pp. 368–377). New York: Springer.
Müller, R., Greiner, U., & Rahm, E. (2004). Agentwork: A workflow system supporting rule-based workflow adaption. Data & Knowledge Engineering, 51, 223–256.
Namiri, K., & Stojanovic, N. (2007a). A formal approach for internal controls compliance in business processes. In 8th Workshop on business process modeling, development, and support.
Namiri, K., & Stojanovic, N. (2007b). Pattern-based design and validation of business process compliance. In OTM 2007, part I. LNCS (Vol. 4803, pp. 59–76). New York: Springer.
Newcastle Guideline Development and Research Unit (2004). Management of dyspepsia in adults in primary care.
OMG (2008). Semantics of business vocabulary and business rules (sbvr), version 1.0. http://www.omg.org/spec/SBVR/1.0/PDF.
Peleg, M., Soffer, P., & Ghattas, J. (2008). Mining process execution and outcomes—position paper. In BPM’07 workshops. LNCS (Vol. 4928, pp. 395–400). New York: Springer.
Pesic, M., & van der Aalst, W. M. P. (2006). A declarative approach for flexible business processes management. In BPM’06 workshops. LNCS (Vol. 4103, pp. 169–180). New York: Springer.
Reichert, M., & Dadam, P. (1998). ADEPTflex—supporting dynamic changes of workflows without losing control. Journal of Intelligent Information Systems, Special Issue on Workflow Management Systems, 10(2), 93–129.
Rinderle, S., Reichert, M., & Dadam, P. (2004a). Correctness criteria for dynamic changes in workflow systems—a survey. Data & Knowledge Engineering, 50(1), 9–34.
Rinderle, S., Reichert, M., & Dadam, P. (2004b). Flexible support of team processes by adaptive workflow systems. Distributed and Parallel Databases, 16(1), 91–116.
Sadiq, S., Governatori, G., & Naimiri, K. (2007). Modeling control objectives for business process compliance. In Proc. BPM’07. LNCS (Vol. 4714, pp. 149–164). New York: Springer.
Sadiq, S., Orlowska, M., & Sadiq, W. (2005). Specification and validation of process constraints for flexible workflows. Information Systems, 30(5), 349–378.
Schneider, K. (2004). Verification of reactive systems: Formal methods and algorithms. New York: Springer.
Singh, M. P. (1996). Semantical considerations on workflows: An algebra for intertask dependencies. In Proc. of the 5th int’l workshop on database programming languages (p. 5). New York: Springer.
The Business Rules Group (2000). Defining business rules—what are they really? http://www.businessrulesgroup.org/first_paper/BRG-whatisBR_3ed.pdf.
The Business Rules Group (2007). The business motivation model—business governance in a volatile world. 1.2 http://www.businessrulesgroup.org/second_paper/BRG-BMM.pdf.
van der Aalst, W. (2000). Workflow verification: Finding control-flow errors using petri-net-based techniques. In Proc. BPM ’00 (pp. 161–183).
van der Aalst, W., & Basten, T. (2002). Inheritance of workflows: An approach to tackling problems related to change. Theoretical Computer Science, 270(1–2), 125–203.
van der Aalst, W., de Beer, H., & van Dongen, B. (2005). Process mining and verification of properties: An approach based on temporal logic. In Proc. OTM conferences ’05. LNCS (Vol. 3761, pp. 130–147).
van der Aalst, W., et al. (2007). Prom 4.0: Comprehensive support for real process analysis. In Proc. of application and theory of Petri Nets and other models of concurrency, LNCS (Vol. 4546, pp. 484–494). New York: Springer.
van den Heuvel, J., & Weigand, H. (2000). Cross-organizational workflow integration using contracts. In Proc. business object workshop ’00.
Wagner, G. (2002). How to design a general rule markup language. In Proc. of the workshop XML technologies for the semantic web.
Weber, B., Reichert, M., & Rinderle-Ma, S. (2008). Change patterns and change support features—enhancing flexibility in process-aware information systems. Data & Knowledge Engineering, 66, 438–466.
Weber, B., Reichert, M., Wild, W., & Rinderle-Ma, S. (2009). Providing integrated life cycle support in process-aware information systems. International Journal of Cooperative Information Systems (IJCIS), 18(1), 115–165.
Weber, I., Governatori, G., & Hoffmann, J. (2008). Approximate compliance checking for annotated process models. In Proc. of the 1st int’l workshop on governance, risk and compliance (GRCIS’08) (pp. 46–60).
Weber, I., Hoffmann, J., & Mendling, J. (2008). Semantic business process validation. In Proc. semantics for BPM.
Weske, M. (2001) Formal foundation and conceptual design of dynamic adaptations in a workflow management system. In: HICSS-34, (p. 7051).
Yu, J., Manh, T. P., Hand, J., & Jin, Y. (2006). Pattern-based property specification and verification for service composition. CeCSES Report SUT.CeCSES-TR010, Swinburne University of Technology.
zur Muehlen, M. (2004). Organizational management in workflow applications—issues and perspectives. Information Technology and Management, 5(3–4), 271–291.
zur Muehlen, M., Indulska, M., & Kamp, G. (2007). Business process and business rule modeling languages for compliance management: A representational analysis. In ER (tutorials, posters, panels & industrial contributions) (pp. 127–132).
Acknowledgements
We would like to thank our students Heiko Fröhlich, Philipp Merkel, Barbara Panzer, and Andreas Pröbstle for implementing the SeaFlows prototype presented in this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
This work was done within the research project “SeaFlows: Semantic Constraints in Process Management Systems”, which is funded by the German Research Foundation (DFG). http://www.uni-ulm.de/en/in/iui-dbis/research/projects/seaflows.html
Rights and permissions
About this article
Cite this article
Ly, L.T., Rinderle-Ma, S., Göser, K. et al. On enabling integrated process compliance with semantic constraints in process management systems. Inf Syst Front 14, 195–219 (2012). https://doi.org/10.1007/s10796-009-9185-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-009-9185-9