Compliance in service-oriented architectures: A model-driven and view-based approach

Compliance in service-oriented architectures: A model-driven and view-based approach


Context Ensuring software systems conforming to multiple sources of relevant policies, laws, and regulations is significant because the consequences of infringement can be serious. Unfortunately, this goal is hardly achievable due to the divergence and frequent changes of compliance sources and the differences in perception and expertise of the involved stakeholders. In the long run, these issues lead to problems regarding complexity, understandability, maintainability, and reusability of compliance concerns. Objective In this article, we present a model-driven and view-based approach for addressing problems related to compliance concerns. Method Compliance concerns are represented using separate view models. This is achieved using domain-specific languages (DSLs) that enable non-technical and technical experts to formulate only the excerpts of the system according to their expertise and domain knowledge. The compliance implementations, reports, and documentation can be automatically generated from the models. The applicability of our approach has been validated using an industrial case study. Results Our approach supports stakeholders in dealing with the divergence of multiple compliance sources. The compliance controls and relevant reports and documentation are generated from the models and hence become traceable, understandable, and reusable. Because the generated artifacts are associated with the models, the compliance information won’t be lost as the system evolves. DSLs and view models convey compliance concerns to each stakeholder in a view that is most appropriate for his/her current work task. Conclusions Our approach lays a solid foundation for ensuring conformance to relevant laws and regulations. This approach, on the one hand, aims at addressing the variety of expertise and domain knowledge of stakeholders. On the other hand, it also aims at ensuring the explicit links between compliance sources and the corresponding implementations, reports, and documents for conducting many important tasks such as root cause analysis, auditing, and governance.

Grafik Top
Additional Information

Keywords: Compliance; Model-driven; View-based; Service-oriented architectures; Process-driven SOAs; Domain-specific languages

Grafik Top
  • Tran, Huy
  • Zdun, Uwe
  • Holmes, T.
  • Oberortner, E.
  • Mulo, E.
  • Dustdar, S.
Grafik Top
  • Elsevier B.V.
Grafik Top
Journal Paper
Software Architecture
Software Engineering
Journal or Publication Title
Information and Software Technology
Elsevier B.V.
Page Range
pp. 531-552
June 2012
Official URL
Grafik Top