Engineering Business Processes with Service Level Agreements

Web services' features of autonomy, platform-independence, readiness to be described, published, discovered, and orchestrated are increasingly exploited by companies to build massively distributed and loosely coupled interoperable applications. Enterprises not only export their functionalities as Web services, but also develop their business process to be Web service-based. Since services may be offered by different providers, non-functional properties, which go from execution time, costs, up to trust and security, become of paramount importance in defining the usability and success both of services and of Web service-based business processes. Ideally, the requestor of a service wants guarantees over the behavior of the services involved in the process. These guarantees are the object of service level agreements. The objective of a company is to align the service level agreements it negotiates as much as possible with its business goals. Establishing a service level agreement that favors the business objectives requires significant commitment of resources from the enterprise side, therefore any automation and support that can be obtained for this task is greatly beneficial for the enterprise. This thesis addresses the problem of engineering secure Web service-based business processes with service level agreements from early requirements. The present work fills the gap between the requirements engineering methodologies and the actual generation of business processes based on Service-Oriented Architectures with particular emphasis on the security aspects. We propose a methodology for deriving secure Web service-based business processes together with service level agreements, that guarantee a certain quality of execution, from the informally specified early business requirements. Starting from early requirements modelled in the Secure Tropos formalism, we provide a set of user-guided transformations and reasoning tools the final output of which is a set of executable Web service-based secure business processes. Secure features of business processes are implemented in Secure BPEL. We propose the Secure BPEL language as a specification language for secure business process. Related service level agreements, to be signed in order to guarantee certain quality of service, are specified by the extended WS-Agreement. We propose an extension of the WS-Agreement specification and supporting environment to made an agreement more robust and long lived. To derive service level agreements, we propose a new algorithm and we provide a prototype implementation in the constraint solving environment ECLiPSe. The implementation uses constraint programming system to satisfy user preferences against reference business processes. The IC Hybrid Domain Solver is used to solve the constraint problem. We conducted experimentation to show the feasibility of the warning strategy. In the experimentation, more than 92% of violation points are warned in advance, and 96.5% of thrown warnings are true warnings. To show the feasibility of the approach, we evaluated the functioning of the methodology on an e-business banking scenario, more specifically, from a typical loan origination process, inspired by an actual research project use case.