introduction
DESCRIPTION
Process Views with Flows for Heterogeneous and Complex System Integration: A Service Requirement Approach. Introduction. B2B Interaction consists of interoperation and integration with both internal and external enterprise applications Process View (Workflow views) - PowerPoint PPT PresentationTRANSCRIPT
Process Views with Flows for Heterogeneous and Complex System
Integration: A Service Requirement Approach
Dickson K. W. CHIUSenior Member, IEEE
[email protected], [email protected]
Zhe SHAN, Qing LI City University of Hong Kong
[email protected]@cityu.edu.hk
Patrick C. K. HUNGFaculty of Business and Information Technology,
University of Ontario Institute of Technology [email protected]
S.C. Cheung
Dept. of Computer Science Hong Kong University of Science & Technology
Process Views and
flowTSMC 2005
submission-2
Introduction B2B Interaction
consists of interoperation and integration with both internal and external enterprise applications
Process View (Workflow views) a structurally correct subset of a workflow interactions inter-operate in a gray box mode providing external access to business processes
Flow a directed relationship that transmits events from a
source activity to a sink activity. partition activity relationships into control-flows, data-
flows, semantic-flows, exception-flows, and security-flows workflow specification is a set of activities connected by
these flows
Process Views and
flowTSMC 2005
submission-3
Motivation and Objectives
Systematic design of interactions Encapsulated in process views But workflows are too complex for large-scale IS Proposal: consider component flows Different flows: separation of concerns
Process Views and
flowTSMC 2005
submission-4
Project Background Process View (implementation and requirement engineering
immature) D.K.W. Chiu et al. Information Technology and Management,
5(3/4):221-250, 2004. D.K.W. Chiu et al. Distributed and Parallel Databases 12(2-3):193-
216, 2002. Process View Implementations with Web Services
Z. Shan, D.K.W. Chiu and Q. Li. Systematic Interaction Management in a Workflow View Based Business-to-business Process Engine, HICSS38, Jan 2005 (best paper nomination).
Flows P.C.K. Hung and Dickson K.W. Chiu. Developing Workflow-based
Information Integration (WII) with Exception Support in a Web Services Environment, HICSS37
Preliminary version D.K.W. Chiu, Z. Shan, P.C.K. Hung and Q. Li. Designing Workflow
Views with Flows for Large-scale Business-to-Business Information Systems, 5th VLDB Workshop on Technologies for E-Services (TES-04), Toronto, Canada, Aug 2004.
Process Views and
flowTSMC 2005
submission-5
Conceptual Model of Process View and Flows
Data Flow Data Flow View
Control Flow Control Flow View
Semantic Flow Semantic Flow View
Exception Flow Exception Flow View
Security Flow Security Flow View
Flow ViewMessage
Activity
Flow
Process
Process View
Organization
offer to+service
+requestor
+destination
+incoming+outgoing
Process Views and
flowTSMC 2005
submission-6
Control Flows
Control flows specify the execution order of activities which are allowed in the processes
Process logic in a cross-organizational process
Process Views and
flowTSMC 2005
submission-7
Data Flows
define the flow of specific data or dataset required by a process.
may often be almost the same as the control flows in processes that involve only simple data exchange
In HCSI many data flow in parallel control flows are often inadequate, inflexible, or
unclear for expressing data exchange sequence.
Process Views and
flowTSMC 2005
submission-8
Security Flows
define the flow of security control information, e.g., authentication
creation, exchange, and revocation of security tokens to implement security policies represent a collection of claims (i.e., user ID information) like name, identity, privilege, and capability authentication and authorization
security policy set of laws, rules, and practices regulate how a flow prevents information and resources
from being misused support the principle of single-sign-on
delegation or propagation should be well designed and described
Process Views and
flowTSMC 2005
submission-9
Semantic Flows
Define the semantic relationship among the information used in the process execution
Abstract the main concepts and describe their dependence in a more precise way.
Such data schema can be represented in OWL as ontology.
Assume partner organizations have an agreed semantics of the information exchanged
stored in a common UDDI directory heterogeneous ontology and ontology integration
problems as future work
Process Views and
flowTSMC 2005
submission-10
Exception flow
convey the occurrence of such exceptions from the service provider to the requestor
trigger the corresponding exception handler processes pre-defined at the requestor side
unexpected exceptions require human attention and handling send alerts to the appropriate personnel
Process Views and
flowTSMC 2005
submission-11
Overview of Flows
exception-flow
data-flow-1
data-flow-2
data-flow-N
IDrecord CrimeRecord BorderRecord
data-flow-(N -1)
data-flow-(N -2)
data-flow-(N -3)
CrimeRecord BorderRecord BankRecord
join join-attributes
security-flow
SingleSign On
SingleSign On
SingleSign On
SingleSign On
Generatesecurity-token security-token
revoke security-token
security-token
security-token
SessionStart
SessionEnd
revoke security-token
revoke security-token
Start EndCrimeCheck
BankCheck
IDCheck
initialized keys-transferred
completed
completed
keys-transferred
join join
BorderCheck
completedkeys-transferred
control-flow
semantic-flow
Identity
Legal
Custom
Banking
reference
trigger
link
Process Views and
flowTSMC 2005
submission-12
e-Government Integration Case Study
IDrecord (id-no, tax-file-no, name, sex, date-of-birth, area-code, phone-no, address, postal-code) are hold by the Immigration Department (in the case for Hong Kong).
BorderRecord (id-no, entry-or-exit, place, vehicle, day-of-event) are hold by the Immigration Department.
CrimeRecord (id-no, crime-description, sentence, day-of-event) are hold by the Police.
BankRecord (tax-file-no, bank-no, account-no, transaction, amount, balance, day-of-event) are hold by individual banks.
Process Views and
flowTSMC 2005
submission-13
Methodology Overview
Basic Service Provision Elicit the flows required for service provision Analyze flows and formulate view for
different types of users HCSI by composing basic services
Process Views and
flowTSMC 2005
submission-14
Eliciting Flows for Service Provision Determine the main processes (e.g., ID service process and border
record service process) that are offered to partners as services. For each of the main service process, determine the sub-services,
which includes different service options (e.g., single basic ID information, single extend ID information, and batch ID information) and supporting services (e.g., approvals).
Data services provide information and deal with data flow; control services provide procedure automation and deal with control flow; security services deal with security check; exceptions services deal with exception situations.
Usually, data or control services are the main ones to be considered first.
For each service, determine the expected requestors and under which pre-conditions they are allowed to access. These are the incoming flows.
If any of the pre-conditions is related to security, formulate security services that deal with security flow for the checking. A successful security check will become the required pre-condition.
Relate the pre-conditions with any other service constraints, such as limitations of the request parameters.
Process Views and
flowTSMC 2005
submission-15
Eliciting Flows for Service Provision (cont)
If any security check is related to pre-approval procedures, formulate control supporting services that deals with the control flow of the approval activity. A successful approval activity will initiate a security flow (via an internal token creation service) to grant a security token to the requestor.
For each service, determine the possible outcomes. For each of the outcome, specify the post-conditions and whether
any messages should be sent back to the requestor, any other parties, and/or any internal services. These are the outgoing flows.
If the outcome message is targeted to any internal services, make sure that such service exist, the message is appropriate, and the post-condition of the former service matches with the pre-condition of the latter service.
For each of the services, determine any possible abnormal outcome.
For each abnormal outcome, forward the exception to an exception services (such as an exception manager) that can initiate exception flow towards one or more internal or external targets.
Consider also the provision of exception handler services for handling internal and/or external exception flows.
Process Views and
flowTSMC 2005
submission-16
Flow Analysis and View Formulation
check for missing ones organize them into process views similar to data flow analysis trace messages and transformations
Identification of Incoming Messages Identification of Outgoing Messages Identification of Immediate Responses of Incoming
Messages Identification of Data and Flow Relevancy Identification of Independent Incoming or Outgoing
Message Pairs View Tabulation
Process Views and
flowTSMC 2005
submission-17
Views of the ID Service Process to other Departments
Department View Composed of the Flows (numbered in Table I)
Police i1->o1, i1->(o2->)o18, i1->o3, i5->o11, i5->(o12->i13->)o22, i8-> o16,i8-> (o17->i15)->o24, i15->o25
Customs i3->o7, i3->(o8->i10->)o19, i6-> o13,i6->(o14->i14->)o23, i8->o16,i8->(o17->i15->)o24, i15->o25
Other Govt. Users
i4->o9, i4->(o10->)o19, i8->o16,i8->(o17->i15->)o24, i15->o25
Central IT Security Center
i8->(o17->i15->)o25,i7->(o15->i17->)o25,i19->o25,
Process Views and
flowTSMC 2005
submission-18
HCSI by Service Composition 1. Determine the set of data items D required for the integration.2. Based on the services registered in the common UDDI directory,
determine the service and organization from which those data items can be obtained from. That is, for each item d D, find service s such that OutMsg(s, m) Depend(d, m). Let S denote the set of required services thus found.
3. For each s S, consider InMsg(s, n), the request n required by service s. For each d’ in Depend(d’, n), if d’ D, add d’ into D. Re-iterate from step 1 until no more items can be added to D, i.e., all the transitively dependent data requirements D as well as the set of services S providing them are found.
4. For each s S, consider the pre-condition requirements of the flows. Determine the extra security flow (such as approved security token) and control flow (such as approval applications) required. Re-iterate from Step 1 if extra data items are required or from Step 4 if only extra control and security services are required.
5. Determine any relevant exception flows that could occur and design handler activities / services if necessary.
6. Implement the internal process for the integration of the control, data, security, (semantic,) and exception flows.
7. Now, the new service process is ready. Design process views of this new service process for other organizations, according to the methodology discussed in the previous sub-sections.
Process Views and
flowTSMC 2005
submission-19
Mapping between the Conceptual Layers and Technologies
Workflow Layer
Privacy Layer
Security Layer
Coordination
Access Control
Conceptual Model Logical Model
Message Layer Orchestration
BPEL4WS
Enterprise PrivacyAuthorization
Language (EPAL)
WS-Security
support
Language Model
SOAPsupport
support
support
map
map
map
map
Semantic Layer OntologyOntology Web
Language (OWL)
supportmap
Process Views and
flowTSMC 2005
submission-20
System Architecture
Flow & View Definitions
Process View Instances
Flow & View Editor
Public UDDI Directory
View Runtime Manager
Web Services Interface
Flow Manager
Interaction Monitor
Process View Engine
Process Definitions
ProcessExecutor
ExceptionManager
Process Instances
ProcessEditor
System Integration Flows
Interaction Manager
Interaction Log
Internal Process Engine
Partner Organizations …
Process Views and
flowTSMC 2005
submission-21
Graphical XML Representation of a Process View
Commen t edited with XMLSPY v 2004 rel . 4 U (http :/ /ww w.xmlsp y.com ) by zhe shanp r o c e s s
n a m e IntelligenceBureau&CityBan kt a r g e t N a m e s p .. . http://ww w .dickso n-compute r.com /servic e/WorkflowVie wx m l n s http://schema s . xmlsoap .org/ws/2003/0 3/busines s -proces s/x m l n s: ln s http://ww w .dickso n-compute r.com /w sd l/WorkflowVie ws u pp r e ss J o in.. . yesp a r t n e r L in k s
p a r tn e r L i n k (2)n a m e p a r t n e r L i n k T y.. . m y R o l e p a r t n e r R o l e
1 intelligenceBurea u lns:intelligenceBureauL inkTyp e
intelligence Service
2 cityBank lns:cityBankLink Type bankServic ev a r i a b l e sf l o w
n a m e contro l-flowli n k sr e c e i v e
n a m e Star tp a r t n e r L i n k intelligenceBurea up o r t T y p e ini tialize PTo p e r a t i o n initializ ev a r i a b l e requestc r e a te I n s ta n c e yess o u r c e linkNam e= initialize d
i n vo k e (4)n a m e p a r tn e r L in k p o r t T y p e o p e r a t i o n i n p u t V a r i a b l e ou tp u t V a r i a b le ta rg e t s ou r c e
1 IDChec k intelligenceBurea u lns:readP T rea d request key s ta rg e t linkNam e... s ou r c e (3)li n k N a m e
1 keys-ID -to-bank2 keys-ID -to-crim e3 keys-ID -to-border
2 Ban kChe ck cityBank lns:readP T rea d key s ta rg e t linkNam e... s ou r c e (1)3 CrimeChec k intelligenceBurea u lns:readP T rea d key s ta rg e t linkNam e... s ou r c e (1)4 BorderChec k intelligenceBurea u lns:readP T rea d key s ta rg e t linkNam e... s ou r c e (1)
r e p l yn a m e Endp a r t n e r L i n k intelligenceBurea up o r t T y p e completeP To p e r a t i o n complet ev a r i a b l e resul tt a r g e t linkNam e=bank -endta r g e t linkNam e=crim e-endta r g e t linkNam e=border-end
f l o w nam e=semanti c- flowf l o w nam e=data- flowf lo w nam e=securi ty- flowf lo w nam e=exceptio n-flow
Process Views and
flowTSMC 2005
submission-22
WSDL Generation<definitions> <types> <!-- XML Schema --> </types> <message name=“ViewNFlowFRequest” /> <message name=“ViewNFlowFResponse” />… <portType name=“ViewNActivityMInterface”> <operation name=“ViewNFlowF”> <input message=“ViewNFlowFRequest” /> <output message=“ViewNFlowFResponse” /> </operation> … </portType> …<binding name=“ViewNActivityMBinding” type=“ViewNActivityMInterface”> <soap:binding transport=“http://schemas.xmlsoap.org/soap/http” />…</binding>…<service name=“WfviewN”> <port name=“WfviewNActivityMPort” binding=“WfviewNActivityMBinding”> <soap:address location=“http://dept.gov.hk/ServicesS/ViewN” /> </port> … </service></definitions>
Process View -> WSDL service
Activity -> WSDL port
Flows -> WSDL operation
Messages -> WSDL bindings
Process Views and
flowTSMC 2005
submission-23
Basic WSDL for the process view of the ID service to the Customs
Name: ID Check ServiceLocation/Provider: Immigration Department<!-- Control Flow --!>+Port 1 - Input: Batch ID Approval Request
* User Name * User Organization
* Suspect Names* Request Reason
- Output: Approval Message/Rejection Message* Request Status
(Approved/Rejected)* Security Token (if approved)
<!-- Data Flow --!> + Port 2 - Input: Single ID Request
* Suspect Name * Suspect Description
- Output: Basic ID Information/Error Message* Suspect ID
* Suspect Birthday * Suspect Phone
Number* Suspect Address …
+ Port3 - Input: Single Extended ID Request … - Output: Extended ID Information/Error Message…
+ Port 4 - Input: Batch ID Request …+ Output: Batch Suspect Analysis Report (with ID information) …
<!—Security Flow --!> + Port 5 - Input: Any Government Department Security
Token- Output: Accept Message/Rejection Message
+ Port 6 - Output: Batch ID Token + Port 7 - Input: Batch ID Token
- Output: Accept Message / Rejection Message…<!—Exception Flow --!> + Port 8 - Output: ID Not Found Exception+ Port 9 - Output: Analysis Error Exception+ Port 10 - Output: Token Invalid Exception/Security
Alert Exception…
Process Views and
flowTSMC 2005
submission-24
Integration for the Suspect Investigation Service
Process Views and
flowTSMC 2005
submission-25
Data Schema in OWL<owl:Ontology rdf:about="#Identity"> <owl:versionInfo>v 1.00 2003/12/16 22:37:39</owl:versionInfo> <rdfs:comment>An example OWL ontology for Identity</rdfs:comment> ... <owl:Class rdf:ID="DataSchema"> <owl:unionOf rdf:parseType="Collection"> <owl:Class rdf:about="#id-no"/> <owl:Class rdf:about="#name"/> <owl:Class rdf:about="#sex"/> <owl:Class rdf:about="#date-of-birth"/> <owl:Class rdf:about="#area-code"/> <owl:Class rdf:about="#phone-no"/> <owl:Class rdf:about="#address"/> <owl:Class rdf:about="#postal-code"/> <owl:Class rdf:about="#tax-file-no"/> </owl:unionOf></owl:Class> ...</owl:Ontology>
Process Views and
flowTSMC 2005
submission-26
Simplified BPEL Code for Semantic Flow
<flow name="semantic-flow"> <ontology activityName="IDCheck"> <ontologyRef="http://www.example.org/identity.owl" /> </ontology> <ontology activityName="BankCheck"> <ontologyRef="http://www.example.org/banking.owl" /> </ontology> <ontology activityName="CrimeCheck"> <ontologyRef="http://www.example.org/legal.owl" /> </ontology> <ontology activityName="BorderCheck"> <ontologyRef="http://www.example.org/custom.owl" /> </ontology> …</flow>
Process Views and
flowTSMC 2005
submission-27
BPEL Assertions for Data Flows <flow name="data-flows"> <integrate name="data-flow-1"> <dataset name="IDrecord"> <attributes name="id-no"
key="primary"/> <attributes name="sex"/> <attributes name="age"/>
... </dataset> <dataset name="CrimeRecord" <attributes name="id-no"
key="primary"/> <attributes name="crime-description"/> <attributes name="sentence"/>
... </dataset> <dataset name="BorderRecord" <attributes name="id-no"
key="primary"/> <attributes name="entry-or-exit"/> <attributes name="place"/> <attributes name="date"/>
... </dataset> </integrate>
<integrate name="data-flow-2"> <dataset name="CrimeRecord" <attributes name="id-no" key="primary"/> <attributes name="crime-description"/> <attributes name="sentence"/> ... </dataset> <dataset name="BorderRecord" <attributes name="id-no" key="primary"/> <attributes name="entry-or-exit"/> <attributes name="place"/> <attributes name="date"/> ... </dataset> <dataLinkage name="IDrecord"> <attributes name="id-no" key="foreign"/> <attributes name="tax-file-no"
key=foriegn"/> <dataLinkage/> <dataset name="BankRecord" <attributes name="tax-file-no"
key="primary"/> <attributes name="bank-no"/> <attributes name="account-no"/> <attributes name="transaction"/> ... </dataset> </integrate></flow>
Process Views and
flowTSMC 2005
submission-28
Security Token Example<S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope" xmlns:wsse=http://schemas.xmlsoap.org/ws/2002/04/secext
xmlns:wii="http://schemas.workflow.org/wii/2003/12/authentication">
<S:Header> ... <wsse:Security> <wsse:UsernameToken> <wsse:Username>93856543</wsse:Username> <wsse:Password>3875</wsse:Password> <wii:SubjectName>Sherlock Holmes</wii:SubjectName> <wii:SubjectDepartment>Police</wii:SubjectLocation> </wsse:UsernameToken> </wsse:Security> ... </S:Header> ...</S:Envelope>
Process Views and
flowTSMC 2005
submission-29
Simplified BPEL Code for Security Flows
<flow name="security-flow">
<sessionStart>generateSecurityToken</sessionStart>
<clearance activityName="IDCheck">
<securityToken required="True"> <tokenType>SAML</tokenType> <securityToken/> </clearance> <clearance
activityName="BankCheck"> <securityToken required="True"> <tokenType>SAML</tokenType> <securityToken/> </clearance>
<clearance activityName="CrimeCheck">
<securityToken required="True"> <tokenType>SAML</tokenType> <securityToken/> </clearance> <clearance
activityName="BorderCheck" <securityToken required="True"> <tokenType>SAML</tokenType> <securityToken/> </clearance>
<sessionEnd>revokeSecurityToken</sessionEnd>
</flow>
Process Views and
flowTSMC 2005
submission-30
Exception Flows and SOAP Fault
Workflow Layer
exception-flows
control-flowsdata-flows
security-flows
event
erro
r
interaction
acti
on
SOAP Message
SOAP Fault
BPEL4WScondition
orchestration
Process Views and
flowTSMC 2005
submission-31
BPEL Assertions for Exception Flow
<flow name="exception-flow"> <exceptionHandling name="rule-1"> <event>anyActivitySpecificException</event> <condition>affectDataIntegration</condition> <action>remedyOrforwardRecoveryProcedure</action> </exceptionHandling> <exceptionHandling name="rule-2"> <event>anyCrossActivityException</event> <condition>affectDataLinkage</condition> <action>backwardRecoveryProcedure</action> </exceptionHandling> <exceptionHandlingDefault> <action>abortControlFlow</action> </exceptionHandlingDefault></flow>
Process Views and
flowTSMC 2005
submission-32
Conclusions New perspective of process views through a subset
of various flows of original workflow Process views are now enriched with the support of
data flow, semantics flow, exception flow, and security flow
Systematic design of process views for better B2B interaction
Especially useful for large-scale information systems
Process Views and
flowTSMC 2005
submission-33
Future Work
Focus on the scalability and reusability of BPEL4WS Wait for a WFMS to support BPEL4WS effectively
and efficiently Study focus on semantic help on exception
handling Privacy-flow Conflicts between flows Alerts and flow urgency Requirements engineering