learn the rules so you know how to break them...

WOA 2011

Learn the rules so you know how to break themproperly

M. Baldoni, C. Baroglio, E. Marengo, V. Patti, and F. Capuzzimati

Dipartimento di Informatica — Università degli Studi di Torino

Università della Calabria, July 5, 2011

M. Baldoni and V. Patti (UNITO) WOA 2011 Rende, July 4-6, 2011 1 / 20

Overview

1 Grafting regulations into business protocols

2 Which specification?

3 Commitments-based protocols including temporal regulations

4 Analysis of risks of violation

5 The MiFID case study

6 Conclusions and Future Work

Business interactions and regulations

Business interactions involve autonomous partners withheterogeneous software designs and implementations.

The interaction of autonomous and heterogeneous business partnersis often specified by business protocols

Particularly challenging is the case when such protocols must embedregulations, that change along time.

This is, for instance, the case of banking and of trading services, andof personal data flow management.

The single organization needs to actively determine its processes on apermanent basis, to understand how regulations impact on theinternal organization, to reason about possible risks of violation, andto ensure compliance to directives and laws.

Requirements

Business protocols must enable a flexible enactment.

I Flexibility is important to allow the business partners to profit ofopportunities or to make the most efficient use of their time that ispossible.

Business protocols are usually cross-business.

I Capturing contractual relationships among the partners matters[Telang and Singh, 2010].

Business protocols are modular .

I Business protocols must be modular in a way that simplifies keepingthem compliant to regulations, which often change along time.

Requirements

Current approaches: limits

Existing approaches to protocol specification (e.g. BPEL, WS-CDL)rely on the specification of control and business flows.

This procedural view makes protocols not suitable to easily take innew regulationsI impose unnecessary orderingsI does not allow the interleaving of new activities

Grafting of new regulations into aprotocol

When a new regulation must beembedded, these standards by andlarge require to rewrite the protocolsfrom scratch.

Business protocols should be based on commitmentsThe specification of how the business interaction should be carried out,based on commitments [Singh, 1999, Telang and Singh, 2010]

C (debtor , creditor , antecedent, consequence)

debtor is socially bound to creditor to bring about theconsequent condition if the antecedent condition holds

The business partners share a social state that contains commitmentsand other literals that are relevant to their interaction

Every partner can affect the social state by executing actions, whosedefinition is given in terms of operations onto the social state

The partners’ behavior is affected by commitments, which have aregulative nature, in that debtors should act in accordance with thecommitments they have taken

Business protocols should be based on commitmentsThe specification of how the business interaction should be carried out,based on commitments [Singh, 1999, Telang and Singh, 2010]

C (debtor , creditor , antecedent, consequence)

debtor is socially bound to creditor to bring about theconsequent condition if the antecedent condition holds

The business partners share a social state that contains commitmentsand other literals that are relevant to their interaction

Every partner can affect the social state by executing actions, whosedefinition is given in terms of operations onto the social state

The partners’ behavior is affected by commitments, which have aregulative nature, in that debtors should act in accordance with thecommitments they have taken

Business protocols should be based on commitments

A shared meaning of the shared actions

Declarative specification of the protocol rather than proceduralspecification

Observational semantics rather than mentalistic semantics

The specifications does not contain over-constrain

The specifications have a normative natureAgents are liable for the violation of the commitments they have takenbut they can always decide to break a commitment if an opportunity ,it can take advantage of, arises (of course, at its own risk!)

2CL: Constraints amongs Commitment

In order to meet the requirement of modularity and to allow the graftingof regulations onto business protocols, we adopt the enhanced formalframework in [Baldoni et al., 2011]

Constitutive and regulative rules

Declarative commitment-based specifications of protocols separate aconstitutive and a enhanced regulative part ( Searle’s view[Searle, 1995]) and explicitly include temporal regulations

Constitutive specification defines the activities

Regulative specification constrains the previously constituted activitiesby means of temporal constraints among commitments, whichregulate the evolution of the social state independently from theexecuted actions

Respecting and violating a protocol

Legal paths

The interaction of a set of parties will be compliant to a business protocolwhen all the commitments they have towards the others, and that areobjectively inferrable from their observable behavior, are satisfied (as usualin the social approach), and the overall execution respects all theconstraints

A Commitment Machine for our Business Protocols

We implemented an extension of the commitment machine in[Winikoff et al., 2004] by introducing an automated verification of 2CLconstraints.Our commitment machine allows exploring all the possible executions of abusiness protocol, and highlights the violations: those states in whichsome constraint is violated and those states that contain unsatisfiedcommitments.

Legal paths

Implementation

The implementation builds upon the source code published byWinikoff et al. and extends the labelling of the states. It is done inProlog.

It exploits the tuProlog interpreter and interprets a 2CL businessprotocol by means of a parser written in Java.

The output of the commitment machine is an annotated and coloredgraph of all the possible interactions (it is a reachability graph). Thegraph includes all the interactions that are possible, considering onlythe constitutive specification of the actions. The annotation,highlighted by graphical conventions, accounts for all the regulativeaspects, concerning both commitments and constraints. So the graphwill include both legal states and violation states.

The code is available at the URLhttp://www.di.unito.it/~alice/2CL

http://www.di.unito.it/~alice/2CL

Supporting the analysis of risks of violation

A tool for the analysis

The obtained graph is a tool that can support the business analysts

Analysis of possible violations amounts to the identification of therisks the interaction could encounter

The evaluation of such risks will allow the definition of operationalstrategies, that will affect the business interaction, by, alternatively,preventing the occurrence of violations (regimentation) orimplementing alerting mechanisms (enforcement)[Jones and Sergot, 1994]

A Real-world Case Study: the MiFID

The Markets in Financial Instruments Directive (MiFID), directive number2004/39/EC [9Te, ], issued by the European Commission within theFinancial Services Action Plan, represents a fundamental step in thecreation of an integrated and harmonized financial market within EU.

One of the main concerns of the directive is the protection of theclients of financial service agencies, thereby it introduces newregulations that financial services must follow

We model the regulation that applies to the offer of investmentservices off-site. This is the case when a bank promotes and sellsfinancial products with the help of external collaborators (called “tiedagents” or intermediaries)

Chosen as one of the benchmarks of ICT4Law projecthttp://www.ict4law.org/

http://www.ict4law.org/

A Simple Pre-MiFID Sale Protocol

Constitutive specification(a) propose solution means proposed RiskL if . . . .(b) reject proposal means rejected proposal,

release(C(fp, inv, invested)) if . . .(c) sign order means create(C(inv, bank, contract ended)),

accepted proposal, order signed if . . .(d) countersign contract means contract countersigned,

create(C(bank, inv, executed order)), invested if . . .(e) send contract means contract sent if . . .(f) notify means notified if . . .(g) end means executed order, contract ended if . . .

Regulative specification

(c1) notified −.• contract ended(c2) contract sent •−. notified

The MiFID specification

Constitutive specification(h) interview means investor identified, document supplied if . . .(i) profile means create(C(fp, inv, evaluation)), investor classified

if ¬investor classified ∧ investor identified ∧ ¬contract ended ∧¬contract abort ∧ ¬rejected proposal ∧ ¬fi discarded.

(j) classify means classified if . . .(k) fi evaluation means create(C(fp, inv, proposed RiskL)), evaluation if . . .(l) fi discard means fi discarded, cancel(C(fp, inv, invested)),

cancel(C(fp, inv, proposed RiskL)) if . . .(m) order verification means order verified,

create(C(bank, inv, executed order)) if . . .(n) withdraw means contract abort, release(C(bank, inv, ex order)),

cancel(C(inv, bank, contract ended)) if . . .

Regulative specification

(c3) C(fp, inv , invested) •−. investor identified∧document supplied

(c4) investor classified −.• C(fp, inv , propose riskL)(c5) evaluation ∧ ¬fi discarded −.• proposed RiskL(c6) order verified −.• contract countersigned

Grafting of MiFID

Excerpt of the execution pathsSale and MiFID dependency

graph

Analysis of risks of violations

Business processes are increasingly constrained by the regulative andlegislative framework in which they operate. It is essential to supportbusiness analysts in the evaluation of the risks connected to possibleviolationsI New regulations introduce new commitments new constraints on

business interactions. What is the impact on the business process inuse?

I Are we exposed to risks of violation, when we behave according to thecurrent BP specification?

I How to graft a new regulation into a business process?I Which changes? Modifying a business process can be costly.

Our graphical tool provides some solution:I allows to explore all possible interactions enabled by the new regulation

based on a simple declarative specification of the (new) commitmentgenerating activities and of the (new) temporal constraints.

I allows to perform a cost benefit analysis and to support thedecision-making process about which changes to implement

Enforcement and regimentation

Norms/regulations are softconstraints: providestandards that can beviolated, even though anyviolation should result insanctions or other normativeeffects.

The designer, by analysingthe graph, can identify thepoints where it could behelpful to intervene to reducethe possible violations, forinstance, by applyingenforcement policies or byregimenting some steps.

MiFID with a regimented action

Conclusions and Future Work

The protocols that we tackle are typical of contexts, like MAS, wherenorms are seen as soft constraints, i.e. as standards that can beviolated [Jones and Sergot, 1994, Governatori, 2010] – as the DalaiLama sentence in the title suggests.Learn the rules so you know how to break them properly .

At http://www.di.unito.it/~alice/2CL: complete examples andall figures related to the examples in the paper.

We are currently working at the formalization of a “grafting” operatorand of an “extends” operator which, similarly to “extension” in objectorientation, allows a more sophisticate composition of protocols.

New case study: OECD Guidelines on the Protection of Privacy andTransborder Flows of Personal Data[Organisation for Economic Co-operation and Development, 1980],which regulates the management of personal data, by imposing newactivities aimed at protecting the data owners.

http://www.di.unito.it/~alice/2CL

Relation Type Positive LTL meaning Negative LTL meaning

Correlationbase A •− B ♦A ⊃ ♦B A 6•− B ♦A ⊃ ¬♦B

persistence A •−−− B �(A ⊃ (A ∧ B)) A 6•−−− B �(A ⊃ ¬(A ∧ B))

Co-existencebase A •−• B A •− B ∧ B •− A A 6•−• B A 6•− B ∧ B 6•− A

persistence A •−−−• B A •−−− B ∧ B •−−− A A 6•−−−• B A 6•−−− B ∧ B 6•−−− A

Responsebase A •−. B �(A ⊃ ♦B) A 6•−. B �(A ⊃ ¬♦B)

persistence A •−−−. B �(A ⊃ (♦B ∧ (A ∪ B))) A 6•−−−. B �(A ⊃ ¬(A ∧ B))

Beforebase A −.• B ¬B ∪ A A 6−.• B �(♦B ⊃ ¬A)

persistence A −−−.• B ¬B ∪ (A ∪ B) A 6−−−.• B �(♦B ⊃ ¬A)

Causebase A •−.• B A •−. B ∧ A −.• B A 6•−.• B A 6•−. B ∧ A 6−.• B

persistence A •−−−.• B A −−−.• B ∧ A •−−−. B A 6•−−−.• B A 6−−−.• B ∧ A 6•−−−. B

Table: 2CL constraint relations and their semantics in LTL.

Directive 2004/39/EC of the European Parliament and of the Councilof 21 April 2004 on markets in financial instruments.Official Journal of the European Union, L145:1–44.

Baldoni, M., Baroglio, C., Marengo, E., and Patti, V. . (2011).Constitutive and Regulative Specifications of Commitment Protocols:a Decoupled Approach.ACM Trans. on Int. Sys. and Tech., Spec. Iss. on AgentCommunication.To appear.

Governatori, G. (2010).Law, Logic and Business Processes.In Proc. of Requirements Engineering and Law, RELAW 2010, pages1–10. IEEE.

Jones, A. J. I. and Sergot, M. (1994).On the characterization of law and computer systems: the normativesystems perspective, pages 275–307.John Wiley & Sons, Inc.

Organisation for Economic Co-operation and Development (1980).OECD Guidelines on the Protection of Privacy and Transborder Flowsof Personal Data.Available on-line.http://www.oecd.org/.

Searle, J. (1995).The Construction of Social Reality.Free Press, New York.

Singh, M. P. (1999).An ontology for commitments in multiagent systems.Artif. Intell. Law, 7(1):97–113.

Telang, P. R. and Singh, M. P. (2010).Abstracting Business Modeling Patterns from RosettaNet.In Service-Oriented Computing: Agents, Semantics, and Engineering.

Winikoff, M., Liu, W., and Harland, J. (2004).Enhancing commitment machines.In Proc. of DALT, volume 3476 of LNCS, pages 198–220.

Grafting regulations into business protocolsWhich specification?Commitments-based protocols including temporal regulationsAnalysis of risks of violationThe MiFID case studyConclusions and Future Work

learn the rules so you know how to break them...

Documents