Modelling non-functional requirements of business processes

This paper presents an approach to the identification and inclusion of ‘non-functional’ aspects of a business process in modelling for business improvement. The notion of non-functional requirements (NFRs) is borrowed from software engineering, and a method developed in that field for linking NFRs to conceptual models is adapted and applied to business process modelling. Translated into this domain, NFRs are equated with the general or overall quality attributes of a business process, which, though essential aspects of any effective process, are not well captured in a functionally oriented process model. Using an example of a healthcare process (cancer registration in Jordan). We show how an analysis and evaluation of NFRs can be applied to a process model developed with role activity diagramming (RAD) to operationalise desirable quality features more explicitly in the model. This gives a useful extension to RAD and similar modelling methods, as well as providing a basis for business improvement.     

A complete approach for CIM modelling and model formalising

ContextComputation Independent Model (CIM) as a business model describes the requirements and environment of a business system and instructs the designing and development; it is a key to influencing software success. Although many studies currently focus on model driven development (MDD); those researches, to a large extent, study the PIM-level and PSM-level model, and few have dealt with CIM-level modelling for case in which the requirements are unclear or incomplete.ObjectiveThis paper proposes a CIM-level modelling approach, which applies a stepwise refinement approach to modelling the CIM-level model starting from a high-level goal model to a lower-level business process model. A key advantage of our approach is the combination of the requirement model with the business model, which helps software engineers to define business models exactly for cases in which the requirements are unclear or incomplete.MethodThis paper, based on the model driven approach, proposes a set of models at the CIM-level and model transformations to connect these models. Accordingly, the formalisation approach of this paper involves formalising the goal model using the category theory and the scenario model and business process model using Petri nets.ResultsWe have defined a set of metamodels and transformation rules making it possible to obtain automatically a scenario model from the goal model and a business process model from the scenario model. At the same time, we have defined a mapping rule to formalise these models. Our proposed CIM modelling approach and formalisation approach are implemented with an MDA tool, and it has been empirically validated by a travel agency case study.ConclusionThis study shows how a CIM modelling approach helps to build a complete and consistent model at the CIM level for cases in which the requirements are unclear or incomplete in advance.     

CIMOSA modelling processes

Engineering, integrating and managing complex enterprises requires the understanding, and the ability to partition and simplify their operational complexity. Enterprise modelling supports these requirements by providing means for describing process oriented systems and decomposing those into manageable pieces. However, enterprise modelling requires both a common modelling language and a sufficient modelling methodology. The language provides for common understanding on enterprise models across the industrial community. Modelling methodologies will guide users through the rather complex enterprise modelling tasks. Depending on the skills and the tasks of the modelling person, different methodologies will be implemented in the supporting modelling tool. The paper presents both a methodology for the modelling expert and one for the business user. Whereas the modelling expert will be involved in creating new models, structuring the model contents and developing new modelling components, the business user will use process models for decision support. The latter therefore has a need to modify and adapt enterprise models to represent operational alternatives. A methodology for this type of work has to be based on menus. Menus which are created and maintained by the modelling expert. The business user will mostly work with existing process models. He will evaluate process alternatives and will implement the best solution as the new model of his tasks. This mode of operation will thereby provide for automatic update of the models and will keep the models in sync with the changing reality.     

Formal process modelling

As the use of formal methods for computer systems development is now widely taught and commonly practised, their use for business process modelling is now considered. In the same way that formal system models are used to rationalize the implementations of complex computer systems, formal process models may be used to rationalize system requirements of complex business processes. The paper examines this thesis by way of a case study in the use of formal modelling to analyse systems requirements for an order fulfilment process.     

Analyzing and Managing Role-Based Access Control Policies

Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation constraints can help the policy architect design and express higher-level organisational rules. Although the importance of authorisation constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorisation constraints. In this paper, we specify both non-temporal and history-based authorisation constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints.     

Petri net-based process monitoring: a workflow management system for process modelling and monitoring

Nowadays business process management is becoming a fundamental piece of many industrial processes. To manage the evolution and interactions between the business actions it is important to accurately model the steps to follow and the resources needed by a process. Workflows provide a way of describing the order of execution and the dependencies between the constituting activities of business processes. Workflow monitoring can help to improve and avoid delays in industrial environments where concurrent processes are carried out. In this article a new Petri net extension for modelling workflow activities together with their required resources is presented: resource-aware Petri nets (RAPN). An intelligent workflow management system for process monitoring and delay prediction is also introduced. Resource aware-Petri nets include time and resources within the classical Petri net workflow representation, facilitating the task of modelling and monitoring workflows. The workflow management system monitors the execution of workflows and detects possible delays using RAPN. In order to test this new approach, different services from a medical maintenance environment have been modelled and simulated.     

Protos2CPN: using colored Petri nets for configuring and testing business processes

Protos is a popular tool for business process modelling used in more than 1,500 organizations. It has a built-in Petri-net-based simulation engine which shows key performance indicators for the modelled processes. Reference process models offered for Protos reduce modelling efforts by providing generic solutions which only need to be adapted to individual requirements. However, the user can neither inspect or interact with simulations running in Protos, nor does Protos provide any explicit support for the adaptation of reference models. Hence, we aim at a more open and configurable simulation solution. To realize this we provide two transformations from Protos models to colored Petri nets (CPNs), which can be executed by CPN Tools. The first transformation enables the usage of the extensive simulation and measuring features of CPN Tools for the simulation of Protos models. The second transformation creates colored Petri nets with dedicated features for process configuration. Such configurable process models can be restricted directly within the process model without changing the model’s structure and provide therefore dedicated adaptation features for Protos’ reference process models.     

Securing business processes using security risk-oriented patterns

Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.     

协同业务过程与需求的建模及一致性验证

自底向上建模方法中的业务过程由不同组织开发,无法在设计阶段就预见其潜在的所有交互可能.因此,在实际协作中,建立协同业务过程可能与参与组织期望的系统功能和特性不一致.为此,提出一种协同业务过程与需求的建模及一致性验证方法.首先,引入并发操作符,提供一种通过组合参与组织的业务过程构建协同业务过程方法;然后,扩展目标模型,提出需求依赖图来建模参与组织的需求;最后,基于模型检测技术提出协同业务过程与需求一致性检测方法.重点解决了将协同业务过程转换为表达能力相同FSP进程规约和参与组织需求转换为LTL公式这两个问题.通过对典型的协同业务过程集阐述提出方法的有效性,并对方法分析效率进行评价,结果表明：相对已有工作,提出方法能够更加有效地用于协同业务过程与需求的一致性分析.     

Modelling Off-the-Shelf Information Systems Requirements: An Ontological Approach

Requirements for choosing off-the-shelf information systems (OISR) differ from requirements for development of new information systems in that they do not necessarily provide complete specifications, thus allowing flexibility in matching an existing IS to the stated needs. We present a framework for OISR conceptual models that consists of four essential elements: business processes, business rules, information objects and required system services. We formalise the definitions of these concepts based on an ontological model. The ontology-based OISR model provides a framework to evaluate modelling languages on how appropriate they are for OISR requirements specifications. The evaluation framework is applied to the Object-Process Methodology, and its results are compared with a similar evaluation of ARIS. This comparison demonstrates the effectiveness of the ontological framework for evaluating modelling tools on how well they can guide selection, implementation and integration of purchased software packages.     

Model-based services convergence and multi-clouds integration

With the development of cloud computing, IT users (individuals, enterprises and even public services providers) are transferring their jobs or businesses to public online services provided by professional information service companies. These information service companies provide applications as public resources to support the business operation of their customers. However, no cloud computing service vendor (CCSV) can satisfy the full functional information system requirements of its customers. As a result, its customers often have to simultaneously use services distributed in different clouds and do some connectivity jobs manually. Services convergence and multi-clouds integration will lead to new business models and trigger new integration technologies that provide solutions to satisfy IT users’ complicated requirements. This paper firstly reviews the development of cloud computing from business and technical viewpoints and then discusses requirements and challenges of services convergence and multi-clouds integrations. Thirdly, a model based architecture of multi-clouds integration is provided. Business logic modelling for cross-organizational collaboration, service modelling and operation modelling methods with relative model mapping technology are discussed in detail. Some key enabling technologies are also developed. At last, case studies are presented to illustrate the implementation of the technologies developed in the paper.     

GoBIS: An integrated framework to analyse the goal and business process perspectives in information systems

ContextOrganisational reengineering, continuous process improvement, alignment among complementary analysis perspectives, and information traceability are some current motivations to promote investment and scientific effort for integrating goal and business process perspectives. Providing support to integrate information systems analysis becomes a challenge in this complex setting.ObjectiveThe GoBIS framework integrates two goal and business process modelling approaches: i^⁎ (a goal-oriented modelling method) and Communication Analysis (a communication-oriented business process modelling method).MethodIn this paper, we describe the methodological integration of both methods with the aim of fulfilling several criteria: i) to rely on appropriate theories; ii) to provide abstract and concrete syntaxes; iii) to provide scenarios of application; iv) to develop tool support; v) to provide demonstrable benefits to potential adopters.ResultsWe provide guidelines for using the two modelling methods in a top-down analysis scenario. The guidelines are validated by means of a comparative experiment and a focus-group session with students.ConclusionsFrom a practitioner viewpoint (modeller and/or analyst), the guidelines facilitate the traceability between goal and business process models, the experimental results highlight the benefits of GoBIS in performance and usability perceptions, and demonstrate an improvement on the completeness of the latter having an impact on efficiency. From a researcher perspective, the validation has produced useful feedback for future research.     

Modelling mobile app requirements for semantic traceability

The paper presents a modelling method aimed to support the definition and elicitation of requirements for mobile apps through an approach that enables semantic traceability for the requirements representation. Business process-centricity is employed in order to capture requirements in a knowledge structure that retains procedural knowledge from stakeholders and can be traversed by semantic queries in order to trace domain-specific contextual information for the modelled requirements. Consequently, instead of having requirements represented as natural language items that are documented by diagrammatic models, the communication channels are switched: semantically interlinked conceptual models become the requirements representation, while free text can be used for requirements annotations/metadata. Thus, the method establishes a knowledge externalization channel between business stakeholders and app developers, also tackling the Twin Peaks bridging challenge (between requirements and early designs). The method is presented using its modelling procedure as a guiding thread, with each step illustrated by case-based samples of the modelling language and auxiliary functionality. The design work is encompassed by an existing metamodelling framework and introduces a taxonomy for modelling relations, since the metamodel is the key enabler for the goal of semantic traceability. The research was driven by the ComVantage EU research project, concerned with mobile app support for collaborative business process execution. Therefore, the project provides context for the illustrating examples; however, generalization possibilities beyond the project scope will also be discussed, with respect to both motivation and outcome.     

基于属性证书的RBAC实现模型研究

基于角色的访问控制提供了灵活安全管理授权机制,公钥基础设施(PKI)提供了一个强有力的认证系统,授权管理基础设施(PMI)作为一项新的技术提供了有效授权和访问控制管理。为了满足现在的安全需求,结合X．509公钥证书(PKCs)和属性证书(ACs),本文提出了一个基于角色的访问控制模型。     

Healthcare Modelling through Role Activity Diagrams for Process-Based Information Systems Development

The aim of this paper is to introduce the socio-technical Role Activity Diagram modelling language to National Health Service (NHS) information systems requirements engineering using a process approach. Most requirements engineering in the NHS is done using data-driven methods such as data flow diagrams. Role Activity Diagrams provide not only a socio-technical method for analysing a particular systems development problem, but they also offer a process-based approach for capturing workflows and their associated information flows, and facilitate communication between analysts and users in an intuitive fashion. In particular, they elicit the important roles in a process and the interaction and collaboration required to achieve the goals of the process. The process approach has been applied in business information systems development. It is introduced here as a potential for systems development in the NHS.     

Presentation and exchange of business models with CIMOSA-XML

In the modern competitive business world there is a frequent need for enterprises to modify their structure of business processes to become more effective in the market place. The solution to this management demand is an improved business integration which is only successful when it is supported by effective IT systems. The Esprit project PRIMA aims to create a competitive advantage for European companies in the process sector by providing a route to ‘smarter' IT investments that are effective across the whole enterprise. A process repository which will store business process models in suitable formats would provide users with appropriate views of the models, focusing only on their information needs. However, the existence of many incompatible modelling methodologies and tools makes it impossible to unify the modelling approach. Therefore it would be desirable to have a high level common modelling language. The PRIMA project has identified CIMOSA as the basis for common semantics of the business model language and the XML format, as a suitable format for the transfer of the model structure and content. The PRIMA working group, in an effort to elaborate these concepts, has developed the Document Type Definition concept (DTD) of the CIMOSA-XML meta-model, which can be used to build the partial enterprise models related to the Business Functional Requirements (BFR) of the PRIMA Process Methodology.     

Augmenting process elicitation with visual priming: An empirical exploration of user behaviour and modelling outcomes

Business process models have become an effective way of examining business practices to identify areas for improvement. While common information gathering approaches are generally efficacious, they can be quite time consuming and have the risk of developing inaccuracies when information is forgotten or incorrectly interpreted by analysts. In this study, the potential of a role-playing approach to process elicitation and specification has been examined. This method allows stakeholders to enter a virtual world and role-play actions similarly to how they would in reality. As actions are completed, a model is automatically developed, removing the need for stakeholders to learn and understand a modelling grammar. An empirical investigation comparing both the modelling outputs and participant behaviour of this virtual world role-play elicitor with an S-BPM process modelling tool found that while the modelling approaches of the two groups varied greatly, the virtual world elicitor may not only improve both the number of individual process task steps remembered and the correctness of task ordering, but also provide a reduction in the time required for stakeholders to model a process view.     

A methodology for business process improvement and IS development

This paper aims at discussing business process modelling and improvement as an essential work to create a successful and competitive enterprise. To achieve this goal, we use a methodology called TAD, which consists of six phases. The first three deal with business process identification, modelling and improvement. The methodology presents a new unique way for business process identification, modelling, and improvement. The last three phases continue with the implementation of the improved business process(es) by developing its information system. The business process “Surgery” is used as an example to show the implementation of the methodology.     

Complexity metrics for DMN decision models

Complexity impairs the maintainability and understandability of conceptual models. Complexity metrics have been used in software engineering and business process management (BPM) to capture the degree of complexity of conceptual models. The recent introduction of the Decision Model and Notation (DMN) standard provides opportunities to shift towards the Separation of Concerns paradigm when it comes to modelling processes and decisions. However, unlike for processes, no studies exist that address the representational complexity of DMN decision models. In this paper, we provide an initial set of complexity metrics for DMN models. We gather insights from the process modelling and software engineering fields to propose complexity metrics for DMN decision models. Additionally, we provide an empirical complexity assessment of DMN decision models. For the decision requirements level of the DMN standard 19 metrics were proposed, while 7 metrics were put forward for the decision logic level. For decision requirements, the model size-based metrics, the Durfee Square Metric (DSM) and the Perfect Square Metric (PSM) prove to be the most suitable. For the decision logic level of DMN the Hit Policy Usage (HPU) and the Total Number of Input Variables (TNIV) were evaluated as suitable for measuring DMN decision table complexity.     

基于SOA的银行集团“新一代”系统架构

大型商业银行集团在信息化的进程中面临内部系统众多、实现平台不统一、资源利用率低、成本高、需求响应周期长等弊端.随着我国银行业的快速发展,大型商业银行集团系统架构革新势在必行.本文重点介绍在“新一代”系统建设中采取的基于SOA的架构以及组件化设计的方法.通过7+1层、12P的整体架构设计,保证了应用组件、构件间的松耦合,实现子公司与海外一体化的企业级应用,从而整合银行集团资源、快速响应业务需求,达到提升业务可靠性、可用性的目的.与此同时,引入企业级业务模型对业务进行标准化,用结构化的模型语言描述业务能力,使用流程模型、数据模型、产品模型及用户体验模型为企业级分析及设计工作提供方法和依据.