Modeling languages for business processes and business rules: A representational analysis

Process modeling and rule modeling languages are both used to document organizational policies and procedures. To date, their synergies and overlap are under-researched. Understanding the relationship between the two modeling types would allow organizations to maximize synergies, avoid content duplication, and thus reduce their overall modeling effort. In this paper, we use the Bunge–Wand–Weber (BWW) representation theory to compare the representation capabilities of process and rule modeling languages. We perform a representational analysis of four rule modeling specifications: The Simple Rule Markup Language (SRML), the Semantic Web Rules Language (SWRL), the Production Rule Representation (PRR), and the Semantics of Business Vocabulary and Business Rules (SBVR) specification. We compare their BWW representation capabilities with those of four popular conceptual process modeling languages. In our analysis, we focus on the aspects of maximum ontological completeness and minimum ontological overlap. The outcome of this study shows that no single language is internally complete with respect to the BWW representation model. We also show that a combination of two languages, in particular SRML and BPMN, appears to be better suited for combined process and rule modeling than any of these modeling languages used independently.     

Modeling and execution of event stream processing in business processes

The Internet of Things and Cyber-physical Systems provide enormous amounts of real-time data in the form of streams of events. Businesses can benefit from the integration of these real-world data; new services can be provided to customers, or existing business processes can be improved. Events are a well-known concept in business processes. However, there is no appropriate abstraction mechanism to encapsulate event stream processing in units that represent business functions in a coherent manner across the process modeling, process execution, and IT infrastructure layer. In this paper we present Event Stream Processing Units (SPUs) as such an abstraction mechanism. SPUs encapsulate application logic for event stream processing and enable a seamless transition between process models, executable process representations, and components at the IT layer. We derive requirements for SPUs and introduce EPC and BPMN extensions to model SPUs at the abstract and at the technical process layer. We introduce a transformation from SPUs in EPCs to SPUs in BPMN and implement our modeling notation extensions in Software AG ARIS. We present a runtime infrastructure that executes SPUs and supports implicit invocation and completion semantics. We illustrate our approach using a logistics process as running example.     

From business to software: a B2B survey

In recent years business-to-business (B2B) e-commerce has been subject to major rethinking. A paradigm shift can be observed from document centric file-based interchange of business information to process-centric and, finally to service-based information exchange. On a business level, a lot of work has been done to capture business models and collaborative business processes of an enterprise; further initiatives address the identification of customer services and the formalization of business service level agreements (SLA). On a lower, i.e., technical level, the focus is on moving towards service-oriented architectures (SOA). These developments promise more flexibility, a market entry at lower costs and an easier IT-alignment to changing market conditions. This explains the overwhelming quantity of specifications and approaches targeting the area of B2B—these approaches are partly competing and overlapping. In this paper we provide a survey of the most promising approaches at both levels and classify them using the Open-edi reference model standardized by ISO. Whereas on the technical level, service-oriented architecture is becoming the predominant approach, on the business level the landscape is more heterogeneous. In this context, we propose—in line with the services science approach—to integrate business modeling with process modeling in order to make the transformation from business services to Web services more transparent.     

Real-time risk monitoring in business processes: A sensor-based approach

This article proposes an approach for real-time monitoring of risks in executable business process models. The approach considers risks in all phases of the business process management lifecycle, from process design, where risks are defined on top of process models, through to process diagnosis, where risks are detected during process execution. The approach has been realized via a distributed, sensor-based architecture. At design-time, sensors are defined to specify risk conditions which when fulfilled, are a likely indicator of negative process states (faults) to eventuate. Both historical and current process execution data can be used to compose such conditions. At run-time, each sensor independently notifies a sensor manager when a risk is detected. In turn, the sensor manager interacts with the monitoring component of a business process management system to prompt the results to process administrators who may take remedial actions. The proposed architecture has been implemented on top of the YAWL system, and evaluated through performance measurements and usability tests with students. The results show that risk conditions can be computed efficiently and that the approach is perceived as useful by the participants in the tests.     

Modelling families of business process variants: A decomposition driven method

Business processes usually do not exist as singular entities that can be managed in isolation, but rather as families of business process variants. When modelling such families of variants, analysts are confronted with the choice between modelling each variant separately, or modelling multiple or all variants in a single model. Modelling each variant separately leads to a proliferation of models that share common parts, resulting in redundancies and inconsistencies. Meanwhile, modelling all variants together leads to less but more complex models, thus hindering on comprehensibility. This paper introduces a method for modelling families of process variants that addresses this trade-off. The key tenet of the method is to alternate between steps of decomposition (breaking down processes into sub-processes) and deciding which parts should be modelled together and which ones should be modelled separately. We have applied the method to two case studies: one concerning the consolidation of existing process models, and another dealing with green-field process discovery. In both cases, the method produced fewer models with respect to the baseline and reduced duplicity by up to 50% without significant impact on complexity.     

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.ObjectiveIn this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.MethodAn approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.ConclusionIn this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.     

A design-time data-centric maturity model for assessing resilience in multi-party business processes

Nowadays, every business organization operates in ecosystems and cooperation is mandatory. If, on the one hand, this increases the opportunities for the involved organizations, on the other hand, every business partner is a potential source of failures with impacts on the entire ecosystem. To avoid that these failures, which are local to one of the organizations, would block the whole cooperation, resilience is a feature that multi-party business processes currently support at run-time, to cope with unplanned situations caused by those failures.In this work, we consider awareness of resilience in multi-party business processes during design-time, by focusing on the role of available – as an alternative to unreliable – data as a resource for increasing resiliency, as data exchange usually drives the cooperation among the parties. In fact, a proper analysis of involved data allows the process designer to identify (possible) failures, their impact, and thus improve the process model at the outset. A maturity model for resilience awareness is proposed, based on a modeling notation extending OMG CMMN — Case Management Model and Notation, and it is organized in different resiliency levels, which allow designers (i) to model at an increasing degree of detail how data and milestones should be defined in order to have resilient by-design process models and (ii) to quantify the distance between a process model and the complete achievement of a resiliency level.     

Secure business process model specification through a UML 2.0 activity diagram profile

Business processes have become important resources, both for an enterprise's performance and to enable it to maintain its competitiveness. The languages used for business process representation have, in recent years, been improved and new notations have appeared. However, despite the wide acceptance of the importance of business process security, to date the business analyst perspective in relation to security has hardly been dealt with. Moreover, security requirements cannot be represented in modern business process modeling notations.In this paper, we present an extension of UML 2.0 activity diagrams which will allow security requirements to be specified in business processes. Our proposal, denominated as BPSec (Business Process Security), is Model Driven Architecture compliant since it is possible to obtain a set of UML artifacts (Platform Independent Model-PIM) used in software development from a Secure Business Process model specification (Computation Independent Model-CIM). We also present the application of our approach to an example based on a typical health care institution, in which our M-BPSec method is employed as a framework for the use of our UML extension.     

Strategic reasoning about business models: a conceptual modeling approach

Strategic reasoning about business models is an integral part of service design. In fast moving markets, businesses must be able to recognize and respond strategically to disruptive change. They have to answer questions such as: what are the threats and opportunities in emerging technologies and innovations? How should they target customer groups? Who are their real competitors? How will competitive battles take shape? In this paper we define a strategic modeling framework to help understand and analyze the goals, intentions, roles, and the rationale behind the strategic actions in a business environment. This understanding is necessary in order to improve existing or design new services. The key component of the framework is a strategic business model ontology for representing and analyzing business models and strategies, using the i* agent and goal oriented methodology as a basis. The ontology introduces a strategy layer which reasons about alternative strategies that are realized in the operational layer. The framework is evaluated using a retroactive example of disruptive technology in the telecommunication services sector from the literature.     

Compliance monitoring in business processes: Functionalities,application, and tool-support

In recent years, monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as major concern in literature and practice. Monitoring not only refers to continuously observing possible compliance violations, but also includes the ability to provide fine-grained feedback and to predict possible compliance violations in the future. The body of literature on business process compliance is large and approaches specifically addressing process monitoring are hard to identify. Moreover, proper means for the systematic comparison of these approaches are missing. Hence, it is unclear which approaches are suitable for particular scenarios. The goal of this paper is to define a framework for Compliance Monitoring Functionalities (CMF) that enables the systematic comparison of existing and new approaches for monitoring compliance rules over business processes during runtime. To define the scope of the framework, at first, related areas are identified and discussed. The CMFs are harvested based on a systematic literature review and five selected case studies. The appropriateness of the selection of CMFs is demonstrated in two ways: (a) a systematic comparison with pattern-based compliance approaches and (b) a classification of existing compliance monitoring approaches using the CMFs. Moreover, the application of the CMFs is showcased using three existing tools that are applied to two realistic data sets. Overall, the CMF framework provides powerful means to position existing and future compliance monitoring approaches.     

Plural: A decentralized business process modeling method

Top-down and centralized approaches prevail in the design and improvement of business processes. However, centralized structures pose difficulties for organizations in adapting to a rapidly changing business environment. Here we present the Plural method which can be used to guide organizations in performing process modeling in a decentralized way. Instead of a centralized group of people understanding, modeling and improving processes, our method allows individuals to model and improve their own processes to help in fulfilling their roles in the organization. An individual model depicts a set of activities performed by a role, which together result in a cohesive service within the organization. These individual models are then integrated as necessary to show the way the organization works. We applied the Plural method in a case study of a small-size software organization. We describe the method and its underlying principles and then discuss the findings of our case study, lessons learned, and limitations. The study thus provided evidence of Plural's utility and showed how an organization might exploit its strengths.     

Event-based failure prediction in distributed business processes

Traditionally, research in Business Process Management has put a strong focus on centralized and intra-organizational processes. However, today’s business processes are increasingly distributed, deviating from a centralized layout, and therefore calling for novel methodologies of detecting and responding to unforeseen events, such as errors occurring during process runtime. In this article, we demonstrate how to employ event-based failure prediction in business processes. This approach allows to make use of the best of both traditional Business Process Management Systems and event-based systems. Our approach employs machine learning techniques and considers various types of events. We evaluate our solution using two business process data sets, including one from a real-world event log, and show that we are able to detect errors and predict failures with high accuracy.     

Conformance checking and diagnosis for declarative business process models in data-aware scenarios

A business process (BP) consists of a set of activities which are performed in coordination in an organizational and technical environment and which jointly realize a business goal. In such context, BP management (BPM) can be seen as supporting BPs using methods, techniques, and software in order to design, enact, control, and analyze operational processes involving humans, organizations, applications, and other sources of information. Since the accurate management of BPs is receiving increasing attention, conformance checking, i.e., verifying whether the observed behavior matches a modelled behavior, is becoming more and more critical. Moreover, declarative languages are more frequently used to provide an increased flexibility. However, whereas there exist solid conformance checking techniques for imperative models, little work has been conducted for declarative models. Furthermore, only control-flow perspective is usually considered although other perspectives (e.g., data) are crucial. In addition, most approaches exclusively check the conformance without providing any related diagnostics. To enhance the accurate management of flexible BPs, this work presents a constraint-based approach for conformance checking over declarative BP models (including both control-flow and data perspectives). In addition, two constraint-based proposals for providing related diagnosis are detailed. To demonstrate both the effectiveness and the efficiency of the proposed approaches, the analysis of different performance measures related to a wide diversified set of test models of varying complexity has been performed.     

Terminability and compensatibility of cycles in business processes with a process-oriented trigger

BPTrigger is a process-oriented trigger model that provides economy of specification and efficient execution for complex business constraints. An essential part of trigger execution is detection and resolution of cycles. This paper presents an approach to determine the terminability of a cycle introduced by a BPTrigger in a business process and determine whether a cycle is allowable in terms of compensatibility. The foundation of the approach is a set of conditions for cycle termination derived from classifications of business processes by resource usage and activity types by compensation status. This paper formally presents cycle analysis procedures using the notion of cycle analysis graph. Further, a procedure is proposed which checks the terminability of multiple cycles using a composite cycle analysis graph constructed from the cycle analysis graphs of the associated cycles. The paper proves the correctness of the analysis and presents a validation example. The presented results extend some limitations of well-formed sphere which has addressed atomicity of workflow transactions.     

From fine-grained to abstract process models: A semantic approach

Organizations actively managing their business processes face a rapid growth of the number of process models that they maintain. Business process model abstraction has proven to be an effective means to generate readable, high-level views on business process models by showing coarse-grained activities and leaving out irrelevant details. In this way, abstraction facilitates a more efficient management of process models, as a single model can provide for many relevant views. Yet, it is an open question how to perform abstraction in the same skillful way as experienced modelers combine activities into more abstract tasks. This paper presents an approach that uses semantic information of a process model to decide on which activities belong together, which extends beyond existing approaches that merely exploit model structural characteristics. The contribution of this paper is twofold: we propose a novel activity aggregation method and suggest how to discover the activity aggregation habits of human modelers. In an experimental validation, we use an industrial process model repository to compare the developed activity aggregation method with actual modeling decisions, and observe a strong correlation between the two. The presented work is expected to contribute to the development of modeling support for the effective process model abstraction.     

Merging event logs for process mining: A rule based merging method and rule suggestion algorithm

In an inter-organizational setting the manual construction of process models is challenging because the different people involved have to put together their partial knowledge about the overall process. Process mining, an automated technique to discover and analyze process models, can facilitate the construction of inter-organizational process models. This paper presents a technique to merge the input data of the different partners of an inter-organizational process in order to serve as input for process mining algorithms. The technique consists of a method for configuring and executing the merge and an algorithm that searches for links between the data of the different partners and that suggests rules to the user on how to merge the data. Tool support is provided in the open source process mining framework ProM. The method and the algorithm are tested using two artificial and three real life datasets that confirm their effectiveness and efficiency.