Splitting GSM Schemas: A Framework for ... - Semantic Scholar
Splitting GSM Schemas: A Framework for Outsourcing of Declarative Artifact Systems Rik Eshuis, Eindhoven University of Technology Rick Hull, IBM T J Watson Research Center Yutian Sun, UC Santa Barbara Roman Vaculin, IBM T J Watson Research Center
Context Motivation • Business Process Outsourcing (BPO): part of a business process is performed by another organization • Cloud-computing is key enabler of BPO This study • BPO for declarative case management − Spez., Guard-Stage-Milestone business artifact model − GSM is basis for OMG’s CMMN standard
• Main result: framework that − enables BPO at design-time and run-time − supports hiding business logic
31-8-2013
PAGE 1
Guard-Stage-Milestone (GSM) schemas Guard
Stage
Milestone
business rule when to open stage
cluster of work to achieve milestone
business objective
• Status of each stage,milestone ∈ { on, off} • Business rules specify when stage/milestone changes state − Might refer to status of other stages/milestones
• Rules need to be evaluated in right order to ensure that all changes have maximal effect • Unit of change triggered by external event is called a B-step 31-8-2013
PAGE 2
Problem: outsourcing GSM subschema Refine Deal
ReDraftTermNeeded
Draft Term
Term Drafted
Check Credit
ReCheckCreditNeeded Determine Price
Credit Checked
Deal Failed Price Determined
Deal Refined
IGF
must be equivalent
Client artifact system
Provider artifact system
IGF
LawOffice Refine Deal Check Credit
ReCheckCreditNeeded Credit Checked
Determine Price
Deal Failed Price Determined
Deal Refined
ReDraftTermNeeded Draft Term
31-8-2013
Term Drafted
PAGE 3
Example scenario in original GSM schema status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 4
Starting B-step (1) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 5
Continuing B-step (2) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 6
Continuing B-step (3) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 7
Continuing B-step (4) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 8
End of B-step (5) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 9
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 10
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 11
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 12
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 13
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 14
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 15
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
Impossible in original GSM schema Draft Term
LawOffice ReDraftTermNeeded Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 16
Possible solutions 1. Extend local GSM engines with complex synchronization logic 2. Better: restructure GSM schema to avoid complex synchronization Event
B-step 1 IGF LawOffice
Event’
B-step 2 31-8-2013
PAGE 17
Resolved race condition
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF achieve if credit_level > 100,000
open on +ReDraftTermNeeded
LawOffice ReDraftTermNeeded
Draft Term
Term Drafted
31-8-2013
PAGE 18
Resolved race condition achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
31-8-2013
PAGE 19
Resolved race condition: after B-step 1 achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
Task CheckCredit completes ReDraftTermNeeded=on DraftTerm=on 31-8-2013 PAGE 20 TermDrafted=off
Resolved race condition: after B-step 2 achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
Task CheckCredit completes ReDraftTermNeeded=on DraftTerm=on 31-8-2013 PAGE 21 TermDrafted=off
Solution approach • Keep local cache of status of needed remote stages/milestone • determined per external event type
• Reallocate business rules to avoid complex synchronization − Sometimes: rule executes at different location than the corresponding stage/milestone
• Runtime simulation protocol based on distributed 2phase commit • Result (see paper): split GSM schema faithfully simulates original GSM schema 31-8-2013
PAGE 22
Formal results Theorem 1 • Let Σ be a snaphot of GSM schema Γ ; • Let schemas Γ1 and Γ2 be a “split” of schema Γ ; • Let snapshots Σ1 and Σ2 be the split of Σ; • Let e be an external event of type E; • Then: the application of e on (Σ1,Σ2) faithfully simulates the application of e on Σ Theorem 2 • Using the “runtime simulation protocol” (see paper) the above result generalizes to streams of external events. 31-8-2013
PAGE 23
Yet another problem… ... revealing of secrets
``
31-8-2013
PAGE 24
Alternative outsourcing scenario Private
status is on status is off achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 25
Restructured GSM schema Private achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 26
Restructured GSM schema Private achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Private IGF rule gets exposed! ReDraftTermNeeded Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
PAGE 27 31-8-2013
Hiding rules by anonymous events Produces anonymous external event Toggle E
open if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF achieve on E
ReDraftTermNeeded Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 28
Result on privacy • Let Γ be GSM schema and let H be a set of attributes whose rules should be hidden. • Construct Γ’ = hide(Γ,H) as follows • For hiding the rules of n status attributes, in centralized GSM model − For each hidden status attribute a, create an anonymous event Ea − Each rule that triggers a is transformed into a rule that triggers a stage that generates Ea
• Lemma: each B-step of Γ is faithfully simulated by a cluster of n + 1 B-steps of Γ’. • To perform splitting with hidden status attributes, create Γ’ = hide(Γ,H) and split Γ’. 31-8-2013
PAGE 29
Complete algorithm • Input: • GSM schema Γ • desired split of stages/milestones • status attributes H whose rules are to be hidden
• Step 1: introduce anonymous events in Γ → Γ’ • Step 2: perform splitting on Γ’ → (Γ1 , Γ2) • Main result (see paper): • (Γ1 , Γ2) faithfully simulates Γ • (Γ1 , Γ2) does hide rules for status attributes in H
31-8-2013
PAGE 30
Conclusion • Comprehensive framework for supporting outsourcing of GSM schemas • Covers both design-time and run-time • Future work: • multi-party outsourcing • interacting artifact types • extend results to OMG’s Case Management Modeling Notation
31-8-2013
PAGE 31
Thank you!
31-8-2013
PAGE 32
Context Motivation • Business Process Outsourcing (BPO): part of a business process is performed by another organization • Cloud-computing is key enabler of BPO This study • BPO for declarative case management − Spez., Guard-Stage-Milestone business artifact model − GSM is basis for OMG’s CMMN standard
• Main result: framework that − enables BPO at design-time and run-time − supports hiding business logic
31-8-2013
PAGE 1
Guard-Stage-Milestone (GSM) schemas Guard
Stage
Milestone
business rule when to open stage
cluster of work to achieve milestone
business objective
• Status of each stage,milestone ∈ { on, off} • Business rules specify when stage/milestone changes state − Might refer to status of other stages/milestones
• Rules need to be evaluated in right order to ensure that all changes have maximal effect • Unit of change triggered by external event is called a B-step 31-8-2013
PAGE 2
Problem: outsourcing GSM subschema Refine Deal
ReDraftTermNeeded
Draft Term
Term Drafted
Check Credit
ReCheckCreditNeeded Determine Price
Credit Checked
Deal Failed Price Determined
Deal Refined
IGF
must be equivalent
Client artifact system
Provider artifact system
IGF
LawOffice Refine Deal Check Credit
ReCheckCreditNeeded Credit Checked
Determine Price
Deal Failed Price Determined
Deal Refined
ReDraftTermNeeded Draft Term
31-8-2013
Term Drafted
PAGE 3
Example scenario in original GSM schema status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 4
Starting B-step (1) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 5
Continuing B-step (2) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 6
Continuing B-step (3) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 7
Continuing B-step (4) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 8
End of B-step (5) status is on status is off achieve if credit_level > 100,000 Refine Deal Draft Term
ReDraftTermNeeded Term Drafted
Check Credit
Deal Failed
ReCheckCreditNeeded Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
open on +ReDraftTermNeeded
open if TermDrafted and CreditChecked
Task CheckCredit completes credit_level = 200,000 31-8-2013
PAGE 9
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 10
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 11
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 12
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 13
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 14
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 15
Splitting example scenario results in race condition status is on status is off
open if TermDrafted and CreditChecked
Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF
Impossible in original GSM schema Draft Term
LawOffice ReDraftTermNeeded Term Drafted
achieve if credit_level > 100,000
open on +ReDraftTermNeeded 31-8-2013
PAGE 16
Possible solutions 1. Extend local GSM engines with complex synchronization logic 2. Better: restructure GSM schema to avoid complex synchronization Event
B-step 1 IGF LawOffice
Event’
B-step 2 31-8-2013
PAGE 17
Resolved race condition
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF achieve if credit_level > 100,000
open on +ReDraftTermNeeded
LawOffice ReDraftTermNeeded
Draft Term
Term Drafted
31-8-2013
PAGE 18
Resolved race condition achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
31-8-2013
PAGE 19
Resolved race condition: after B-step 1 achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
Task CheckCredit completes ReDraftTermNeeded=on DraftTerm=on 31-8-2013 PAGE 20 TermDrafted=off
Resolved race condition: after B-step 2 achieve if credit_level > 100,000
open on +ReDraftTermNeeded
ReDraftTermNeeded Draft Term
Term Drafted
open if TermDrafted and CreditChecked Task CheckCredit Refine Deal completes credit_level = 200,000
Deal Failed
ReCheckCreditNeeded Check Credit
Credit Checked
Determine Price
Price Determined
Deal Refined
IGF LawOffice ReDraftTermNeeded Draft Term
Term Drafted
Task CheckCredit completes ReDraftTermNeeded=on DraftTerm=on 31-8-2013 PAGE 21 TermDrafted=off
Solution approach • Keep local cache of status of needed remote stages/milestone • determined per external event type
• Reallocate business rules to avoid complex synchronization − Sometimes: rule executes at different location than the corresponding stage/milestone
• Runtime simulation protocol based on distributed 2phase commit • Result (see paper): split GSM schema faithfully simulates original GSM schema 31-8-2013
PAGE 22
Formal results Theorem 1 • Let Σ be a snaphot of GSM schema Γ ; • Let schemas Γ1 and Γ2 be a “split” of schema Γ ; • Let snapshots Σ1 and Σ2 be the split of Σ; • Let e be an external event of type E; • Then: the application of e on (Σ1,Σ2) faithfully simulates the application of e on Σ Theorem 2 • Using the “runtime simulation protocol” (see paper) the above result generalizes to streams of external events. 31-8-2013
PAGE 23
Yet another problem… ... revealing of secrets
``
31-8-2013
PAGE 24
Alternative outsourcing scenario Private
status is on status is off achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 25
Restructured GSM schema Private achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 26
Restructured GSM schema Private achieve if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF
Private IGF rule gets exposed! ReDraftTermNeeded Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
PAGE 27 31-8-2013
Hiding rules by anonymous events Produces anonymous external event Toggle E
open if credit_level > 100,000 Refine Deal
ReDraftTermNeeded
Deal Failed
ReCheckCreditNeeded Determine Price
Price Determined
Deal Refined
IGF achieve on E
ReDraftTermNeeded Draft Term
Term Drafted
Check Credit
Admin Task Office CheckCredit Credit Checked completes credit_level = 200,000
31-8-2013
PAGE 28
Result on privacy • Let Γ be GSM schema and let H be a set of attributes whose rules should be hidden. • Construct Γ’ = hide(Γ,H) as follows • For hiding the rules of n status attributes, in centralized GSM model − For each hidden status attribute a, create an anonymous event Ea − Each rule that triggers a is transformed into a rule that triggers a stage that generates Ea
• Lemma: each B-step of Γ is faithfully simulated by a cluster of n + 1 B-steps of Γ’. • To perform splitting with hidden status attributes, create Γ’ = hide(Γ,H) and split Γ’. 31-8-2013
PAGE 29
Complete algorithm • Input: • GSM schema Γ • desired split of stages/milestones • status attributes H whose rules are to be hidden
• Step 1: introduce anonymous events in Γ → Γ’ • Step 2: perform splitting on Γ’ → (Γ1 , Γ2) • Main result (see paper): • (Γ1 , Γ2) faithfully simulates Γ • (Γ1 , Γ2) does hide rules for status attributes in H
31-8-2013
PAGE 30
Conclusion • Comprehensive framework for supporting outsourcing of GSM schemas • Covers both design-time and run-time • Future work: • multi-party outsourcing • interacting artifact types • extend results to OMG’s Case Management Modeling Notation
31-8-2013
PAGE 31
Thank you!
31-8-2013
PAGE 32
