Summary
Description of the profile
A Rule is a prescribed guide for carrying out activities and processes leading to desired results, e.g. the operational realization of policies. A Regulation is a mandated process or the specific details that derive from the interpretation of Rules and lead to measureable quantities against which compliance can be measured. Policy is made operational through the promulgating and implementing of Rules and Regulations
The behavior and performance of the participants in a SOA ecosystem are subject to rules of engagement which are captured in a series of policies and contracts.
In summary, Policy is a predicate to be satisfied and Rules prescribe the activities by which that satisfying occurs. A number of rules may be required to satisfy a given policy; the carrying out of a rule may contribute to several policies being realized.
Setting Rules and Regulations does not ensure effective governance unless compliance can be measured and Rules and Regulations can be enforced. Metrics are those conditions and quantities that can be measured to characterize actions and results. Rules and Regulations MUST be based on collected Metrics or there will be no way for Management to assess compliance. The Metrics are available to the Participants, the Leadership, and the Governance Body so what is measured and the results of measurement are clear to everyone.
Rules are generally defined with respect to an action, and may be expressed as a pre-condition, post-condition, or decision point in an activity flow.
The Rules Functional Profile is derived from the concepts of governance and semantic models and consequently conforms to the architectural implications of those concepts. <b/>
Rules specializes capabilities architecturally implied by its associated concepts of Artifact , Behavior Model , Change , Governance , Information Model , Management , Metrics , Semantic Model . The implied architectural capabilities are described in the following paragraphs.
Artifact An artifact is a managed resource within the Semantic Infrastructure.
An artifact is associated with the following capabilities:
- descriptions to enable the artifact to be visible, where the description includes a unique identifier for the artifact and a sufficient, and preferably a machine processible, representation of the meaning of terms used to describe the artifact, its functions, and its effects;
- one or more discovery mechanisms that enable searching for artifacts that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual artifact descriptions, possibly through some repository mechanism;
- accessible storage of artifacts and artifact descriptions, so service participants can access, examine, and use the artifacts as defined.
Behavior Model A well-defined service Behavior Model.
The capabilities of the Behavior Model include:
- characterizes the knowledge of the actions invokes against the service and events that report real world effects as a result of those actions;
- characterizes the temporal relationships and temporal properties of actions and events associated in a service interaction;
- describe activities involved in a workflow activity that represents a unit of work;
- describes the role(s) that a role player performs in a service-oriented business process or service-oriented business collaboration;
- is both human readable and machine processable;
- is referenceable from the Service Description artifact.
Change Artifact descriptions change over time and their contents will reflect changing needs and context.
Architectural implications of change on the Semantic Infrastructure are reflected in the following capabilities:
- mechanisms to support the storage, referencing, and access to normative definitions of one or more versioning schemes that may be applied to identify different aggregations of descriptive information, where the different schemes may be versions of a versioning scheme itself;
- configuration management mechanisms to capture the contents of the each aggregation and apply a unique identifier in a manner consistent with an identified versioning scheme;
- one or more mechanisms to support the storage, referencing, and access to conversion relationships between versioning schemes, and the mechanisms to carry out such conversions.
Governance Service Oriented Architecture is an architectural paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. Consequently, it is important that organizations that plan to engage in service interactions adopt governance policies and procedures sufficient to ensure that there is standardization across both internal and external organizational boundaries to promote the effective creation and use of SOA-based services.
SOA governance requires numerous architectural capabilities on the Semantic Infrastructure:
Governance is expressed through policies and assumes multiple use of focused policy modules that can be employed across many common circumstances This is elaborated in the inherited Policy profile.
Governance requires that the participants understand the intent of governance, the structures created to define and implement governance, and the processes to be followed to make governance operational. This is provided by capabilities specialized from the inherited Management Profile.
Governance policies are made operational through rules and regulations. This is provided by the following capabilities, most of which are specializations of the inherited Artifact Profile:
- descriptions to enable the rules and regulations to be visible, where the description includes a unique identifier and a sufficient, and preferably a machine process-able, representation of the meaning of terms used to describe the rules and regulations;
- one or more discovery mechanisms that enable searching for rules and regulations that may apply to situations corresponding to the search criteria specified by the service participant; where the discovery mechanism will have access to the individual descriptions of rules and regulations, possibly through some repository mechanism;
- accessible storage of rules and regulations and their respective descriptions, so service participants can understand and prepare for compliance, as defined.
- SOA services to access automated implementations of the Governance Processes.
Governance implies management to define and enforce rules and regulations.. This is elaborated in the inherited Management profile.
Governance relies on metrics to define and measure compliance. This is elaborated in the inherited Metric profile.
Information Model A well-defined service Information Model.
The capabilities of the Information Model include:
- describes the syntax and semantics of the messages used to denote actions and events;
- describes the syntax and semantics of the data payload(s) contained within messages;
- documents exception conditions in the event of faults due to network outages, improper message/data formats, etc.;
- is both human readable and machine processable
- is referenceable from the Service Description artifact.
Management Governance implies management to define and enforce rules and regulations.
Management is provided by the following capabilities:
- an information collection site, such as a Web page or portal, where management information is stored and from which the information is always available for access;
- a mechanism to inform participants of significant management events, such as changes in rules or regulations;
- accessible storage of the specifics of processes followed by management.
Metrics Artifact Descriptions include references to metrics which describe the operational characteristics of the subjects being described
Architectural implications of metrics on the Semantic Infrastructure are reflected in the following capabilities:
- access to platform infrastructure monitoring and reporting capabilities
- access to metrics information generated or accessible by related services
- mechanisms to catalog and enable discovery of which metrics are available for a described artifact and information on how these metrics can be accessed;
- mechanisms to catalog and enable discovery of compliance records associated with policies, contracts, and constraints that are based on these metrics.
Semantic Model Artifact Descriptions make use of defined semantics, where the semantics may be used for categorization or providing other property and value information for description classes.
Architectural implications of semantics on the Semantic Infrastructure are reflected in the following capabilities:
- semantic models that provide normative descriptions of the utilized terms, where the models may range from a simple dictionary of terms to an ontology showing complex relationships and capable of supporting enhanced reasoning. This is a refinement of the Artifact metadata capability.
- mechanisms to support the storage, referencing, and access to these semantic models. This is a refinement of the Artifact store capability.
- configuration management mechanisms to capture the normative description of each semantic model and to apply a unique identifier in a manner consistent with an identified versioning scheme. This is a refinement of the Change configurationManagement capability.
- one or more mechanisms to support the storage, referencing, and access to conversion relationships between semantic models, and the mechanisms to carry out such conversions.
Capabilities
- action
- complianceDiscovery
- configurationManagement
- diagramModelBinding
- discovery
- exception
- governanceService
- identity
- maintainRulesRepository
- managementInformation
- managementNotification
- managementProcesses
- message
- metadata
- metrics
- metricsDiscovery
- monitor
- participant
- payload
- provenance
- regulatoryConstraints
- rulesEngine
- semanticConversion
- serviceBinding
- store
- temporal
- transition
- versioning
- workflow
Requirements traceability
Requirement |
Source |
Capability |
|---|---|---|
Develop a translation into formal semantics and computable abstraction and representation of policies and regulations imposed on a federal, state, organizational and institutional level. caBIG standards, tools, best practices should make it easy or at least easier to be compliant. It should therefore aid the community in acknowledging, interpreting and applying the relevant regulations, inform the legislators on the success/value of the regulations and foster constant improvement |
Gap Analysis::Rules::107 - Regulatory Compliance |
|
Incorporate a rules engine |
Gap Analysis::Rules::114 - Rules Engine |
|
Maintain a rules repository. |
Gap Analysis::Rules::114.4 - Maintain a rules repository |
|
Service Oriented Architecture is an architectural paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. Consequently, it is important that organizations that plan to engage in service interactions adopt governance policies and procedures sufficient to ensure that there is standardization across both internal and external organizational boundaries to promote the effective creation and use of SOA-based services. SOA governance requires numerous architectural capabilities on the Semantic Infrastructure: Governance is expressed through policies and assumes multiple use of focused policy modules that can be employed across many common circumstances This is elaborated in the inherited Policy profile. Governance requires that the participants understand the intent of governance, the structures created to define and implement governance, and the processes to be followed to make governance operational. This is provided by capabilities specialized from the inherited Management Profile. Governance policies are made operational through rules and regulations. This is provided by the following capabilities, most of which are specializations of the inherited Artifact Profile: * descriptions to enable the rules and regulations to be visible, where the description includes a unique identifier and a sufficient, and preferably a machine process-able, representation of the meaning of terms used to describe the rules and regulations; * one or more discovery mechanisms that enable searching for rules and regulations that may apply to situations corresponding to the search criteria specified by the service participant; where the discovery mechanism will have access to the individual descriptions of rules and regulations, possibly through some repository mechanism; * accessible storage of rules and regulations and their respective descriptions, so service participants can understand and prepare for compliance, as defined. * SOA services to access automated implementations of the Governance Processes. Governance implies management to define and enforce rules and regulations.. This is elaborated in the inherited Management profile. Governance relies on metrics to define and measure compliance. This is elaborated in the inherited Metric profile. |
Semantic Profile::OASIS SOA::Governance Model |
monitor from inherited abstract profile Metricsmetrics from inherited abstract profile MetricsmanagementInformation from inherited abstract profile ManagementmanagementNotification from inherited abstract profile ManagementmanagementProcesses from inherited abstract profile ManagementgovernanceService from inherited abstract profile Governancediscovery from inherited abstract profile Artifactidentity from inherited abstract profile Artifactmetadata from inherited abstract profile Artifactstore from inherited abstract profile Artifact |
Interaction is the activity involved in using a service to access capability in order to achieve a particular desired real world effect, where real world effect is the actual result of using a service. An interaction can be characterized by a sequence of actions. Consequently, interacting with a service, i.e. performing actions against the service--usually mediated by a series of message exchanges--involves actions performed by the service. Different modes of interaction are possible such as modifying the shared state of a resource. Note that a participant (or agent acting on behalf of the participant) can be the sender of a message, the receiver of a message, or both. Interacting with Services has the following architectural implications on mechanisms that facilitate service interaction: A well-defined service Information Model, as elaborated in the inherited Information Model profile. A well-defined service Behavior Model, as elaborated in the inherited Behavior Model profile. Service composition mechanisms to support orchestration of service-oriented business processes and choreography of service-oriented business collaborations, as elaborated in the inherited Service Composition profile. Infrastructure services that provides mechanisms to support service interaction, as elaborated in the inherited Interaction profile. A layered and tiered service component architecture that supports multiple message exchange patterns (MEPs)l, as elaborated in the inherited Message Exchange profile. |
Semantic Profile::OASIS SOA::Interacting with Services Model |
message from inherited abstract profile Information Modelpayload from inherited abstract profile Information Modelexception from inherited abstract profile Information ModelserviceBinding from inherited abstract profile Information ModeldiagramModelBinding from inherited abstract profile Information ModeldiagramModelBinding from inherited abstract profile Behavior ModelserviceBinding from inherited abstract profile Behavior Modelaction from inherited abstract profile Behavior Modeltemporal from inherited abstract profile Behavior Modelworkflow from inherited abstract profile Behavior Modelparticipant from inherited abstract profile Behavior Model |
A service description is an artifact, usually document-based, that defines or references the information needed to use, deploy, manage and otherwise control a service. This includes not only the information and behavior models associated with a service to define the service interface but also includes information needed to decide whether the service is appropriate for the current needs of the service consumer. Thus, the service description will also include information such as service reachability, service functionality, and the policies and contracts associated with a service. A service description artifact may be a single document or it may be an interlinked set of documents. Architectural implications of service description on the Semantic Infrastructure are reflected in the following functional decomposition: * Description will change over time and its contents will reflect changing needs and context. This is elaborated in the inherited Change profile. * Description makes use of defined semantics, where the semantics may be used for categorization or providing other property and value information for description classes. This is elaborated in the inherited Semantic Model profile. * Descriptions include reference to policies defining conditions of use and optionally contracts representing agreement on policies and other conditions. This is elaborated in the inherited Policy profile. * Descriptions include references to metrics which describe the operational characteristics of the subjects being described. This is elaborated in the inherited Metrics profile. * Descriptions of the interactions are important for enabling auditability and repeatability, thereby establishing a context for results and support for understanding observed change in performance or results. This is elaborated in the inherited Interaction profile. * Descriptions may capture very focused information subsets or can be an aggregate of numerous component descriptions. Service description is an example of a likely aggregate for which manual maintenance of all aspects would not be feasible. This is elaborated in the inherited Composition profile. * Descriptions provide up-to-date information on what a resource is, the conditions for interacting with the resource, and the results of such interactions. As such, the description is the source of vital information in establishing willingness to interact with a resource, reachability to make interaction possible, and compliance with relevant conditions of use. This is elaborated in the inherited Interoperability profile. Policy capabilities are specialization of Artifact capabilities. |
Semantic Profile::OASIS SOA::Service Description Model |
versioning from inherited abstract profile ChangeconfigurationManagement from inherited abstract profile Changetransition from inherited abstract profile Changediscovery from inherited abstract profile Artifactidentity from inherited abstract profile Artifactmetadata from inherited abstract profile Artifactstore from inherited abstract profile ArtifactsemanticConversion from inherited abstract profile Semantic Modelmonitor from inherited abstract profile Metricsmetrics from inherited abstract profile MetricsmetricsDiscovery from inherited abstract profile MetricscomplianceDiscovery from inherited abstract profile Metrics |
One of the key requirements for participants interacting with each other in the context of a SOA is achieving visibility: before services can interoperate, the participants have to be visible to each other using whatever means are appropriate. The Reference Model analyzes visibility in terms of awareness, willingness, and reachability. Visibility in a SOA ecosystem has the following architectural implications on mechanisms providing support for awareness, willingness, and reachability: Mechanisms providing support for awareness will likely have the following minimum capabilities: * creation of Description, preferably conforming to a standard Description format and structure; * publishing of Description directly to a consumer or through a third party mediator; * discovery of Description, preferably conforming to a standard for Description discovery; * notification of Description updates or notification of the addition of new and relevant Descriptions; * classification of Description elements according to standardized classification schemes. In a SOA ecosystem with complex social structures, awareness may be provided for specific communities of interest. The architectural mechanisms for providing awareness to communities of interest will require support for: * policies that allow dynamic formation of communities of interest; * trust that awareness can be provided for and only for specific communities of interest, the bases of which is typically built on keying and encryption technology. The architectural mechanisms for determining willingness to interact will require support for: * verification of identity and credentials of the provider and/or consumer; * access to and understanding of description; * inspection of functionality and capabilities; * inspection of policies and/or contracts. The architectural mechanisms for establishing reachability will require support for: * the location or address of an endpoint; * verification and use of a service interface by means of a communication protocol; * determination of presence with an endpoint which may only be determined at the point interaction but may be further aided by the use of a presence protocol for which the endpoints actively participate. |
Semantic Profile::OASIS SOA::Service Visibility Model |
discovery from inherited abstract profile Artifact |
action
Description
characterizes the knowledge of the actions invokes against the service and events that report real world effects as a result of those actions;
Requirements addressed
Overview of possible operations
complianceDiscovery
Description
Mechanisms to catalog and enable discovery of compliance records associated with policies, contracts, and constraints that are based on these metrics.
Requirements addressed
Overview of possible operations
configurationManagement
Description
Mechanisms to support the storage, referencing, and access to normative definitions of one or more versioning schemes that may be applied to identify different aggregations of descriptive information, where the different schemes may be versions of a versioning scheme itself.
Requirements addressed
Overview of possible operations
diagramModelBinding
Description
Is both human readable and machine processable.
Requirements addressed
Overview of possible operations
discovery
Description
One or more discovery mechanisms that enable searching for artifacts that best meet the search criteria specified by the service participant; where the discovery mechanism will have access to the individual artifact descriptions, possibly through some repository mechanism.
Requirements addressed
Overview of possible operations
exception
Description
Documents exception conditions in the event of faults due to network outages, improper message/data formats, etc.
Requirements addressed
Overview of possible operations
governanceService
Description
SOA services to access automated implementations of the Governance Processes.
Requirements addressed
Overview of possible operations
identity
Description
Descriptions which include a unique identifier for the artifact.
Requirements addressed
Overview of possible operations
maintainRulesRepository
Description
Maintain a rules repository.
Requirements addressed
Overview of possible operations
managementInformation
Description
An information collection site, such as a Web page or portal, where management information is stored and from which the information is always available for access.
Requirements addressed
Overview of possible operations
managementNotification
Description
A mechanism to inform participants of significant management events, such as changes in rules or regulations.
Requirements addressed
Overview of possible operations
managementProcesses
Description
Accessible storage of the specifics of processes followed by management.
Requirements addressed
Overview of possible operations
message
Description
Describes the syntax and semantics of the messages used to denote actions and events
Requirements addressed
Overview of possible operations
metadata
Description
A representation of the meaning of terms used to describe the artifact, its functions, and its effects.
Requirements addressed
Overview of possible operations
metrics
Description
Access to metrics information generated or accessible by related services
Requirements addressed
Overview of possible operations
metricsDiscovery
Description
Mechanisms to catalog and enable discovery of which metrics are available for a described artifact and information on how these metrics can be accessed.
Requirements addressed
Overview of possible operations
monitor
Description
Access to platform infrastructure monitoring and reporting capabilities.
Requirements addressed
Overview of possible operations
participant
Description
describes the role(s) that a role player performs in a service-oriented business process or service-oriented business collaboration;
Requirements addressed
Overview of possible operations
payload
Description
Describes the syntax and semantics of the data payload(s) contained within messages
Requirements addressed
Overview of possible operations
provenance
Description
While the Resource identity provides the means to know which subject and subject description are being considered, Provenance as related to the Description class provides information that reflects on the quality or usability of the subject. Provenance specifically identifies the entity (human, defined role, organization, ...) that assumes responsibility for the resource being described and tracks historic information that establishes a context for understanding what the resource provides and how it has changed over time. Responsibilities may be directly assumed by the Stakeholder who owns a Resource or the Owner may designate Responsible Parties for the various aspects of maintaining the resource and provisioning it for use by others. There may be more than one entity identified under Responsible Parties; for example, one entity may be responsible for code maintenance while another is responsible for provisioning of the executable code. The historical aspects may also have multiple entries, such as when and how data was collected and when and how it was subsequently processed, and as with other elements of description, may provide links to other assets maintained by the Resource owner.
Requirements addressed
Overview of possible operations
regulatoryConstraints
Description
Develop a translation into formal semantics and computable abstraction and representation of policies and regulations imposed on a federal, state, organizational and institutional level. caBIG standards, tools, best practices should make it easy or at least easier to be compliant. It should therefore aid the community in acknowledging, interpreting and applying the relevant regulations, inform the legislators on the success/value of the regulations and foster constant improvement
Requirements addressed
Overview of possible operations
rulesEngine
Description
Incorporate a rules engine
Requirements addressed
Overview of possible operations
semanticConversion
Description
One or more mechanisms to support the storage, referencing, and access to conversion relationships between semantic models, and the mechanisms to carry out such conversions.
Requirements addressed
Overview of possible operations
serviceBinding
Description
Is referenceable from the Service Description artifact.
Requirements addressed
Overview of possible operations
store
Description
Accessible storage of artifacts and artifact descriptions, so service participants can access, examine, and use the artifacts as defined.
Requirements addressed
Overview of possible operations
temporal
Description
characterizes the temporal relationships and temporal properties of actions and events associated in a service interaction;
Requirements addressed
Overview of possible operations
transition
Description
One or more mechanisms to support the storage, referencing, and access to conversion relationships between versioning schemes, and the mechanisms to carry out such conversions.
Requirements addressed
Overview of possible operations
versioning
Description
Configuration management mechanisms to capture the contents of the each aggregation and apply a unique identifier in a manner consistent with an identified versioning scheme.
Requirements addressed
Overview of possible operations
workflow
Description
describe activities involved in a workflow activity that represents a unit of work;
