EU-Contract Project

Contract based Systems Engineering Methods for
Veri able Cross-Organisational Networked Business Applications

Wednesday, September 9, 2009

The Project


IST-CONTRACT Project Parameters

3


IST-CONTRACT Project Parameters

 IST Framework 6 STREP  Area: Digital Business
Project Ecosystems
 Funded from the 5th Call IST  Costs:
 Focus:  Total Cost: 2,509,156 Euro
 Contracts for Distributed  Req. Cont: 1,850,000 Euro
Applications Engineering
 Dates:
 Contracts as a basis for formal
veri cation  Start: 1st Sept 2006
 e-business applications  End: 31st May 2009

 Project ID: FP6-034418

3


IST-CONTRACT Project Partners

4


IST-CONTRACT Project Partners

 Universitat Politècnica
de Catalunya
 Fujitsu EST Gmbh
 Czech Technical University of
Prague
 King's College London
 Imperial College London
 3scale Networks S. L.
 CertiCon A. S.
 Lostwax Media Ltd.
 Y‘All B. V.

4


Why Contracts?


The problem: Engineering applications in Cross Organisational
Service Oriented Computing environments

6


The problem: Engineering applications in Cross Organisational
Service Oriented Computing environments

 The behaviour of a software application depends upon:
 Code, Execution Context (environment), Inputs

 In a multi-organisational Distributed Business Application
application:
 No-one has access to all the code
 No-one has access to all the execution context
 (Possibly) no-one has access to all inputs

 Question: How do you predict the potential run-time
behaviour of such applications?

6


Project Core Idea

7


Project Core Idea

 Normal Veri cation approaches for software will not work
without full source code access. In Contract:
Instead of predicting actions w.r.t code,
predict actions w.r.t obligations, rights, permissions
in Contracts
 Impacts:
 Short term: application design tool
 Longer term: formal verification of distributed business
applications

7


Where are the Contracts?

8


Where are the Contracts?

 Contracts:
 Are the explicit, tangible representation of service interdependencies
 Make explicit the obligations of each of the parties in the transactions
 Make explicit what each system can expect from another

 Bind together:
 The electronic interaction (web services) with
 The business obligation with
 Prediction as to whether the system will function to get the job
done

8


Project Results


What does the Project Deliver?

10



 Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts

 Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate

 Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions

 Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems

10




communicate



11


Overall Contract Framework

12


Contract Framework: novel features

13



 Compatible with, and superset of, WS-Agreement

13



 Representation of applications based on state-of-the-art
research on Normative Systems

13




 Considers arbitrary contract-related states, not just violation
or success, to avoid possible future violations

13




 Considers arbitrary contract-related states, not just violation
or success, to avoid possible future violations
 Being extended to cope with complex, partially observable
environments

 Architecture itself de ned in a contractual way

13




communicate



14


New Electronic Contracting Language

15


New Electronic Contracting Language

‣ Language based in latest Normative Systems research
‣ Includes semantic-rich service-to-service interaction, based on
intentions and commitments
‣ This allows the de nition of formal semantics  ease veri cation
‣ Language covers all levels of communication
‣ Not only centered in the expression of electronic contracts
‣ A language to express statements about contracts
‣ Protocols for contract handling
‣ Includes connection with domain (context) models and ontologies

‣ Language allows for full contracts and contract templates

15


Contracting Language Communication Model

16


Contracting Language Communication Model

Interaction st
Context Layer context: Reque S2
Protocol e
handling: S1 Agre
Interaction Protocol Layer
Message envelope + intentionality:
from service S1 to service S2 …
Contractual Message Layer Request[cancel(contract C1)]
Ontology
Statements / actions related to
contracts:
Message Content Layer cancel(contract C1)
A contract:
Contract Layer “the workshop is obliged to
repair the car in 2 days”
Domain Domain terms: car, workshop, repair
Ontology Domain Ontology Layer
16


Electronic Contracts: components

17


Electronic Contract: example

<ISTContract>
ContractName="AftercareContract"
StartingDate="2007-01-01T00:00:00+01:00"
EndingDate="2008-01-01T00:00:00+01:00"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.ist-contract.org/schemas/ISTContract.xsd">
<Contextualization>
...
</Contextualization>
<Definitions>
...
</Definitions>
<Clauses>
...
</Clauses>
</ISTContract>
18



<ISTContract>
<ContractParties>
StartingDate="2007-01-01T00:00:00+01:00"
<Agent AgentName="KLM">
EndingDate="2008-01-01T00:00:00+01:00"
< AgentReference>http://www.ist-contract.org:8080/services/KLM
</AgentReference>
<Contextualization> <AgentDescription>Royal Dutch Airlines</AgentDescription>
... </Agent>
</Contextualization> …
<Definitions> </ContractParties>
... …
</Definitions> <RoleEnactmentList>
<Clauses> <RoleEnactmentElement AgentName="KLM"
... RoleName=“Operator"/>
</Clauses> …
</ISTContract> </RoleEnactmentList>
18



<ISTContract> <Clause>
…
<ContractParties>
StartingDate="2007-01-01T00:00:00+01:00"
<ExplorationCondition>
<Agent AgentName="KLM">
<BooleanExpression>
EndingDate="2008-01-01T00:00:00+01:00"
Before(2007-07-1T15:30:30+01:00)
< AgentReference>http://www.ist-contract.org:8080/services/KLM
</BooleanExpression>
</AgentReference>
<Contextualization> </ExplorationCondition> Dutch Airlines</AgentDescription>
<AgentDescription>Royal
... <DeonticStatement>
</Agent>
<Modality><OBLIGATION></Modality>
</Contextualization> …
<Who> <RoleName>Operator</RoleName> </Who>
<Definitions> </ContractParties>
<What>
... … <ActionExpression>
</Definitions> <RoleEnactmentList>
PayForEngine(amount, engine, Operator, EngineManufacturer)
<Clauses> <RoleEnactmentElement AgentName="KLM"
</ActionExpression>
... </What> RoleName=“Operator"/>
</Clauses> …</DeonticStatement>
</ISTContract> </Clause>
</RoleEnactmentList>
18




communicate



19


Example of deployment

20


Example of deployment

bookSeller bookBuyer

Sensor
Sensor

Contract
Repository Notary
(Observer
Contract +
manager Monitor)
Analyzer

21




communicate



22


Verification Tool

23


Verification Tool

 Off-line tool implements verification mechanisms for
contract-governed systems.

23


Verification Tool

 Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.

23


Verification Tool

 Based in the formal framework and the contract language
semantics.

23


Verification Tool

semantics.
 Ability to check systems with large state spaces

23


Verification Tool

semantics.
 Capable to generate counterexamples when dangerous
or conflicting situations are detected

23


Verification Tool

semantics.
 Capable to generate counterexamples when dangerous
or conflicting situations are detected
 User friendly GUI
23


Verification Tool components/process

24


Service Monitoring Tool

25



 Checks conformance of an individual service execution to
specification (contracts) at runtime.

25



 Specifically, monitors compliance/violations of obligations
of contract clauses which serve as warning to the service.

25



 Capable to monitor service behaviours over large state
spaces.

25



 Capable to monitor service behaviours over large state
spaces.
 Shown useful for monitoring multiple, long running
contracts in parallel

25


Service Monitoring Process

26


Global Monitoring Tool

27


 Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.

27


 Disjunctions and conjunctions of circumstances

27


 Synchronisation of multiple agents’ actions

27


 Accurate monitoring ensures enforcement mechanisms
(sanctions) are only applied when appropriate..

27


 Accurate monitoring ensures enforcement mechanisms
(sanctions) are only applied when appropriate..
 Gives confidence to contract parties that the whole
business interaction will evolve as expected.

27


Global Monitor process

28


 Gets inputs from the Observers

28


 Tracks the status of each clause of the running contract:

28


 A is pre-activation

28


 B is activated but not fulfilled

28


 C is fulfilled

28


 C is fulfilled
 If in state B but cannot move to state C (because of deadline
expiring), then have violated clause
deliver (Seller, Buyer, Goods)‫‏‬
deadline: T + 3 days
observer: OrderObserver
A B C
order (Buyer, Seller, Goods, T)‫‏‬
deadline: N/A
observer: OrderObserver
28


Contract Editor

29


Contract Editor

 Editor to compose contract templates and instances
according to the Contracting Language

29


Contract Editor

 Functions over contracts and contract templates:

29


Contract Editor

 storage

29


Contract Editor

 storage
 retrieval

29


Contract Editor

 storage
 retrieval
 modification

29


Contract Editor

 storage
 retrieval
 modification
 deletion

29


Contract Editor

 storage
 retrieval
 modification
 deletion
 Publishing of templates and instances into a contract
environment by means of the Contract Store

29


Contract Analyser

30


Contract Analyser

 Enables the administrator to inspect the runtime state
and behaviour of a contract-based system

30


Contract Analyser

 Collects information from several sources and presents
them in an integrated view

30


Contract Analyser

 contracts deployed in the system and their status

30


Contract Analyser

 contract-related actions performed in the system

30


Contract Analyser

 communication between contract parties

30


Contract Analyser

 communication between contract parties
 contract-fulfilment state

30


Contract Analyser – Information Sources

31


[Here CTU video on
Contract cycle and
analysis]


Practical Scenarios


Project Practical Scenarios

34


Project Practical Scenarios

 Modular Certification
Testing  Car Insurance Brokerage
 Provided by CertiCon  Provided by Y’All
 Example: European Computer  Car insurance damage
Driving license claims – contracting
between insurers, garages
 Aerospace Aftermarket and the client
 Provided by Lost Wax
 Aerospace engine aftermarket
planning and management

34


1. Modular Certification Testing

35


1. Modular Certification Testing

Developed by CertiCon A. S. for multi level heterogeneous
licensing environments
 WASET is an information system run by CertiCon to support administration
of the process

Used for computer literacy testing ECDL (European Computer
Driving Licence) in cooperation with Czech Society for
Cybernetics and Informatics (CSKI) – national ECDL licensee.
 CertiCon A.S. provides business and IT support for CSKI via WASET system

35


1. Modular Certi cation Testing

36



National licensee Elementary Service Providers

National licensee
 Provides certi cation
Test Rooms Testers Test room
 Provides equipped test room
 Certi ed by national licensee

Tester
 Supervises test session
Test Centres  Certi ed by national licensee

Test Center
 Certi ed national licensee
 Organize test session
 Sells testing to candidate

Candidate
36



Test Rooms Testers

Test Centres

Candidate

37



Scenario for CONTRACT project focuses
on subset of contracts
Test Rooms Testers

 Certification Test Contract
• Parties
– Accredited Test Center
Test Centres
– Certi cation Candidate

 Test Room rental Contract
• Parties
– Accredited Test Center
Candidate – Accredited Test Room
Operator

37



38


2. Aerospace Aftermarket

39



Aerogility tool: What-if? Scenarios & Business Simulations

Aerogility
Aftermarket Model

40
11/23/08



Aerogility tool: What-if? Scenarios & Business Simulations

WHAT IF SCENARIOS
Aerogility  Explore new policies
Aftermarket Model  Identify innovations
 Experiment with configurations

COMPARE THROUGH SIMULATIONS
DECISION  Assess decision impact
SUPPORT  Work through decision options
 Challenge assumptions

BENCHMARK WITH METRICS
 Validate Profit and KPI goals
 Financial benchmarking
 Assess investment business cases

40
11/23/08



Currently Aerogility:

CONTRACT project enhances Aerogility:

Leading to an adaptive future:

41
11/23/08



Currently Aerogility:

MODEL …understand the balance of resources,
evaluate options, decisions, run what-ifs

CONTRACT project enhances Aerogility:

MONITOR …integrate operational data and processes,
monitor the Aftermarket for decision support

Leading to an adaptive future:

MANAGE …drive existing systems and processes with
adaptive intelligent software

41
11/23/08



42
11/23/08



• Benefits of including CONTRACT technology in Aerogility:
• Detecting upcoming conflicting obligations.
• Aid managers decision-making through better information:
• What is the impact of resolving an issue - are conflicts being
deferred leading to future difficulties?
• Have we some leverage in one contract that would prevent us
breaking another?
• How can future iterations of a contract be modified to better
suit our business?

42
11/23/08


3. Car Insurance Market

43


Repair contract – Sequence chart

44


Repair contract – Sequence chart

Customer IC D RC
S
Report damage Assess & delegate
Repair intake

Request proposals
Send proposal

Judge proposals &
select RC

Deliver car Get car & repair

Judge invoice Send invoice
Get invoice, pay,
handle invoice with Send invoice
consumer
Pick up car Deliver car

44



Benefits for industry

45




 Claim-handling process improved:
• Saves money
• More efficient

45




 Claim-handling process improved:
• Saves money
• More efficient

 Automated negotiations between ICs and RCs:
• Higher quality
• Less dependent on human intervention
• Wider variety of repair options
• Higher customer satisfaction

45


Summary


CONTRACT in a NUTSHELL

47


CONTRACT in a NUTSHELL

 There is a need for mechanisms that ease the engineering of
applications in Cross Organisational Service Oriented
Computing environments”
 Contracts are the explicit, tangible representation of
service interdependencies
 Idea: formal verification over contracts, obligations etc.
rather than over internal code is the way to build sound
distributed applications in service oriented environments.
 CONTRACT has created concrete methods and tools
which enable the use of contracts, obligations and
agreements in order to structure the design and execution of
sound applications in Digital Business environments
47


48


www.ist-contract.org

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License
To view a copy of thislicense, visit : http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to
48
Creative Commons, 543 Howard Street, 5thFloor, San Francisco, California, 94105, USA.

Wednesday, September 9, 2009.

EU-Contract Project

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (6)

Semelhante a EU-Contract Project

Semelhante a EU-Contract Project (20)

Mais de Knowledge Engineering and Machine Learning Group

Mais de Knowledge Engineering and Machine Learning Group (13)

Último

Último (20)

EU-Contract Project