The document discusses a project that developed methods for engineering verifiable cross-organizational networked business applications using contracts. The project created a formal contract framework, a contracting language to specify interactions, a contract execution environment for web services, and verification/monitoring tools. It aimed to allow predicting application behavior without full source code access by using contracts to represent obligations between parties.
5. IST-CONTRACT Project Parameters
IST Framework 6 STREP Area: Digital Business
Project Ecosystems
Funded from the 5th Call IST Costs:
Focus: Total Cost: 2,509,156 Euro
Contracts for Distributed Req. Cont: 1,850,000 Euro
Applications Engineering
Dates:
Contracts as a basis for formal
veri cation Start: 1st Sept 2006
e-business applications End: 31st May 2009
Project ID: FP6-034418
3
Wednesday, September 9, 2009
7. IST-CONTRACT Project Partners
Universitat Politècnica
de Catalunya
Fujitsu EST Gmbh
Czech Technical University of
Prague
King's College London
Imperial College London
3scale Networks S. L.
CertiCon A. S.
Lostwax Media Ltd.
Y‘All B. V.
4
Wednesday, September 9, 2009
9. The problem: Engineering applications in Cross Organisational
Service Oriented Computing environments
6
Wednesday, September 9, 2009
10. The problem: Engineering applications in Cross Organisational
Service Oriented Computing environments
The behaviour of a software application depends upon:
Code, Execution Context (environment), Inputs
In a multi-organisational Distributed Business Application
application:
No-one has access to all the code
No-one has access to all the execution context
(Possibly) no-one has access to all inputs
Question: How do you predict the potential run-time
behaviour of such applications?
6
Wednesday, September 9, 2009
12. Project Core Idea
Normal Veri cation approaches for software will not work
without full source code access. In Contract:
Instead of predicting actions w.r.t code,
predict actions w.r.t obligations, rights, permissions
in Contracts
Impacts:
Short term: application design tool
Longer term: formal verification of distributed business
applications
7
Wednesday, September 9, 2009
13. Where are the Contracts?
8
Wednesday, September 9, 2009
14. Where are the Contracts?
Contracts:
Are the explicit, tangible representation of service interdependencies
Make explicit the obligations of each of the parties in the transactions
Make explicit what each system can expect from another
Bind together:
The electronic interaction (web services) with
The business obligation with
Prediction as to whether the system will function to get the job
done
8
Wednesday, September 9, 2009
16. What does the Project Deliver?
10
Wednesday, September 9, 2009
17. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
10
Wednesday, September 9, 2009
18. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
11
Wednesday, September 9, 2009
19. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
11
Wednesday, September 9, 2009
23. Contract Framework: novel features
Compatible with, and superset of, WS-Agreement
13
Wednesday, September 9, 2009
24. Contract Framework: novel features
Compatible with, and superset of, WS-Agreement
Representation of applications based on state-of-the-art
research on Normative Systems
13
Wednesday, September 9, 2009
25. Contract Framework: novel features
Compatible with, and superset of, WS-Agreement
Representation of applications based on state-of-the-art
research on Normative Systems
13
Wednesday, September 9, 2009
26. Contract Framework: novel features
Compatible with, and superset of, WS-Agreement
Representation of applications based on state-of-the-art
research on Normative Systems
Considers arbitrary contract-related states, not just violation
or success, to avoid possible future violations
13
Wednesday, September 9, 2009
27. Contract Framework: novel features
Compatible with, and superset of, WS-Agreement
Representation of applications based on state-of-the-art
research on Normative Systems
Considers arbitrary contract-related states, not just violation
or success, to avoid possible future violations
Being extended to cope with complex, partially observable
environments
Architecture itself de ned in a contractual way
13
Wednesday, September 9, 2009
28. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
14
Wednesday, September 9, 2009
29. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
14
Wednesday, September 9, 2009
31. New Electronic Contracting Language
‣ Language based in latest Normative Systems research
‣ Includes semantic-rich service-to-service interaction, based on
intentions and commitments
‣ This allows the de nition of formal semantics ease veri cation
‣ Language covers all levels of communication
‣ Not only centered in the expression of electronic contracts
‣ A language to express statements about contracts
‣ Protocols for contract handling
‣ Includes connection with domain (context) models and ontologies
‣ Language allows for full contracts and contract templates
15
Wednesday, September 9, 2009
33. Contracting Language Communication Model
Interaction st
Context Layer context: Reque S2
Protocol e
handling: S1 Agre
Interaction Protocol Layer
Message envelope + intentionality:
from service S1 to service S2 …
Contractual Message Layer Request[cancel(contract C1)]
Ontology
Statements / actions related to
contracts:
Message Content Layer cancel(contract C1)
A contract:
Contract Layer “the workshop is obliged to
repair the car in 2 days”
Domain Domain terms: car, workshop, repair
Ontology Domain Ontology Layer
16
Wednesday, September 9, 2009
39. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
19
Wednesday, September 9, 2009
40. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
19
Wednesday, September 9, 2009
43. Example of deployment
bookSeller bookBuyer
Sensor
Sensor
Contract
Repository Notary
(Observer
Contract +
manager Monitor)
Analyzer
21
Wednesday, September 9, 2009
44. Example of deployment
bookSeller bookBuyer
Sensor
Sensor
Contract
Repository Notary
(Observer
Contract +
manager Monitor)
Analyzer
21
Wednesday, September 9, 2009
45. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
22
Wednesday, September 9, 2009
46. What does the Project Deliver?
Contract Framework – formal theoretical framework for
distributed business application modelling based on the
interchange of (electronic) contracts
Contracting Language – speci cations of how the actors
should interact electronically and how they should
communicate
Contract Execution Environment for Web services – to
create and execute contract-mediated business interactions
Verification, Monitoring and Analysis tools – to analyze
and inspect deployed systems
22
Wednesday, September 9, 2009
48. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
23
Wednesday, September 9, 2009
49. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.
23
Wednesday, September 9, 2009
50. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.
Based in the formal framework and the contract language
semantics.
23
Wednesday, September 9, 2009
51. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.
Based in the formal framework and the contract language
semantics.
Ability to check systems with large state spaces
23
Wednesday, September 9, 2009
52. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.
Based in the formal framework and the contract language
semantics.
Ability to check systems with large state spaces
Capable to generate counterexamples when dangerous
or conflicting situations are detected
23
Wednesday, September 9, 2009
53. Verification Tool
Off-line tool implements verification mechanisms for
contract-governed systems.
Capable to verify system behaviours through notions of
compliance/violations of intended behaviours.
Based in the formal framework and the contract language
semantics.
Ability to check systems with large state spaces
Capable to generate counterexamples when dangerous
or conflicting situations are detected
User friendly GUI
23
Wednesday, September 9, 2009
57. Service Monitoring Tool
Checks conformance of an individual service execution to
specification (contracts) at runtime.
25
Wednesday, September 9, 2009
58. Service Monitoring Tool
Checks conformance of an individual service execution to
specification (contracts) at runtime.
Specifically, monitors compliance/violations of obligations
of contract clauses which serve as warning to the service.
25
Wednesday, September 9, 2009
59. Service Monitoring Tool
Checks conformance of an individual service execution to
specification (contracts) at runtime.
Specifically, monitors compliance/violations of obligations
of contract clauses which serve as warning to the service.
Capable to monitor service behaviours over large state
spaces.
25
Wednesday, September 9, 2009
60. Service Monitoring Tool
Checks conformance of an individual service execution to
specification (contracts) at runtime.
Specifically, monitors compliance/violations of obligations
of contract clauses which serve as warning to the service.
Capable to monitor service behaviours over large state
spaces.
Shown useful for monitoring multiple, long running
contracts in parallel
25
Wednesday, September 9, 2009
64. Global Monitoring Tool
Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.
27
Wednesday, September 9, 2009
65. Global Monitoring Tool
Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.
Disjunctions and conjunctions of circumstances
27
Wednesday, September 9, 2009
66. Global Monitoring Tool
Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.
Disjunctions and conjunctions of circumstances
Synchronisation of multiple agents’ actions
27
Wednesday, September 9, 2009
67. Global Monitoring Tool
Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.
Disjunctions and conjunctions of circumstances
Synchronisation of multiple agents’ actions
Accurate monitoring ensures enforcement mechanisms
(sanctions) are only applied when appropriate..
27
Wednesday, September 9, 2009
68. Global Monitoring Tool
Global Monitors detect and report on violations and
fulfilment of contract clauses, specially those specifying
complex behaviours of contract party agents.
Disjunctions and conjunctions of circumstances
Synchronisation of multiple agents’ actions
Accurate monitoring ensures enforcement mechanisms
(sanctions) are only applied when appropriate..
Gives confidence to contract parties that the whole
business interaction will evolve as expected.
27
Wednesday, September 9, 2009
71. Global Monitor process
Gets inputs from the Observers
Tracks the status of each clause of the running contract:
28
Wednesday, September 9, 2009
72. Global Monitor process
Gets inputs from the Observers
Tracks the status of each clause of the running contract:
A is pre-activation
28
Wednesday, September 9, 2009
73. Global Monitor process
Gets inputs from the Observers
Tracks the status of each clause of the running contract:
A is pre-activation
B is activated but not fulfilled
28
Wednesday, September 9, 2009
74. Global Monitor process
Gets inputs from the Observers
Tracks the status of each clause of the running contract:
A is pre-activation
B is activated but not fulfilled
C is fulfilled
28
Wednesday, September 9, 2009
75. Global Monitor process
Gets inputs from the Observers
Tracks the status of each clause of the running contract:
A is pre-activation
B is activated but not fulfilled
C is fulfilled
If in state B but cannot move to state C (because of deadline
expiring), then have violated clause
deliver (Seller, Buyer, Goods)
deadline: T + 3 days
observer: OrderObserver
A B C
order (Buyer, Seller, Goods, T)
deadline: N/A
observer: OrderObserver
28
Wednesday, September 9, 2009
77. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
29
Wednesday, September 9, 2009
78. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
29
Wednesday, September 9, 2009
79. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
storage
29
Wednesday, September 9, 2009
80. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
storage
retrieval
29
Wednesday, September 9, 2009
81. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
storage
retrieval
modification
29
Wednesday, September 9, 2009
82. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
storage
retrieval
modification
deletion
29
Wednesday, September 9, 2009
83. Contract Editor
Editor to compose contract templates and instances
according to the Contracting Language
Functions over contracts and contract templates:
storage
retrieval
modification
deletion
Publishing of templates and instances into a contract
environment by means of the Contract Store
29
Wednesday, September 9, 2009
85. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
30
Wednesday, September 9, 2009
86. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
Collects information from several sources and presents
them in an integrated view
30
Wednesday, September 9, 2009
87. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
Collects information from several sources and presents
them in an integrated view
contracts deployed in the system and their status
30
Wednesday, September 9, 2009
88. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
Collects information from several sources and presents
them in an integrated view
contracts deployed in the system and their status
contract-related actions performed in the system
30
Wednesday, September 9, 2009
89. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
Collects information from several sources and presents
them in an integrated view
contracts deployed in the system and their status
contract-related actions performed in the system
communication between contract parties
30
Wednesday, September 9, 2009
90. Contract Analyser
Enables the administrator to inspect the runtime state
and behaviour of a contract-based system
Collects information from several sources and presents
them in an integrated view
contracts deployed in the system and their status
contract-related actions performed in the system
communication between contract parties
contract-fulfilment state
30
Wednesday, September 9, 2009
96. Project Practical Scenarios
Modular Certification
Testing Car Insurance Brokerage
Provided by CertiCon Provided by Y’All
Example: European Computer Car insurance damage
Driving license claims – contracting
between insurers, garages
Aerospace Aftermarket and the client
Provided by Lost Wax
Aerospace engine aftermarket
planning and management
34
Wednesday, September 9, 2009
98. 1. Modular Certification Testing
Developed by CertiCon A. S. for multi level heterogeneous
licensing environments
WASET is an information system run by CertiCon to support administration
of the process
Used for computer literacy testing ECDL (European Computer
Driving Licence) in cooperation with Czech Society for
Cybernetics and Informatics (CSKI) – national ECDL licensee.
CertiCon A.S. provides business and IT support for CSKI via WASET system
35
Wednesday, September 9, 2009
100. 1. Modular Certi cation Testing
National licensee Elementary Service Providers
National licensee
Provides certi cation
Test Rooms Testers Test room
Provides equipped test room
Certi ed by national licensee
Tester
Supervises test session
Test Centres Certi ed by national licensee
Test Center
Certi ed national licensee
Organize test session
Sells testing to candidate
Candidate
36
Wednesday, September 9, 2009
101. 1. Modular Certi cation Testing
Test Rooms Testers
Test Centres
Candidate
37
Wednesday, September 9, 2009
102. 1. Modular Certi cation Testing
Test Rooms Testers
Test Centres
Candidate
37
Wednesday, September 9, 2009
103. 1. Modular Certi cation Testing
Scenario for CONTRACT project focuses
on subset of contracts
Test Rooms Testers
Certification Test Contract
• Parties
– Accredited Test Center
Test Centres
– Certi cation Candidate
Test Room rental Contract
• Parties
– Accredited Test Center
Candidate – Accredited Test Room
Operator
37
Wednesday, September 9, 2009
104. 1. Modular Certi cation Testing
38
Wednesday, September 9, 2009
105. 1. Modular Certi cation Testing
38
Wednesday, September 9, 2009
108. 2. Aerospace Aftermarket
Aerogility tool: What-if? Scenarios & Business Simulations
Aerogility
Aftermarket Model
40
11/23/08
Wednesday, September 9, 2009
109. 2. Aerospace Aftermarket
Aerogility tool: What-if? Scenarios & Business Simulations
WHAT IF SCENARIOS
Aerogility Explore new policies
Aftermarket Model Identify innovations
Experiment with configurations
COMPARE THROUGH SIMULATIONS
DECISION Assess decision impact
SUPPORT Work through decision options
Challenge assumptions
BENCHMARK WITH METRICS
Validate Profit and KPI goals
Financial benchmarking
Assess investment business cases
40
11/23/08
Wednesday, September 9, 2009
110. 2. Aerospace Aftermarket
Currently Aerogility:
CONTRACT project enhances Aerogility:
Leading to an adaptive future:
41
11/23/08
Wednesday, September 9, 2009
111. 2. Aerospace Aftermarket
Currently Aerogility:
MODEL …understand the balance of resources,
evaluate options, decisions, run what-ifs
CONTRACT project enhances Aerogility:
MONITOR …integrate operational data and processes,
monitor the Aftermarket for decision support
Leading to an adaptive future:
MANAGE …drive existing systems and processes with
adaptive intelligent software
41
11/23/08
Wednesday, September 9, 2009
113. 2. Aerospace Aftermarket
• Benefits of including CONTRACT technology in Aerogility:
• Detecting upcoming conflicting obligations.
• Aid managers decision-making through better information:
• What is the impact of resolving an issue - are conflicts being
deferred leading to future difficulties?
• Have we some leverage in one contract that would prevent us
breaking another?
• How can future iterations of a contract be modified to better
suit our business?
42
11/23/08
Wednesday, September 9, 2009
116. 3. Car Insurance Market
Repair contract – Sequence chart
44
Wednesday, September 9, 2009
117. 3. Car Insurance Market
Repair contract – Sequence chart
Customer IC D RC
S
Report damage Assess & delegate
Repair intake
Request proposals
Send proposal
Judge proposals &
select RC
Deliver car Get car & repair
Judge invoice Send invoice
Get invoice, pay,
handle invoice with Send invoice
consumer
Pick up car Deliver car
44
Wednesday, September 9, 2009
118. 3. Car Insurance Market
Benefits for industry
45
Wednesday, September 9, 2009
119. 3. Car Insurance Market
Benefits for industry
Claim-handling process improved:
• Saves money
• More efficient
45
Wednesday, September 9, 2009
120. 3. Car Insurance Market
Benefits for industry
Claim-handling process improved:
• Saves money
• More efficient
Automated negotiations between ICs and RCs:
• Higher quality
• Less dependent on human intervention
• Wider variety of repair options
• Higher customer satisfaction
45
Wednesday, September 9, 2009
122. CONTRACT in a NUTSHELL
47
Wednesday, September 9, 2009
123. CONTRACT in a NUTSHELL
There is a need for mechanisms that ease the engineering of
applications in Cross Organisational Service Oriented
Computing environments”
Contracts are the explicit, tangible representation of
service interdependencies
Idea: formal verification over contracts, obligations etc.
rather than over internal code is the way to build sound
distributed applications in service oriented environments.
CONTRACT has created concrete methods and tools
which enable the use of contracts, obligations and
agreements in order to structure the design and execution of
sound applications in Digital Business environments
47
Wednesday, September 9, 2009
125. www.ist-contract.org
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License
To view a copy of thislicense, visit : http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to
48
Creative Commons, 543 Howard Street, 5thFloor, San Francisco, California, 94105, USA.
Wednesday, September 9, 2009.