Workshop presentation given by Niels Lohmann on September 28, 2009 in Brisbane, Australia at the 4th International Workshop on Web Services and Formal Methods (WS-FM 2007).
From public views to private views - Correctness by design for services
1.
2. Motivation
From Public Views to Private Views - Correctness-by-Design for Services
Service brokering fails in realizing SOA for
inter-organizational business processes!
Possible solution:
!specify a choreography (e.g. BPEL4Chor)
!serves as a contract for all parties involved
Challenge: A
B C
2
3. Research Goal
From Public Views to Private Views - Correctness-by-Design for Services
! develop formal foundation for contracts
! a local correctness criterion !
! decision algorithm !
! transformation rules to derive a
correct private view from public view
! verify correctness of existing approaches
(e.g., Abstract BPEL Profiles, BPEL4Chor) today
! improve approaches used in practice
! formulate BPEL code transformation rules
! collect anti-patterns
3
4. Step 1: Specification
From Public Views to Private Views - Correctness-by-Design for Services
A contract is traveler agency airline
p1 trip p6 p13
! a closed system order
a f
(no external p2 p7
interface) flight flight
details order
b g m
! bilateral
p3 p8 confirm p14
communication invoice
order
c h n
i
p9 o
reject
j p10 order
p4
reject p11 k
trip
l
! weakly terminating d p12 p15
(always possible to p5
ticket
p16
e p
reach final marking)
4
5. Step 2: Implementation
From Public Views to Private Views - Correctness-by-Design for Services
implement private view traveler modified traveler
of a public view p1 trip
order
p1 trip
order
a a
p2 p2
Goals: flight
details
flight
details
b b
! implementation of
p3 p31 p32
the complete invoice invoice
c
contract is still
c
e
weakly terminating ticket
! criteria local to each
p4 p33 p34
reject reject
transformation trip x trip
d d
(public " private)
p5 p5
e ticket
5
6. Solution
From Public Views to Private Views - Correctness-by-Design for Services
! Each party must guarantee that its private view can
interact with every environment its public view can
cooperate with.
! local criterion (accordance):
! implemented in Fiona, but…
! … only a-posteriori check
! … no systematic design process
! … can be very expensive
6
7. Transformation Rules
From Public Views to Private Views - Correctness-by-Design for Services
derive correct private view from public view:
! add internal (non-communicating) actions
N0 N1 N2 N3
original loop in parallel in sequence
7
8. Transformation Rules (cont.)
From Public Views to Private Views - Correctness-by-Design for Services
derive correct private view from public view
! add internal (non-communicating) actions
! additional stronger (more flexible) rules on messages
8
9. Sequence of Sending Events
From Public Views to Private Views - Correctness-by-Design for Services
sequence
invoke1
flow
invoke2
invoke1 invoke2 … invoken
!
invoken
! also implies arbitrary reordering of sending events
9
10. Sequence of Receiving Events
From Public Views to Private Views - Correctness-by-Design for Services
sequence
receive1 flow
receive2
receive1 receive2 … receiven
!
receiven
! also implies arbitrary reordering of receiving events
10
11. Receive-then-send
From Public Views to Private Views - Correctness-by-Design for Services
sequence
receive1
flow
!
receiven
invoke1 … invokek receive1 … receiven
invoke1
!
invokek
11
12. From Public Views to Private Views - Correctness-by-Design for Services
12
receive
invoke
flow
Send-then-receive
sequence
receive
invoke
13. Anti-Pattern
From Public Views to Private Views - Correctness-by-Design for Services
sequence sequence
invoke receive
receive invoke
! order of sending and receiving may not be changed
13
14. Adding an Alternative Branch
From Public Views to Private Views - Correctness-by-Design for Services
sequence pick
receiveA
receiveC receiveA
if then else
sequence sequence
sequence
invokeB invokeD
invokeF
receiveC receiveE
Arbitrary
14
15. Summary
From Public Views to Private Views - Correctness-by-Design for Services
! formal foundation for contracts for services
! local criterion for guaranteeing global correctness
! first results include
! transformation rules
! anti-patterns
" shows that Abstract BPEL is too restrictive:
adding or reordering is not allowed in current profiles
Thank you very much!
15