为法规遵从性需求建模的遵从性规则语言的评估

IF 1.5 4区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING
Andrea Zasada, M. Hashmi, M. Fellmann, David Knuplesch
{"title":"为法规遵从性需求建模的遵从性规则语言的评估","authors":"Andrea Zasada, M. Hashmi, M. Fellmann, David Knuplesch","doi":"10.3390/software2010004","DOIUrl":null,"url":null,"abstract":"Compliance in business processes has become a fundamental requirement given the constant rise in regulatory requirements and competitive pressures that have emerged in recent decades. While in other areas of business process modelling and execution, considerable progress towards automation has been made (e.g., process discovery, executable process models), the interpretation and implementation of compliance requirements is still a highly complex task requiring human effort and time. To increase the level of “mechanization” when implementing regulations in business processes, compliance research seeks to formalize compliance requirements. Formal representations of compliance requirements should, then, be leveraged to design correct process models and, ideally, would also serve for the automated detection of violations. To formally specify compliance requirements, however, multiple process perspectives, such as control flow, data, time and resources, have to be considered. This leads to the challenge of representing such complex constraints which affect different process perspectives. To this end, current approaches in business process compliance make use of a varied set of languages. However, every approach has been devised based on different assumptions and motivating scenarios. In addition, these languages and their presentation usually abstract from real-world requirements which often would imply introducing a substantial amount of domain knowledge and interpretation, thus hampering the evaluation of their expressiveness. This is a serious problem, since comparisons of different formal languages based on real-world compliance requirements are lacking, meaning that users of such languages are not able to make informed decisions about which language to choose. To close this gap and to establish a uniform evaluation basis, we introduce a running example for evaluating the expressiveness and complexity of compliance rule languages. For language selection, we conducted a literature review. Next, we briefly introduce and demonstrate the languages’ grammars and vocabularies based on the representation of a number of legal requirements. In doing so, we pay attention to semantic subtleties which we evaluate by adopting a normative classification framework which differentiates between different deontic assignments. Finally, on top of that, we apply Halstead’s well-known metrics for calculating the relevant characteristics of the different languages in our comparison, such as the volume, difficulty and effort for each language. With this, we are finally able to better understand the lexical complexity of the languages in relation to their expressiveness. In sum, we provide a systematic comparison of different compliance rule languages based on real-world compliance requirements which may inform future users and developers of these languages. Finally, we advocate for a more user-aware development of compliance languages which should consider a trade off between expressiveness, complexity and usability.","PeriodicalId":50378,"journal":{"name":"IET Software","volume":"38 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Evaluation of Compliance Rule Languages for Modelling Regulatory Compliance Requirements\",\"authors\":\"Andrea Zasada, M. Hashmi, M. Fellmann, David Knuplesch\",\"doi\":\"10.3390/software2010004\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Compliance in business processes has become a fundamental requirement given the constant rise in regulatory requirements and competitive pressures that have emerged in recent decades. While in other areas of business process modelling and execution, considerable progress towards automation has been made (e.g., process discovery, executable process models), the interpretation and implementation of compliance requirements is still a highly complex task requiring human effort and time. To increase the level of “mechanization” when implementing regulations in business processes, compliance research seeks to formalize compliance requirements. Formal representations of compliance requirements should, then, be leveraged to design correct process models and, ideally, would also serve for the automated detection of violations. To formally specify compliance requirements, however, multiple process perspectives, such as control flow, data, time and resources, have to be considered. This leads to the challenge of representing such complex constraints which affect different process perspectives. To this end, current approaches in business process compliance make use of a varied set of languages. However, every approach has been devised based on different assumptions and motivating scenarios. In addition, these languages and their presentation usually abstract from real-world requirements which often would imply introducing a substantial amount of domain knowledge and interpretation, thus hampering the evaluation of their expressiveness. This is a serious problem, since comparisons of different formal languages based on real-world compliance requirements are lacking, meaning that users of such languages are not able to make informed decisions about which language to choose. To close this gap and to establish a uniform evaluation basis, we introduce a running example for evaluating the expressiveness and complexity of compliance rule languages. For language selection, we conducted a literature review. Next, we briefly introduce and demonstrate the languages’ grammars and vocabularies based on the representation of a number of legal requirements. In doing so, we pay attention to semantic subtleties which we evaluate by adopting a normative classification framework which differentiates between different deontic assignments. Finally, on top of that, we apply Halstead’s well-known metrics for calculating the relevant characteristics of the different languages in our comparison, such as the volume, difficulty and effort for each language. With this, we are finally able to better understand the lexical complexity of the languages in relation to their expressiveness. In sum, we provide a systematic comparison of different compliance rule languages based on real-world compliance requirements which may inform future users and developers of these languages. Finally, we advocate for a more user-aware development of compliance languages which should consider a trade off between expressiveness, complexity and usability.\",\"PeriodicalId\":50378,\"journal\":{\"name\":\"IET Software\",\"volume\":\"38 1\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2023-01-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Software\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.3390/software2010004\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Software","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.3390/software2010004","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 2

摘要

鉴于最近几十年来出现的监管需求和竞争压力的不断增加,业务流程中的遵从性已经成为一项基本需求。虽然在业务流程建模和执行的其他领域,已经在自动化方面取得了相当大的进展(例如,流程发现、可执行流程模型),但遵从性需求的解释和实现仍然是一项高度复杂的任务,需要人力和时间。为了在业务流程中实现规则时提高“机械化”水平,遵从性研究试图将遵从性需求形式化。因此,应该利用遵从性需求的正式表示来设计正确的流程模型,并且在理想情况下,还可以用于自动检测违规行为。然而,要正式指定遵从性需求,必须考虑多个过程透视图,例如控制流、数据、时间和资源。这导致了表示影响不同过程透视图的复杂约束的挑战。为此,业务流程遵从性的当前方法使用了一组不同的语言。然而,每种方法都是基于不同的假设和激励情景而设计的。此外,这些语言及其表示通常是从现实世界的需求中抽象出来的,这通常意味着引入大量的领域知识和解释,从而阻碍了对其表达性的评估。这是一个严重的问题,因为缺乏基于实际遵从性需求的不同形式语言的比较,这意味着这些语言的用户无法对选择哪种语言做出明智的决定。为了缩小这一差距并建立统一的评估基础,我们引入了一个运行的示例来评估遵从规则语言的表达性和复杂性。在语言选择上,我们进行了文献综述。接下来,我们将根据一些法律要求的表示简要介绍和演示语言的语法和词汇。在此过程中,我们通过采用区分不同义务赋值的规范分类框架来评估语义的微妙之处。最后,在此基础上,我们应用Halstead的著名指标来计算我们比较中不同语言的相关特征,如每种语言的数量、难度和努力。有了这个,我们最终能够更好地理解语言的词汇复杂性与其表达能力的关系。总之,我们基于现实世界的遵从性需求对不同的遵从性规则语言进行了系统的比较,这可能会为未来的用户和开发人员提供这些语言的信息。最后,我们提倡对遵从性语言进行更加用户感知的开发,它应该考虑在表达性、复杂性和可用性之间进行权衡。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Evaluation of Compliance Rule Languages for Modelling Regulatory Compliance Requirements
Compliance in business processes has become a fundamental requirement given the constant rise in regulatory requirements and competitive pressures that have emerged in recent decades. While in other areas of business process modelling and execution, considerable progress towards automation has been made (e.g., process discovery, executable process models), the interpretation and implementation of compliance requirements is still a highly complex task requiring human effort and time. To increase the level of “mechanization” when implementing regulations in business processes, compliance research seeks to formalize compliance requirements. Formal representations of compliance requirements should, then, be leveraged to design correct process models and, ideally, would also serve for the automated detection of violations. To formally specify compliance requirements, however, multiple process perspectives, such as control flow, data, time and resources, have to be considered. This leads to the challenge of representing such complex constraints which affect different process perspectives. To this end, current approaches in business process compliance make use of a varied set of languages. However, every approach has been devised based on different assumptions and motivating scenarios. In addition, these languages and their presentation usually abstract from real-world requirements which often would imply introducing a substantial amount of domain knowledge and interpretation, thus hampering the evaluation of their expressiveness. This is a serious problem, since comparisons of different formal languages based on real-world compliance requirements are lacking, meaning that users of such languages are not able to make informed decisions about which language to choose. To close this gap and to establish a uniform evaluation basis, we introduce a running example for evaluating the expressiveness and complexity of compliance rule languages. For language selection, we conducted a literature review. Next, we briefly introduce and demonstrate the languages’ grammars and vocabularies based on the representation of a number of legal requirements. In doing so, we pay attention to semantic subtleties which we evaluate by adopting a normative classification framework which differentiates between different deontic assignments. Finally, on top of that, we apply Halstead’s well-known metrics for calculating the relevant characteristics of the different languages in our comparison, such as the volume, difficulty and effort for each language. With this, we are finally able to better understand the lexical complexity of the languages in relation to their expressiveness. In sum, we provide a systematic comparison of different compliance rule languages based on real-world compliance requirements which may inform future users and developers of these languages. Finally, we advocate for a more user-aware development of compliance languages which should consider a trade off between expressiveness, complexity and usability.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IET Software
IET Software 工程技术-计算机:软件工程
CiteScore
4.20
自引率
0.00%
发文量
27
审稿时长
9 months
期刊介绍: IET Software publishes papers on all aspects of the software lifecycle, including design, development, implementation and maintenance. The focus of the journal is on the methods used to develop and maintain software, and their practical application. Authors are especially encouraged to submit papers on the following topics, although papers on all aspects of software engineering are welcome: Software and systems requirements engineering Formal methods, design methods, practice and experience Software architecture, aspect and object orientation, reuse and re-engineering Testing, verification and validation techniques Software dependability and measurement Human systems engineering and human-computer interaction Knowledge engineering; expert and knowledge-based systems, intelligent agents Information systems engineering Application of software engineering in industry and commerce Software engineering technology transfer Management of software development Theoretical aspects of software development Machine learning Big data and big code Cloud computing Current Special Issue. Call for papers: Knowledge Discovery for Software Development - https://digital-library.theiet.org/files/IET_SEN_CFP_KDSD.pdf Big Data Analytics for Sustainable Software Development - https://digital-library.theiet.org/files/IET_SEN_CFP_BDASSD.pdf
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信