Domain-specific language for event-based compliance monitoring in process-driven SOAs
Organizations today are required to adhere to a number of compliance concerns from laws, regulations and policies. Compliance is achieved through defining and implementing so-called controls in the organizations? business processes. Organizations that build their systems based on the process-driven SOA paradigm realize business processes through orchestration of services to handle the process? business activities. These business activities or groups of business activities in some cases realize the compliance controls. We propose an approach for implementing event-based compliance monitoring infrastructure that observes such business processes to verify that compliance is indeed adhered to. Our approach is essentially a model-driven technique for realizing this infrastructure. We implement a domain-specific language for specification of compliance directives, and we include code generation templates to generate compliance monitoring code, which is leveraged by complex event processing components to monitor for compliance. We evaluate the impact of our approach on the effort and productivity of a developer who is specifying compliance directives.