Implementations of business processes are mainly based on service-oriented architecture systems. These systems have to satisfy a set of compliance constraints imposed by law and regulations. Self-monitoring is applied to detect violations of these constraints at runtime (for example, runtime verification). However, ad hoc and application-specific implementation of monitoring mechanisms reduces their maintainability and reusability.
A model-driven engineering approach for systematic development of compliance monitoring mechanisms is described in this paper. A domain-specific language (DSL) is proposed for defining constraints in the form of a declarative specification. The specification involves filters to select particular events based on data values and assertions in order to impose a particular order on these events. The specification is translated to complex event processing (CEP) queries using a library of parameterized queries or code templates. Queries are executed by a CEP engine to detect violations of the specified constraints.
The proposed DSL is useful for capturing the domain concepts, and facilitates reusability and understanding by focusing on the particular purpose of compliance monitoring. The language elements and their translation to general-purpose CEP queries seem to be mainly syntactic and obvious. However, the composition and the interaction of the generated monitoring mechanism with SOAs are not obvious, and the composition mainly relies on naming conventions. Hence, the reusability is limited to an application or a very restricted domain. Evolution of the system could lead to issues similar to the fragile pointcut problem that has been studied in the aspect-oriented software development community.