IT Applications have to ensure compliance – the conformity to laws and regulations, which affect the architecture design and runtime of an application. In this scope, only some compliance requirements affect the functional aspects of the applications as they target for instance the supported business processes. For example, these requirements may specify an order of activities or certain time dependencies of activities following each other. A significant number of other compliance requirements affect rather the non-functional properties of the applications, such as hosting location, physical accessibility of used hardware, required logging intervals, etc. Such compliance requirements are significantly harder to ensure as they do not manifest in the applications' functions and easily observable behavior. In general, compliance requirements, therefore, lead to architectural design decisions (ADD) affecting the application design, deployment, and runtime. However, no approach exists that verifies or ensures the consistent realization of ADDs concerning compliance aspects during design time and runtime.
As a means to formalize ADDs, patterns have already been used. A pattern documents proven solutions to reoccurring architectural problems in a human-readable form. The selection of a pattern to be implemented by an IT application can be seen an ADD. However, pattern formalization attempts mostly focus on structural pattern aspects and fall short in dealing with the inherent variability handled by humans during manual pattern implementation. The ADDCompliance project will investigate compliance patterns to document proven strategies in dealing with compliance requirements. In contrast to existing IT support for compliance, these compliance patterns do not consider the refinement of specific laws and regulations, but enable an application to deal with varying compliance requirements. To ensure adherence to these compliance patterns during application design and runtime, pattern documents – originally followed manually by human developers – will be formalized using structural and behavioral models. Using these models, the ADDCompliance project will develop method and tools to track the architectural decisions made due to compliance requirements and enforce their realization during design time and runtime of the application.
- University of Vienna
- University of Stuttgart - Institute of Architecture of Application Systems