Upload
fabio-corubolo
View
208
Download
0
Embed Size (px)
Citation preview
GRANT AGREEMENT: 601138 | SCHEME FP7 ICT 2011.4.3 Promoting and Enhancing Reuse of Information throughout the Content Lifecycle taking account of Evolving Semantics [Digital Preservation]
Policy modelling, derivation and Quality Assurance
Fabio Corubolo - University of Liverpool29 October, PERICLES Workshop Belgian Institute for Space Aeronomy, Brussels
MotivationOverviewDefinitions (Policy, QA)Policy modelPolicy derivationQA of PoliciesPolicies in the ecosystem modelExamples
Outline
Managing and enforcing policy (one of the project objectives) in the overall infrastructure, is qualified, time consuming work
Good management requires Quality AssuranceChange an obsolescence is constantDigital preservation approaches for ecosystem
management are useful NOW, and in the long term
Why are we doing …
QA used to manage change by:◦ validating the correct application of policies in the
ecosystem.◦ detecting potential conflicts ◦ constraining the ecosystem evolution
Policy derivation◦ Adding dependencies to the ecosystem model by
mapping polices to policies and other ecosystem entities High-level policies Intermediate-level policies Concrete implementations via processes and technical
services
… the things we do?
In PERICLES architecture context
Change and model analysis
Registration / Model update
Validation
Entity registry / Model repository
Workflow engine
Components
Digital ecosystem
User interfaceModel editor / Change explorer
Preservation process
User input
Triggers
Entity, dependencies, metadata
Change actions
Process execution
Content
Compiled workflow
Models and policies
Workflow and results
Validation results
Model views
Knowledge base
User input
Uses
Uses
?
Quality Assurance (QA): a program for the systematic monitoring and evaluation of the various aspects of a project, service, or facility to ensure that standards of quality are being met (Webster)
Quality assurance definition
Used in very diverse meaning in English, and in IT.
◦ A policy is a plan that defines the desired state inside an ecosystem. A policy describes the 'what' (guidelines) and not the 'how' (implementation). (Pericles)
◦ A policy is a statement of intent, and is implemented as a procedure or protocol. (Wikipedia)
◦ A formal statement of direction or guidance as to how an organization will carry out its mandate, functions or activities, motivated by determined interests or programs (Interpares)
◦ … Many more specific uses: access control, security, load balancing, configuration … policies
Our definition: “high and intermediate level natural language descriptions of an institution’s aims/goals, with what constraints.”
Policy definition
ID, Name Version Policy statement (formal or not formal) QA criteria (condition-action, rule, Unit
test or other formal definition) Purpose (reason of creating) Dependencies Classification Owner Responsible for the application Level on compliance (must, should, …)…
General policy model
How:Trace the highest level policies, through
intermediate levels, down to concrete implementations such as rules (constraints) , procedures, WFs, services
Why: High level => abstraction from detail (principle)
=> less change in the long termRationalise the ecosystem structure by showing
the dependencies between different level-policies, procedures/services and other ecosystem entities
Enable policy based methods for QA and validation
Policy derivation
Policy derivation
High level abstract policyIndependent from any model structure
Level of abstraction Policy entities
Intermediate level(s) policy
Other Ecosystem entities
(At different level of abstractions)
Connects to abstract level entities
Link to concrete implementation: workflow, procedure, services
QA methods
High level intent and constraints in natural language
Detailed intent and constraints in natural language
- Unit tests- Rule language
constraints (PAL, SWRL)
- Validation queries to ecosystem model (SPARQL)
Services
DOs
Users
Processes, rules, workflows
Infrastructure, SW etc
DO1
TS 1
DO2
ON 1
TS 2
TS 3
TS 4
TS 5
Models: Process (BPMN) Dependency (LRM) Semantic dependency
depends on
depends on
depends on
semanticallydepends on
semanticallydepends on
process process
PO1
PO2
depends on
TS 6
TS 6
depends on depends on
Example
Top-down: Know what processes depend on a specific policy, and be aware of consequences of change
Bottom-up: Know what policy is motivating or depends a particular entity; so that any change related to that entity could trigger policy re-validation
Notice when the practice starts to deviate from the policies, that will help update the policies or correct the practice depending on the case.
How to use it
Notice when practice starts to deviate from policies
http://arstechnica.com/tech-policy/2015/08/cops-decide-to-collect-less-license-plate-data-after-80gb-drive-got-full/
Real life example
QA criteria implementation● Unit tests on policy
● Rule/action language constraints (PAL, SWRL)
● Risk analysis on the ecosystem graph
● Validation queries to ecosystem model (SPARQL)
● Policy conflict detection and change management
Digital ecosystem model
Process
PolicyDigital Object
Technical Service Community
User uses TS to get access to Processes and Digital Objects
manage
executes
rulebase, constraints, validation
procedure, rulebase, constraints, validation
procedure, rulebase, constraints, validation
rulebase, constraints,
Ecosystem Policy Management
Ecosystem Quality Assurance
Understand the risks and impact associated with a change of policy.
Be aware of changes (external and internal) that may invalidate a policy implementation.
Understand and control how the content of the archive may evolve over time.
When a standard checklist of policies needs to be implemented to adhere to a standard, the policy derivation and mapping will help prove the correct implementation.
QA scenarios
It can tie in existing systems and methods and does not mandate a specific model or complete buy in
Does not impose organisation structure; or policy or process language, but can be integrated in existing ones
QA methods can be implemented as well in any language or fashion
Advantage of our methodology
To support QA of research outputs Automated validation of compliance with
policies and standards ◦ ease the pressure on scientists as far as policy
compliance is concerned◦ Integrate preservation practices at the moment of
creation to support reuse; integrates in existing infrastructure
◦ Helps to keep track of the decisions made when implementing policies and their rationale
Concrete use
wiki.opf-labs.org/display/SP/Published+Preservation+Policies
www.isis.stfc.ac.uk/user-office/data-policy11204.html
www.wellcome.ac.uk/About-us/Policy/Policy-and-position-statements/WTD002766.htm
www.rcuk.ac.uk/research/datapolicy/