GRANT AGREEMENT: 601138 | SCHEME FP7 ICT 2011.4.3 Promoting and Enhancing Reuse of Information throughout the Content Lifecycle taking account of Evolving Semantics [Digital Preservation]

Policy modelling, derivation and Quality Assurance

Fabio Corubolo - University of Liverpool29 October, PERICLES Workshop Belgian Institute for Space Aeronomy, Brussels

MotivationOverviewDefinitions (Policy, QA)Policy modelPolicy derivationQA of PoliciesPolicies in the ecosystem modelExamples

Outline

Managing and enforcing policy (one of the project objectives) in the overall infrastructure, is qualified, time consuming work

Good management requires Quality AssuranceChange an obsolescence is constantDigital preservation approaches for ecosystem

management are useful NOW, and in the long term

Why are we doing …

QA used to manage change by:◦ validating the correct application of policies in the

ecosystem.◦ detecting potential conflicts ◦ constraining the ecosystem evolution

Policy derivation◦ Adding dependencies to the ecosystem model by

mapping polices to policies and other ecosystem entities High-level policies Intermediate-level policies Concrete implementations via processes and technical

services

… the things we do?

In PERICLES architecture context

Change and model analysis

Registration / Model update

Validation

Entity registry / Model repository

Workflow engine

Components

Digital ecosystem

User interfaceModel editor / Change explorer

Preservation process

User input

Triggers

Entity, dependencies, metadata

Change actions

Process execution

Content

Compiled workflow

Models and policies

Workflow and results

Validation results

Model views

Knowledge base

User input

Uses

Uses

?

Quality Assurance (QA): a program for the systematic monitoring and evaluation of the various aspects of a project, service, or facility to ensure that standards of quality are being met (Webster)

Quality assurance definition

Used in very diverse meaning in English, and in IT.

◦ A policy is a plan that defines the desired state inside an ecosystem. A policy describes the 'what' (guidelines) and not the 'how' (implementation). (Pericles)

◦ A policy is a statement of intent, and is implemented as a procedure or protocol. (Wikipedia)

◦ A formal statement of direction or guidance as to how an organization will carry out its mandate, functions or activities, motivated by determined interests or programs (Interpares)

◦ … Many more specific uses: access control, security, load balancing, configuration … policies

Our definition: “high and intermediate level natural language descriptions of an institution’s aims/goals, with what constraints.”

Policy definition

ID, Name Version Policy statement (formal or not formal) QA criteria (condition-action, rule, Unit

test or other formal definition) Purpose (reason of creating) Dependencies Classification Owner Responsible for the application Level on compliance (must, should, …)…

General policy model

How:Trace the highest level policies, through

intermediate levels, down to concrete implementations such as rules (constraints) , procedures, WFs, services

Why: High level => abstraction from detail (principle)

=> less change in the long termRationalise the ecosystem structure by showing

the dependencies between different level-policies, procedures/services and other ecosystem entities

Enable policy based methods for QA and validation

Policy derivation

Policy derivation

High level abstract policyIndependent from any model structure

Level of abstraction Policy entities

Intermediate level(s) policy

Other Ecosystem entities

(At different level of abstractions)

Connects to abstract level entities

Link to concrete implementation: workflow, procedure, services

QA methods

High level intent and constraints in natural language

Detailed intent and constraints in natural language

- Unit tests- Rule language

constraints (PAL, SWRL)

- Validation queries to ecosystem model (SPARQL)

Services

DOs

Users

Processes, rules, workflows

Infrastructure, SW etc

DO1

TS 1

DO2

ON 1

TS 2

TS 3

TS 4

TS 5

Models: Process (BPMN) Dependency (LRM) Semantic dependency

depends on

depends on

depends on

semanticallydepends on

semanticallydepends on

process process

PO1

PO2

depends on

TS 6

TS 6

depends on depends on

Example

Top-down: Know what processes depend on a specific policy, and be aware of consequences of change

Bottom-up: Know what policy is motivating or depends a particular entity; so that any change related to that entity could trigger policy re-validation

Notice when the practice starts to deviate from the policies, that will help update the policies or correct the practice depending on the case.

How to use it

Notice when practice starts to deviate from policies

http://arstechnica.com/tech-policy/2015/08/cops-decide-to-collect-less-license-plate-data-after-80gb-drive-got-full/

Real life example

QA criteria implementation● Unit tests on policy

● Rule/action language constraints (PAL, SWRL)

● Risk analysis on the ecosystem graph

● Validation queries to ecosystem model (SPARQL)

● Policy conflict detection and change management

Digital ecosystem model

Process

PolicyDigital Object

Technical Service Community

User uses TS to get access to Processes and Digital Objects

manage

executes

rulebase, constraints, validation

procedure, rulebase, constraints, validation

procedure, rulebase, constraints, validation

rulebase, constraints,

Ecosystem Policy Management

Ecosystem Quality Assurance

Understand the risks and impact associated with a change of policy.

Be aware of changes (external and internal) that may invalidate a policy implementation.

Understand and control how the content of the archive may evolve over time.

When a standard checklist of policies needs to be implemented to adhere to a standard, the policy derivation and mapping will help prove the correct implementation.

QA scenarios

It can tie in existing systems and methods and does not mandate a specific model or complete buy in

Does not impose organisation structure; or policy or process language, but can be integrated in existing ones

QA methods can be implemented as well in any language or fashion

Advantage of our methodology

To support QA of research outputs Automated validation of compliance with

policies and standards ◦ ease the pressure on scientists as far as policy

compliance is concerned◦ Integrate preservation practices at the moment of

creation to support reuse; integrates in existing infrastructure

◦ Helps to keep track of the decisions made when implementing policies and their rationale

Concrete use

wiki.opf-labs.org/display/SP/Published+Preservation+Policies

www.isis.stfc.ac.uk/user-office/data-policy11204.html

www.wellcome.ac.uk/About-us/Policy/Policy-and-position-statements/WTD002766.htm

www.rcuk.ac.uk/research/datapolicy/