Upload
gessi-upc
View
242
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Open Source Software (OSS) is a strategic asset for organisations thanks to its short time-to-market, the opportunity for a reduced development effort and total cost of ownership, and its customization capabilities. OSS-based solutions in-clude projects that are developed and co-evolve within the same organisation, OSS communities, companies, and regulatory bodies, forming an articulated stra-tegic business ecosystem. The adoption of OSS in commercial projects leads to numerous challenges in the wide spectrum of available OSS solutions and risks emerging from the intrinsic structure of an OSS project. In this position paper we devise the use of i* models for understanding the strategic perspective of OSS ecosystems, representing actors, intentional dependencies and responsibilities. We argue that these models can play a crucial role in the analysis of organisation-al risks inherent to OSS component adoption and in the definition of risk mitiga-tion activities
Citation preview
Using i* to Represent OSS Ecosystems for Risk
Assessment Claudia Ayala, Xavier Franch, Lidia
López, Mirko Morandini, Angelo Susi
2
i* for Risk Assess. in OSS Ecosystems
Content
• Motivation
• Research Objectives
• Scientific Contributions
• Conclusions, Ongoing & Future Work
3
i* for Risk Assess. in OSS Ecosystems
MOTIVATIONS
4
i* for Risk Assess. in OSS Ecosystems
Motivation• OSS Strategic asset
Short-time to market Reduced development & maintenance cost …
• OSS Integration involves risks RISCOSS will provide some risk management
strategies for risk identification & mitigation• OSS Project composed by multiple “Actors”
RISCOSS wants to explore the Strategic Rationale behind the OSS Ecosystem
5
i* for Risk Assess. in OSS Ecosystems
RISCOSS ProjectSpecification of risk identification, management
and mitigation methods
community-based and industry-supported Open Source Software (OSS) development,
composition and life cycle management
individually, collectively and collaboratively manage OSS adoption risks
for
to
6
i* for Risk Assess. in OSS Ecosystems
RESEARCH OBJECTIVES
7
i* for Risk Assess. in OSS Ecosystems
Research Objectives• COTS Adoption Processes: Well-defined
Guidelines for risk analysis, cost estimation & contract agreement
• OSS Adoption Process: Missing • OSS Community:
+1 business goal No service Agreement No “formal” roadmap Risks: lack of roadmap and ownership, unclear
responsibility and response time (bugs),…
8
i* for Risk Assess. in OSS Ecosystems
One RISCOSS Main Objective• O1: Support Risk Assessment for OSS adoption
using i* framework … Understanding the OSS Ecosystem Evaluating risks
• Lack of ownership: strategic dependencies?• Lack of roadmap: community structure?
• … providing … Guidelines Measures
• … to support the decision process
9
i* for Risk Assess. in OSS Ecosystems
SCIENTIFIC CONTRIBUTIONS
10
i* for Risk Assess. in OSS Ecosystems
Scientific Contributions
• Ecosystem Patterns
• Levels of abstraction
• Guidelines for specification models &
repositories
• New modelling concepts
11
i* for Risk Assess. in OSS Ecosystems
Ecosystem Patterns• Role: Producer, Consumer, Community• Setting: Industrial, Academia, Public
Administration• Business Strategy: from OSS collaboration to
exploitation• Business Process: adoption, migration,
consolidation, improvement
12
i* for Risk Assess. in OSS Ecosystems
Level of Abstraction• Different level of detail (class/instance)
E.g. Instances for identifying heroes • 3 i* Diagrams
SA: OSS Ecosystem actor relationships SD: OSS Ecosystem actors dependencies SR: OSS Ecosystem actor & dependencies rationale
13
i* for Risk Assess. in OSS Ecosystems
XWiki.org SA Diagram
14
i* for Risk Assess. in OSS Ecosystems
XWiki.org SD Diagram
15
i* for Risk Assess. in OSS Ecosystems
XWiki.org SR Diagram
16
i* for Risk Assess. in OSS Ecosystems
Guidelines & Repository• RiSD Adaptation• Need to define
General guidelines for SR Specific guidelines related to OSS Ecosystems
Who is the “responsible” for the roadmap? How “companies” influences the community?
• Repository for OSS models For analysts to get project overview and identify
risks
17
i* for Risk Assess. in OSS Ecosystems
New Modelling Concepts• Risk-related constructs
Risk, event, …• For dependencies:
No delegations/responsibilities, but “expectations”?
No duties, but “social norms”?
Available i* risk modelling approaches
18
i* for Risk Assess. in OSS Ecosystems
CONCLUSIONS & FUTURE WORK
19
i* for Risk Assess. in OSS Ecosystems
Conclusions• RISCOSS objective: Support decision making
related to the risk assessment in OSS adoption• i* for OSS Ecosystem models• Scientific Contributions
Ecosystem Patterns: Role, Setting, Business Strategy & Business Process
Levels of abstraction & SA Diagrams Guidelines for specification models & repositories New modelling concepts
20
i* for Risk Assess. in OSS Ecosystems
Ongoing & Future Work• We …
Modeled RISCOSS 5 use cases (i*) Are analyzing these models in order to …
• Identifying potential patterns• Identify potential new modelling concepts
• Furthermore, we are … SLRs: OSS Ontologies, OSS Ecosystems & OSS Risks
• In order to… Define an ontology linked to the i* elements (UFO) Identifying risks, metrics & mitigation activities
22
i* for Risk Assess. in OSS Ecosystems
i* Mapping
RISCOSS Ontology concepts i* Construct
Activity and all the Activity types Task
Actor and all the Actor types Actor
Community Actor
Resources and all the Resource types Resource
Role and all the Role types Actor
Property has-actor is-part-of link
Generalization/specialization hierarchies is-a link
23
i* for Risk Assess. in OSS Ecosystems
RiSD for OSS Ecosystem RiSD RiSD for EcosystemsPhase II
Activity II.1 Identifying departing actors … including OSS Adopter and/or OSS Project as an actor
Activity II.2 Establish goal dependencies among actors
Activity II.3 Classify and rename dependumsActivity II.4 Check for new actors and
dependencies… no related to actor inside the OSS Adopter and/or OSS Project
Phase III
Activity III.1 Include Software System No ApplyActivity III.2 Identify subsystems (is-part-of
link)Identify OSS Adopter’s and/or OSS
Project’s actors (is-part-of link)
Activity III.3 Refine software system dependencies
Refine OSS Adopter and/or OSS Project’s actors dependencies
Activity III.4 Identify subsystems dependencies
Identify Adoper and/or OSS Project`s actors dependencies
Activity III.5 Classify and rename dependums
Activity III.6 Check for new actors and dependencies
… specializations and aggregations)