Abstract
Businesses today have more than ever a sharp focus on reducing capital and operational expenses. Business Process Outsourcing (BPO), Knowledge Process Outsourcing (KPO) and adoption of shared service models have all increased on a global scale. This results in an emerging complexity and volatility of business relationships. As the future internet of services evolves towards dynamic “service marketplaces”, where shared services are discovered, negotiated and choreographed at run-time, the new approaches to the compliance management in complex environments are needed. We argue that one of the key issues to address is trust. This paper describes the compliance management models in emerging outsourcing environments that include use of shared services such as cloud computing services. In this context, we briefly present MASTER project that, among other things, integrates several mechanisms to increase the trust levels among stakeholders. Finally, we present a solution for the automated evidence collection at the service provider site and discuss related trust issues.
Chapter PDF
Similar content being viewed by others
References
Maximizing Business Potential Through Outsourcing, Atos Origin White Paper
Gartner The Market trends: Business process outsourcing, Western Europe (2003-2008)
Can you do more with less?, Atos Origin White Paper, José Barato, Juan Carlos Gracia, Ricard Manias, Alejandro Elíces (July 2004)
Pasic, A., Serrano, D., Soria, P., Clarke, J., Carvalho, P., Maña, A.: Security and Dependability in the Evolving Service-Centric Architectures. Published in the Book “At Your service”. MIT Press, Cambridge (2009)
Kharbili, M.E., Stein, S., Markovic, I., Pulvermüller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: Proceedings of GRCIS 2008 (2008)
Henry, T.: Products for Managing Governance, Risk and Compliance: Market Fluff or Relevant Stuff?, Burton Group In-Depth Research Report (March 18, 2008)
Bitsaki, M., Danylevych, O., Van den Heuvel, W.J., Koutras, G., Leymann, F., Mancioppi, M., Nikolaou, C., Papazoglou, M.: An Architecture for Managing the Lifecycle of Business Goals for Partners in a Service Network. In: Mähönen, P., Pohl, K., Priol, T. (eds.) ServiceWave 2008. LNCS, vol. 5377, pp. 196–207. Springer, Heidelberg (2008)
Bitsaki, M., Danylevych, O., Van den Heuvel, W.J., Koutras, G., Leymann, F., Mancioppi, M., Nikolaou, C., Papazoglou, M.: Model Transformations to Leverage Service Networks. In: Proceedings of the 4th International Workshop on Engineering Service-Oriented Applications (WESOA 2008). Springer, Heidelberg (2008)
Namiri, K., Stojanovic., N.: Towards Business Level Verification of Cross-Organizational Business Processes. In: Workshop on Semantics for Business Process Management (SBPM 2007), Budva, Montenegro (2006)
Namiri, K., Stojanovic., N.: A Formal Approach for Internal Controls Compliance in Business Processes. In: 8th Workshop on Business Process Modeling, Development and Support (BPMDS 2007), Trondheim, Norway (2007)
Sadiq, S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)
Kharbili, M.E., Stein, S., Markovic, I., Pulvermuller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: GRCIS 2008 (June 2008)
Anstett, T., Monakova, G., Schleicher, D., Strauch, S., Mietzner, R., Karastoyanova, D., Leymann, F.: MC-Cube: Mastering Customizable Compliance in the Cloud
Olivier, W.: The Economic Institutions of Capitalism. The Free Press, New York (1985)
Pasic, A., Soria-Rodriguez, P., Gallego-Nicasio, B., Calvo, J., Llarena, R., Bastos, C.: Towards a Real-Time Risk Assessment for Compliance Enforcement. In: eChallenges 2009, Istambul (October 21-23, 2009)
MASTER Technical Architecture, D2.3.2, http://www.master-fp7.eu/
Refsdal, A., Stølen, K.: Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Proceedings of the 3rd IFIP International Conference on Trust Management, IFIPTM 2009 (2009)
Perez, M.G., Lopez, G., Skarmeta, A.F.G., Pasic, A.: Advanced Policies for the Administrative Delegation in Federated Environments. In: DEPEND 2010 Conference (submitted 2010)
Schleicher, D., Anstett, T., Leymann, F., Mietzner, R.: Maintaining Compliance in Customizable Process Models
Di Giacomo, V., Julisch, K., Burri, S., Karjoth, G., Martin, T., Miseldine, P., Bielova, N., Crispo, B., Massacci, F., Neuhaus, S., Rassadko, N., Pretschner, A., Refsdal, A.: Protection and Assessment Model for Single Trust Domain. Public Deliverable of EU Research Project D2.1.1, MASTER - Managing Assurance, Security and Trust for sERvices, Report (2009), http://www.master-fp7.eu
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: IEEE Symposium on Security and Privacy, Oakland CA (1996)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. 17th IEEE Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (May 1996)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust-Management System, Version 2. IETF RFC 2704 (September 1999)
Clarke, D., Elien, J.E., Ellison, C., Fredette, M., Morcos, A., Rivest, R.L.: Certificate Chain Discovery in SPKI/SDSI. Journal of Computer Security 9(4), 285–322 (2001)
Becker, M.Y., Sewell, P.: Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In: Proc. 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 159–168. IEEE Computer Society Press, Los Alamitos (2004)
Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., Naor, D.: Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In: Proc. IEEE Symposium on Security and Privacy, pp. 2–14. IEEE Computer Society Press, Los Alamitos (2000)
Gunter, C., Jim, T.: Policy-directed Certificate Retrieval. Software: Practice & Experience 30(15), 1609–1640 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Pasic, A., Bareño, J., Gallego-Nicasio, B., Torres, R., Fernandez, D. (2010). Trust and Compliance Management Models in Emerging Outsourcing Environments. In: Cellary, W., Estevez, E. (eds) Software Services for e-World. I3E 2010. IFIP Advances in Information and Communication Technology, vol 341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16283-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-16283-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16282-4
Online ISBN: 978-3-642-16283-1
eBook Packages: Computer ScienceComputer Science (R0)