Pub Date : 2010-11-09DOI: 10.1109/RELAW.2010.5625354
B. Berenbach, Ren-Yi Lo, B. Sherman
The authors have observed that traditional requirements engineering practices are inadequate to support large projects that are defined by a contract. Unlike a product development effort, contract requirements are not at a uniform level so the typical “V” model for tracing does not work well. Other important attributes of contracts such as penalty clauses, contract options, incentive payments, regulatory codes and standards, cross-cutting and project execution requirements all need to be considered. This paper describes some of the challenges and recommended best practices for the management of requirements on large contract-based projects as described from the perspective of the lead supplier or prime contractor.
{"title":"Contract-based requirements engineering","authors":"B. Berenbach, Ren-Yi Lo, B. Sherman","doi":"10.1109/RELAW.2010.5625354","DOIUrl":"https://doi.org/10.1109/RELAW.2010.5625354","url":null,"abstract":"The authors have observed that traditional requirements engineering practices are inadequate to support large projects that are defined by a contract. Unlike a product development effort, contract requirements are not at a uniform level so the typical “V” model for tracing does not work well. Other important attributes of contracts such as penalty clauses, contract options, incentive payments, regulatory codes and standards, cross-cutting and project execution requirements all need to be considered. This paper describes some of the challenges and recommended best practices for the management of requirements on large contract-based projects as described from the perspective of the lead supplier or prime contractor.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128463817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-11-09DOI: 10.1109/RELAW.2010.5625355
C. Feltus, E. Dubois, Michaël Petit
The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.
{"title":"Conceptualizing a responsibility based approach for elaborating and verifying RBAC policies conforming with CobiT framework requirements","authors":"C. Feltus, E. Dubois, Michaël Petit","doi":"10.1109/RELAW.2010.5625355","DOIUrl":"https://doi.org/10.1109/RELAW.2010.5625355","url":null,"abstract":"The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"251 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133600630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-11-09DOI: 10.1109/RELAW.2010.5625357
Philippe Michelin, M. Frappier
This position paper presents a lightweight approach for knowledge modeling centered around the notion of distinction. Concept models are represented using UML class diagrams. Distinctions between concepts are established by using attributes and stating properties of the attributes using the @L-is calculus on words. This calculus relies on simple laws to manipulate relationships between words. We show how to represent these concept models in Alloy, a symbolic model checker for first-order logic, which allows one to verify the consistency and completeness of a concept model.
{"title":"Distinction-based and verification-assisted knowledge modeling","authors":"Philippe Michelin, M. Frappier","doi":"10.1109/RELAW.2010.5625357","DOIUrl":"https://doi.org/10.1109/RELAW.2010.5625357","url":null,"abstract":"This position paper presents a lightweight approach for knowledge modeling centered around the notion of distinction. Concept models are represented using UML class diagrams. Distinctions between concepts are established by using attributes and stating properties of the attributes using the @L-is calculus on words. This calculus relies on simple laws to manipulate relationships between words. We show how to represent these concept models in Alloy, a symbolic model checker for first-order logic, which allows one to verify the consistency and completeness of a concept model.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131036405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-11-09DOI: 10.1109/RELAW.2010.5625358
T. Breaux
Developing software systems in heavily regulated industries requires methods to ensure systems comply with regulations and law. A method to acquire finite state machines (FSM) from stakeholder rights and obligations for compliance monitoring is proposed. Rights and obligations define what people are permitted or required to do; these rights and obligations affect software requirements and design. The FSM allows stakeholders, software developers and compliance officers to trace events through the invocation of rights and obligations as pre- and post-conditions. Compliance is monitored by instrumenting runtime systems to report these events and detect violations. Requirements and software engineers specify the rights and obligations, and apply the method using three supporting tasks: 1) identify under-specifications, 2) balance rights with obligations, and 3) generate finite state machines. Preliminary validation of the method includes FSMs generated from U.S. healthcare regulations and tool support to parse these specifications and generate the FSMs.
{"title":"A method to acquire compliance monitors from regulations","authors":"T. Breaux","doi":"10.1109/RELAW.2010.5625358","DOIUrl":"https://doi.org/10.1109/RELAW.2010.5625358","url":null,"abstract":"Developing software systems in heavily regulated industries requires methods to ensure systems comply with regulations and law. A method to acquire finite state machines (FSM) from stakeholder rights and obligations for compliance monitoring is proposed. Rights and obligations define what people are permitted or required to do; these rights and obligations affect software requirements and design. The FSM allows stakeholders, software developers and compliance officers to trace events through the invocation of rights and obligations as pre- and post-conditions. Compliance is monitored by instrumenting runtime systems to report these events and detect violations. Requirements and software engineers specify the rights and obligations, and apply the method using three supporting tasks: 1) identify under-specifications, 2) balance rights with obligations, and 3) generate finite state machines. Preliminary validation of the method includes FSMs generated from U.S. healthcare regulations and tool support to parse these specifications and generate the FSMs.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125432577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2010-11-09DOI: 10.1109/RELAW.2010.5625356
Guido Governatori
Since its inception one of the aims of legal informatics has been to provide tools to support and improve the day to day activities of legal and normative practice and a better understanding of legal reasoning. The internet revolutions, where more and more daily activities are routinely performed with the support of ITC tools, offers new opportunities to legal informatics. We argue that the current technology begins to be mature enough to embrace in the challenge to make intelligent ICT support widespread in the legal and normative domain. In this paper we examine a logical model to encode norms and we use the formalisation of relevant law and regulations for regulatory compliance for business processes.
{"title":"Law, logic and business processes","authors":"Guido Governatori","doi":"10.1109/RELAW.2010.5625356","DOIUrl":"https://doi.org/10.1109/RELAW.2010.5625356","url":null,"abstract":"Since its inception one of the aims of legal informatics has been to provide tools to support and improve the day to day activities of legal and normative practice and a better understanding of legal reasoning. The internet revolutions, where more and more daily activities are routinely performed with the support of ITC tools, offers new opportunities to legal informatics. We argue that the current technology begins to be mature enough to embrace in the challenge to make intelligent ICT support widespread in the legal and normative domain. In this paper we examine a logical model to encode norms and we use the formalisation of relevant law and regulations for regulatory compliance for business processes.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126603133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: