View
215
Download
0
Category
Tags:
Preview:
Citation preview
Alberto Siena
GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some
properties (e.g., cost/benefit trade-off, risk, security, …) and match stakeholders needs
New laws, increased pervasiveness of IS Laws are increasingly source of requirements However law prescriptions are NOT stakeholders goals
◦ Stakeholders want goals, whereas law prescriptions are imposed to stakeholders
◦ Law prescriptions can contraddict goals
The act adhering to, and demonstrating adherence to, a standard or regulation (wikipedia)
Recovery-time
Requirements-time
Run-time
Can be proved hereCan be proved here
Exists hereExists here
Is conceived hereIs conceived here
(adhering to)
(demonstratingadherence to)
Com
plia
nce
Phase of the system (-to-be)
Compliance characteristics Compliance type
Requirements-time
Distribution of responsibilities, such that, if every actor fulfils its goals, then the compliance is ensured
Intentional compliance
Run-time Run-time set of actions and processes that actually represent the legal condition for compliance
Actual compliance
Recovery-time Proved compliance or set of recovery actions that restore the run-time compliance after a violation has been detected
Strong compliance
Framework for systematically go from law prescriptions to requirements.
Nomos = A language + a method + a set of properties (e.g., intentional compliance)
It allows to◦ Reason about how requirements are generated
(select among alternatives)◦ Check properties of requirements models wrt. laws
Properties concern the interaction between goals and laws
Needed: languages for modeling
The models of G and L must be consistent with each other!
Requirements (G): i* Laws (L): Nomos
Hohfeld’s taxonomy of legal concepts (1913)◦ Milestone in juridical literature◦ Rights are the core concepts
“Rights are entitlement (not) to perform certain actions or be in certain states, or entitlements that others (not) perform certain actions or be in certain states”
W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913.
8 fundamental rights:Privilege, Claim, No-claim, Duty, Power, Liability, Immunity, Disability
Opposites and correlatives
A legal text can be subdivided into smaller legal statements, called Normative Propositions (NP)
Each NP carries the atomic piece ofinformation about a single rightNP = <Subject>, <Counter-party>,<RightNature>, <Action>
A hard formalization is given by Sartor◦ Maps rights to deontic operators
Health Insurance Portability and Accountability Act (HIPAA), art. §164.502(a):
A CE may not use or disclose PHI
NP = (CE, Individual, claim, Don’t disclose PHI)
HIPAA, art. §164.502:(a) A CE may not use or disclose PHI, except as permitted
or required by this subpart [...] (1) A covered entity is permitted to use or disclose PHI
[...] (i) To the individual; […] (2) A CE is required to disclose PHI: (i) To an individual, when requested [...]; and (ii) When required by the Secretary.
To deal with: conditions, exceptions, etc., that exist in law texts
Relative approach rather than absolute approach
Building block for aggregate (intentional) compliance
Uses the realization relation between goal and NP
Changes according to the nature of the right
Many compliance alternativesMany compliance preferencesMany compliance “degrees”
Many compliance alternativesMany compliance preferencesMany compliance “degrees”
1. Bind domain stakeholders with subjects addressed by law
2. Identify legal alternatives3. Select the normative proposition to realize4. Identify potential realizations of normative
propositions5. Identify legal risks6. Identify proof artifacts7. Constrain delegation of goals to other actors
Traceability Documentability Legal risk identifiability Protected across organizational interactions
(delegations)
W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913.
Giovanni Sartor. Fundamental legal concepts: A formal and teleological characterisation. Artificial Intelligence and Law, 14(1-2):101–142, April 2006.
Alberto Siena, John Mylopoulos, Anna Perini, and Angelo Susi. The Nomos framework: Modelling requirements compliant with laws. Technical Report TR-0209-SMSP, FBK – Irst, http://disi.unitn.it/asiena/files/TR- 0209- SMSP.pdf, 2009.
Recommended