Menu per navigare la pagina

Contenuto della pagina

Menu opzionale

Riassunto informazioni evento

Politecnico di Milano BPM 2008
6th International Conference on Business Process Management

1-4 September 2008 Milan, Italy


Yudistira Asnar, Paolo Giorgini, and Fabio Massacci

Analyzing Risk and Continuity of Business Objectives
These days, IT systems become, more and more, significant achieving the business objectives of an organization. Moreover, the correct operation of IT systems is becoming more closely related with human behaviors. In this setting, called socio-technical systems, it is essential that ones analyze the system?s risks and continuity along with the organization-setting. The focus of this tutorial is presenting a framework that allows analysts to assess the risk and continuity of business goals of an organization. First, we present the standard approach is to analyze the risk and continuity of business over IT infrastructures and their challenges. Afterward, we provide an overview of the state-of-the-art and the challenges in the field of risk management and business (process) management. Although they support the representation and
analysis to assess the risk suffered by an organization, they are only be able to to capture smaller notions of risks (i.e., risks result from the failure of infrastructures). We argue that risks are more than just uncertain events that obstruct IT infrastructures. Many risks threat business processes/objectives without impacting any underlain infrastructures. For instance, in air traffic management the risk of issuing incorrect instruction by a controller does not affect any assets/infrastructures of the system, but surely it may put the air traffic management service out of business. To maintain the business objectives, analysts should consider all risks at any level of business (i.e., objective, process, infrastructure).
Thus, we propose the Tropos Goal Risk (GR) methodology that improves Tropos, an agent-oriented software development methodology, in order to analyze risk and continuity of business goals in an organization. The GR framework is employed with the concepts of goal, process, resource, event, and countermeasure that are organized into asset, event, and treatment layer. Here risks are modeled by events with negative impact, and opportunities as events with positive impact. By means of this representation, analysts can conduct trade-off analysis over an event that acts as a risk and an opportunity in the same time.
Treatments are, essentially, processes that are aiming at mitigating the risk either by reducing its likelihood or its severity impacting business objects (goal, process, and resource). The GR framework is equipped with two basic reasoning mechanisms: 1) computing the risk level for a given setting (i.e., treatments), and 2) proposing a set of treatment that is required to achieve the acceptable level of risk. The other reasoning, called continuity reasoning, is aiming at assessing the adequacy of a contingency recovery plan with respect to the Maximum Time-Period of Disruption (MTPD) for maintaining the continuity of processes and consequently the business.

In the tutorial, we show how the framework supports business (process) engineer in validating their business solutions to meet their business objectives. We illustrate the Tropos GR framework through its application to comprehensive case studies (e.g., air traffic management, loan-originating process of bank). Finally, we demonstrate a graphical CASE tool that supports the Tropos GR framework. A key feature of this tool is the support for formal automated reasoning that allows analysts to verify the adequacy, sufficiency, and side-effects of solutions in maintaining the business goals.

Intended Audience
The intended audiences are people who have a reasonable understanding of business process/strategy engineering, and would like to become acquainted with modeling and analyzing risk and continuity aspects of their solutions in realizing the business objectives.

Yudistira Asnar ( is PhD Student at University of Trento. He received a B.Eng. Degree in Informatics Engineering at the Bandung Institute of Technology-ITB (Indonesia) in 2002. He visited the Open University, United Kingdom in 2007. His research interests lie in the area of requirement engineering, agent systems, and security-dependability risk management. The main focus of his research is on the modelling and analysing risks along the organization and actors/agents analysis.

Paolo Giorgini ( received his Ph.D. degree from Computer Science Institute of University of Ancona (Italy) in 1998. He has worked on the development of requirements and design languages for agent-based systems; he is one of the founder of Tropos, an agent-based oriented software engineering methodology. His publication list includes more than 140 refereed journal and conference proceedings papers and eight edited books. He is Co-editor in Chief of the International Journal of Agent-Oriented Software Engineering (IJAOSE).

Fabio Massacci ( received a M.Eng. in 1993 and Ph.D. in Computer Science and Engineering at University of Rome ?La Sapienza? in 1998. He joined University of Siena as Assistant Professor in 1999, and was visiting researcher at IRIT Toulouse in 2000, and joined Trento in 2001 where is now full professor. His research interests are in security requirements engineering, formal methods and computer security. His h-index on Google Scholar is 20, and his h-index normalized for individual impact (hI_norm) is 13 (in June/2008). He is currently scientific coordinator of multimillion Euros industry R&D European projects on security and compliance.

W.M.P. van der Aalst

Process Mining: Beyond Business Intelligence


More and more information about processes is recorded in the form of event logs. Equipment ranging from embedded systems to enterprise information systems are logging the behaviors that take place. This data explosion allows for the analysis of reality and the construction of models that reflect what actually happened. This can be used to diagnose and improve processes in a variety of domains. Especially business processes involving human actors are interesting to diagnose because these processes are not controlled by software and there may be a gap between what people think that happens and what really happens. Process mining provides a versatile and extendible way to analyze such processes.  sing process mining techniques it is possible to extract different types of models from event logs, e.g., the construction of a  process and organizational models. Moreover, other techniques support the conversion and analysis of models. Using conformance checking techniques models can also be compared with reality and existing models can be enhanced with additional information, e.g., indicating bottlenecks in a process. Many vendors claim to offer support for Business Intelligence (BI). Unfortunately, these BI tools are not intelligent at all. Moreover, these tools require input data of a particular type and a predefined model. Process mining overcomes these limitations and makes it possible to extract new knowledge from information systems in a truly intelligent way. Process mining addresses the problem that most organizations have very limited information about what is actually happening in their organization. In practice, there
is often a significant gap between what is prescribed or supposed to happen, and what actually happens. Only a concise assessment of the organizational reality, which process mining strives to deliver, can help in verifying process models, and ultimately be used in a process redesign effort.
This tutorial aims to provide an overview of process mining techniques and, using many real-life examples, it will be shown how particular techniques can be applied and what kind of insights such analyses provide.

Intended audience

The tutorial is intended for both researchers and practitioners in the area of business process management. It is assumed that people have a basic understanding of business process management and are familiar with the basics of process modeling using languages such as BPMN, EPC, or similar. It aims at an audience that is interested in the analysis of processes as they actually happen in reality. Wil van der Aalst is a full professor of Information Systems at the Technische Universiteit Eindhoven (TU/e). Currently he is also an  adjunct professor at Queensland University of Technology (QUT). His  research interests include workflow management, process mining, Petri  nets, business process management, process modeling, and process
analysis. Wil van der Aalst has published more than 85 journal papers,  13 books (as author or editor), 200 refereed conference/workshop  publications, and 25 book chapters. Many of his papers are highly cited  (he has an h-index of more than 50 according to Google Scholar) and his ideas have influenced researchers, software developers, and  standardization committees working on process support. For more information about his work visit:,,,

Agata Filipowska, 
Sami Bhiri,
Sebastian Stein, Barry Norton,
Marin Dimitrov

Semantic Business Process Management

The proposed tutorial explains and demonstrates how the combination of Business Process Management (BPM) and Semantic Web Services (SWS) can eliminate the deficiencies that current BPM technology exhibits. The tutorial will present the state of the art in both areas (business process management and process execution, the SOA concept in BPM, the SWS approach and frameworks, etc.), motivate the need for explicit use of semantics to overcome the current challenges in BPM, and present a consolidated technical framework that integrates SWS into BPM technology.

Intended Audience

The target audience of the proposed tutorial includes researchers as well as practitioners that work in the areas of BPM or SWS and are interested in the latest technological developments. Although no specific pre-knowledge is required to follow the tutorial, basic knowledge in BPM, ontologies, and Web services may allow better following the tutorial ? and for gaining more benefiting from it. However, such basic knowledge can be expected from attendees of Semantic Web conferences.

The material to be handed out to the attendees will be a booklet with the tutorial slide set, and a CD with the software as well as further material. We will also provide this material for download before the tutorial day on our tutorial homepage, see:

Dr. Sami Bhiri is a postdoctoral researcher at DERI - the National University of Ireland, Galway, where he is involved in managing several EU projects. Before joining DERI, he was a research and teaching assistant in the University of Nancy 1 and in the ECOO team of the LORIA-INRIA research laboratory. His research interests are in the area of applying semantics to B2B Integration, Service Oriented Computing and Business Process Management. He published over 20 research papers in journals and academic conferences, gave tutorials on several topics including B2B integration and workflow management.

Sebastian Stein is responsible for the requirements and software specification of the ARIS SOA Architect product at IDS Scheer AG. He is also working at IDS Research participating in different public research projects. His research focus is on combining the concept of service oriented architecture (SOA) with business process management (BPM). He received an MSc in Software Engineering at Blekinge Institute of Technology, Sweden and a German diploma in Business and Computer Science at the University of Applied Sciences Dresden, Germany. He is working on his PhD thesis at the University of Kiel, Germany.

Barry Norton is a Research Associate in Semantic Web Services at the Knowledge Media Institute of the Open University. He has delivered several tutorials on Semantic Web Services and Semantic Business Process Management at major events, and is the co-founder of the Young Researchers Workshop on Service-Oriented Computing. His research interests concern process models and behavioural reasoning, and he has been involved in several major projects including Dot.Kom, AKT, DIP and SUPER. He is an active member of the STI Conceptual Models for Services working group, formerly the WSMO working group, and of the OASIS Semantic Execution Environment technical committee.

Marin Dimitrov is a senior project manager at Ontotext Lab, the R&D division of Sirma Group, with more than 9 years of experience in the company. His
work experience includes software and research in various areas, such as enterprise integration systems, e-commerce, information retrieval and extraction, ontology management, semantic web services and semantic business
process management as well as experience in 5 EU IST research projects.
Marin Dimitrov has a MSc degree in Computer Science and his research interests include human language technologies, semantics for business processes management and web services. He has more than 15 publications in different research areas.

Vladimir Tosic, Claudio Bartolini, and Patrick C. K. Hung

Management of Service-Oriented Implementations of Business Processes:From Quality of Service to Business Value

Management (monitoring and control) of business processes is needed to ensure regular operation, attain or surpass the guaranteed quality of service (QoS), accommodate change, keep track of the consumed resources, and perform billing. Monitoring is used to measure QoS and/or business value attributes, while control is used to reactively/proactively ensure that the measured quantities are within desired (guaranteed) boundaries. To successfully perform management activities, a comprehensive specification of management goals is necessary.

Management of business processes can be viewed from several aspects and at several layers of granularity. In this tutorial, we will discuss monitoring and control of service-oriented implementations of business processes, with particular emphasis on QoS management and maximization of business value. That is, we will assume that services implementing business process activities are using Web service technologies such as SOAP and the Web Services Description Language (WSDL) and that they are composed using technologies such as the Web Services Business Process Execution Language (WSBPEL). By QoS we will mean technical metrics such as response time, throughput, and availability, while by business value we will mean both financial metrics such as prices, profit, and return on investment (ROI) and non-financial business metrics such as number of customers, market share, and customer satisfaction.  
The tutorial will first clarify the importance of these topics and why the widely used basic Web service technologies are not enough. Then, it will explain theoretical principles for specification, monitoring, and control of QoS and business value attributes. Examples of these principles are contracts (including service level agreements - SLAs), policies, intermediaries, probes, and multiple request queues. Next, it will provide a critical analysis of several important specification languages, research infrastructures, industrial products, and standardization efforts in this area. Currently there are many more results on management maximizing QoS than on management maximizing business value, but the latter promises better alignment between business and information technology (IT). Therefore, this tutorial will also present a brief introduction into business-driven IT management (BDIM) and will discuss possible approaches to extend QoS driven management solutions into business value driven management solutions. At the end, a number of open topics and resources for further study will be identified.

After attending this tutorial, participants will have general knowledge and understanding of the challenges and fundamental concepts related to the specification, monitoring, and control of QoS and business value attributes of Web services and business processes implemented with Web services, the state of the art in the area, and open research issues. This knowledge can help them in making decisions about using some of the existing technologies and/or in conducting further research and development in the area.

Intended Audience
Academic and industrial researchers, educators, graduate students, software developers, network and system administrators, managers, decision makers, policy makers, and others who are interested in business processes and/or Web service technologies and want to go beyond the basics.

Vladimir Tosic is a Researcher at NICTA in Sydney, Australia; a Visiting Fellow at the University of New South Wales, Australia; and an Adjunct Research Professor at the University of Western Ontario, Canada. He previously held several positions in industry and academia in Europe, Canada, and Australia. He received many academic awards, including the 2001 Upsilon Pi Epsilon / IEEE Computer Society Award for Academic Excellence. Most of his peer-reviewed papers were in the area of management of service-oriented architectures and business processes. Additionally, he presented several conference tutorials about this topic and co-organized several related workshops. Web page:

Claudio Bartolini is a Principal Researcher at HP Laboratories in Palo Alto, USA. His background is on architecture and design of software systems and frameworks. His current research interest is in methodologies for business and IT alignment. In addition to many journal, conference, and workshop papers and book chapters, he co-authored the W3C WSCL specification and holds a number of patents in various countries. He chaired a number of conferences and workshops and presented tutorials at several international conferences. Claudio envisioned, founded and chairs the series of IEEE workshops on business-driven IT management (BDIM) since 2006. Web page:

Patrick Hung is an Associate Professor and IT Director at the Faculty of Business and Information Technology in UOIT, Canada and an Adjunct Assistant Professor at the Department of Electrical and Computer Engineering in University of Waterloo. He is an executive committee member of the IEEE Computer Society's Technical Steering Committee for Services Computing, a steering member of EDOC "Enterprise Computing," and an associate editor/editorial board member/guest editor in several international journals such as the IEEE Transactions on Services Computing, International Journal of Web Services Research (JWSR) and International journal of Business Process and Integration Management (IJBPIM). Web page:

Tutorial/Panel Co-Chairs:

Vincenzo d'Andrea
University of Trento, Italy

Heiko Ludwig
IBM Watson Research Center, USA


Reserved area