Harry Chen: geospatial use case wants n-ary wants translations into native rule engines' languages wants equality reasoning wants fuzzy %%%% Jeff Ritter of : Use of Rules for Policy and Legal Compliance drivers: - corporate governance: burden now to positively demonstrate compliance - extended enterprise higher level hierarchy of rule-based society: sequenced via: constitution, statute, regulations, trade associations, corporate, contracts, policies, business rules, system rules biz req to drive these down to business rules / system rules and data level trend to increased reliance of standards, thus increased expression of corporate governance in systems and controls law/policy creators as lawyers working in NL are losing control, since not producing the IT-sensitive description - e.g., see the dozens of pages in outsourcing agreements that attempt to need to have dialogue between communities urgent needs: 1. vulnerability testing and software quality control - express software requirements, for normative best practices and customized needs - perform validation of use of design controls to achieve requirements - facilitate improved trust in the acq. and integr. of code assets into operations, esp. extended enterprise 2. information security controls - develop "communities" and "collections" that facilitate reliable expr. of req's while retaining flexib. - expr req's in manner that produces demonstrable evidence of compliance with "legal" req's - more rapid impl of ISO17799/BS7799 with higher trust value in the impl of controls Discussion: Pat Hayes Q: would be nice to get the dat and policies comment by Danny Weitzner: A to a Q : ex. in banking backend spec by regulators recently: a 3page process oriented description %%%% Kurt Godden of GM: on rules interoperability requirements: biz rules often are in spreadsheets want to express biz rules directly in RDF to attach to product/process ontology domain of warranties - e.g., cost of warranty on a particular component - e.g., that a particular car is high-volume and important problems, and their fixes supplier quality detection dream: vision that a supplier via semantic web services to renegotiate production volumes, to shift from low quality to high quality - could be huge value there Discussion: Benjamin Q: we've developed an approach called SweetDeal that uses RuleML-based policies for e-contracting and customer relationship monitoring including warranties kind of info, where the automation provides support to a human in the loop, i.e., semi-automated. Is semi-automated good enough for your dream/vision? A: yes, human in loop is good, esp. initially %%%% rules oportunity all over the place: - within biz processes - access points - published to biz partners, e.g., about how to connect to your systems - constraints on a model, e.g., insurance policy can insure up to n vehicles breadth/ubiquity is a challenge and an opportunity our view of how rules fit into applications: in terms of SOA - application calls a service thru interface, via WSDL or Java etc., then under covers behind the interface, there may be rules / rule engine doing it - have a wrapper shell, represents rules as a service using an application-specific service interface . wrapper shell gets generated by an automated tool, it's pretty easy - wrt run-time interoperability, we believe rules should be invoked just like other services - set of rules for a context or setting, it may be more convenient to manage these administratively as different rulesets with versions etc. to ease burden of rule management and overall service management . policy selector mechanism - in terms of OMG layers: CIM, PIM o kinds of rules wanted: PRR avoiding backward chaining for now good for users since familiar: majority fraction of uses cases that see: simple business rules if-then rules decision trees decision tables event correlation (across time) rules: are also very common, - e.g., in IT monitoring and reaction - e.g., in business monitoring and reaction "inference" rules: forward/backward chaining, Prolog - our view is that they are good for some problems, but today they are specialty problems, e.g., resource selection, optimization, diagnosis, planning problems . we don't see one kind that's valuable into a broad set of application . also problem of training to be able to specify such rules o e.g., Tivoli product for systems management from late 90's with Prolog inside it had problem that customers couldn't use it well - instead gave them event correlation, then customers could deal with it wrt inference rules: challenge is - complexity of authoring rules by customers Discussion: Q by Dave Reynolds: does OMG activity (when done) give you what you want? A: - wrt simple business rules, pretty much yes - but it doesn't cover event correlation business semantics is interesting, but we have not yet figured how to apply it Q by Ryusuke Masuoka: size of rulebases, who authors/changes and how often? ICRA: 10, with millions of queries Srini of Fannie Mae: several hundred rules; authored by various parties Chris of VIS: less than 100, with frequent execution, want 10-20 inferences/sec Mark of IBM: want rules mech for agility in rule management; goal also to address communication gap b/ biz and IT people; wide range of performance req's Kurt of GM: few hundred at most per domain; would like domain engineer to be able to write it, but in many cases teamed with a knowledge engineer; product ontology is huge, however Jeff Ritter: wide set of players; software quality is smaller Doug Clark about project mgm: hundreds of rules; developer type authors for standards and applications aspects; want biz people to be able to do it for customized aspects Dave Reynolds of HP Jena: hundreds of rules; huge range of performance needs Q by Ed Barkmeyer: how much need wrt 1. vs. 2. - archiving of rules, independent of a tool and app's, vs.: - exchangeability A by group of use cases presenters: - almost all (1.) and most (2.) Q by TimBL: how much need to publish originally-contextualized rules in a decontextualized/globally-applicable form? - i.e., add a new condition A by Mark: - XACML Oasis has targets (wrt context situations) built into the language; - context can be viewed as part of the ontology Jeff Ritter: open source rulebases: the closer we get to thinking about that, the more interesting it gets Europe, Australia Softlaw co. inAusralia answer will be in competitive advantage, maybe industry-based, maybe industry-government, possibly government - forward looking, e.g., EU in some areas, e.g., Australia (Softlaw) - N. America is not a leader, it's lagging e.g., Europeans dominating market for personal information A by Doug Clark: there's movement towards that in OMB, processes for making business case for use of IT Jeff: key is whether private sector will pick up on that Q by Christian S-M: where is there want/need to exchange rules within or between org's, or interoperate on engines? (missed some) Mark Linehan: - customers want to avoid vendor lock-in - WS-Policy: e.g., you need to use Kerberos - publishing rules to business partners, eg., about ordering process Kurt: want common way to communicate with suppliers Dave Reynolds: part of network effect, reuse general story about SW/knowledge end A: obs by Anthony Finkelstein FPML (Financial ... ML) expresses their rules in natural language ___ (Indian name) from Telcordia: sugg: there's a big need for shared rulesets in telecomm domain, e.g,. ordering; configuration; provisioning; data validation; ... ; lots of cost-savings pressure driving that Jeff Ritter A in discussion triggered by Benjamin Q about strategic incentives to share vs. not in this domain: - open source and standards tends eventuallyto reduce competitive differentiation