COMPLIANCE

FOR SERVICE BASED SYSTEMS THROUGH

FORMALIZATION OF LAW

Christian Baumann, Paul Peitz

SAP Research CEC, Karlsruhe, Germany

Oliver Raabe, Richard Wacker

Institute of Information Law, Karlsruhe Institute of Technology (KIT), Germany

Keywords:

Formalization of law, Legal assessment, Semantic technologies, Composite services, Internet of services.

Abstract:

As with the advancement in Web-based infrastructures applications can be composed of services by different

providers across the Internet, it is not possible to foresee legal requirements for every situation. Therefore,

new legal challenges arise for modular applications in an Internet of Services. However, since such service

based systems become more and more self describing by using sophisticated description schemas, we propose

to apply standard legal methodology on this situation.

By formalizing legal norms and the process of legal assessment to obtain legal rights and obligations we

envision an autarchic system which can subsume service description facts under the terms of legal regulations

in order to obtain legal consequences.

This paper contributes the scientiﬁc concept to transfer legal methodology, as known in the ofﬂine world for

decades, to a distributed and modular online business world, which composes its applications dynamically

with services from different providers.

1 INTRODUCTION

The advancement in Web-based infrastructures

facil-

itates utilization of service based systems for business

as well as consumer applications. This development

fosters modularization of functionality across differ-

ent providers using the Internet as a distribution plat-

form. By combining simple services to more com-

plex services applications can dynamically be com-

posed and serve special needs, therewith generating

new economic value (Blau et al., 2009). This new

phenomena is described through the notion of the In-

ternet of Services (IoS) (Janiesch et al., 2008) (Heuser

et al., 2008, S. 100), which already indicates the up-

coming trading of services like conventional goods in

the Internet.

However, service development, composition and

consumption occur in an open and distributed envi-

ronment, the Internet, resulting in new legal chal-

lenges for real world applications.

The

German lighthouse project TEXO, for example,

aims at developing such an Internet-based infrastructure

(http://theseus-programm.de).

During service composition or consumption legal

relationships between legal entities are established,

thus, the need for agreements pertaining to private law

arises. This is in particular true for composed ser-

vices involving several service providers which, for

example, should clarify liability questions in case of

claims. Also copyright issues concerning the compat-

ibility of different licenses (J

ager, 2008) during ser-

vice composition of a complex application is such an

aspect. (Baumann, 2008)

Moreover, composed services reduce the trans-

parency of the usage of personal data of service users,

and, thus, stronger privacy precautions are required

to protect the customers. Even if personal data is

collected with reason, the consumer may not be able

to control who else receives this information in the

complex and distributed environment. The aforemen-

tioned examples are even multiplied for ad hoc ser-

vice composition, a paradigm the IoS states.

Addressing these issues is a critical requirement

for the success of such composed and distributed ap-

plications. Otherwise legal uncertainty and the lack of

trustworthiness threaten to hinder commercial appli-

367

Baumann C., Peitz P., Raabe O. and Wacker R.

COMPLIANCE FOR SERVICE BASED SYSTEMS THROUGH FORMALIZATION OF LAW.

DOI: 10.5220/0002868003670371

In Proceedings of the 6th International Conference on Web Information Systems and Technology (WEBIST 2010), page

ISBN: 978-989-674-025-2

ance. Unfortunately, the modular character of com-

posed services makes it difﬁcult to foresee legal re-

quirements when designing an atomic service.

However, from a legal perspective the technical

foundation for service based systems provides a sig-

niﬁcant advantage. The “ﬁnd and combine” paradigm

requires a comprehensive service description, not

only in a technical but also in an economical way. For

instance a technical interface description in WSDL

provides information of data input and output, and

such description schemas like USDL

or Ontologies

(Staab and Studer, 2004) even extend the descriptions

with non-functional requirements or formalized usage

policies.

These descriptions present formalized informa-

tion for a legal assessment. Thus, facts for an assess-

ment under private or public law have not necessar-

ily to be extracted from raw text or obtained by other

sources, but structured service and process descrip-

tions can be used as a starting point.

Moreover, in continental Europe laws are codi-

ﬁed in a comprehensive and systematic way, similar

to an ontology structure, and also including rules for

legal consequences. This provides the opportunity to

model legal norms and the procedure of the legal as-

sessment.

In fact, the legal assessment can in turn also be

considered as a service during service development,

composition and runtime, which can identify legal

obligations and requirements. That is, regarding the

aforementioned examples, a suggestion of a suitable

contract to guarantee an adequate balance of interests

for the participating service provider. In the case of

be disclosed to facilitate legal certainty. Also obliga-

tions arising from privacy laws can be considered.

However, for such a technical legal assessment

based on formal descriptions there is a need to sub-

sume the facts describing a service under the terms

used in codiﬁed law.

In Sec. 2 we propose a separation of the techni-

cal application and the legal model. This has the ad-

vantage to not statically include legal regulations in

services or composed applications, but to reuse the

formalized legal rules. In consequence we outline in

Sec. 3 the principles to subsume both worlds to obtain

legal consequences for a speciﬁc situation. Section 4

provides the conclusion and indicates further direc-

tions for the research area.

http://www.w3.org/TR/wsdl,

http://www.w3.org/TR/wsdl20

See USDL Information Sheet: http://internet-of-

services.com/uploads/media/USDL-Information.Sheet.pdf

2 TWO WORLDS:

APPLICATIONS AND LEGAL

NORMS

The possibility to compose applications from atomic

services raises the problem, that not every situation

and its legal requirements can be foreseen. Therefore,

we argue to use the self describing services and its

information for a legal assessment. The legal assess-

ment, in turn, can be kept in its own system, just sub-

suming the collected information for obtaining legal

consequences.

In the section at hand we ﬁrst discuss sources to

obtain information about service based systems for a

legal assessment. Following, we explain the princi-

ples of our approach to formalize legal norms.

2.1 Self Describing Service based

Systems

Service descriptions have evolved over the past

years from simple interface descriptions like WSDL

to comprehensive semantic service descriptions that

cover functional as well as non-functional aspects.

Examples for such service description approaches

are WSMO

, OWS-S

or the novel Service Ontolo-

gie (Oberle et al., 2009) developed in the THE-

SEUS/TEXO program

The main reason for the introduction of these on-

tology based service descriptions was the need for

richer information about services beyond the purely

technical descriptions of input and output parameters.

Ontologies provide a way to describe the actual se-

mantic of a service, including non-functional aspects

like the pricing schema or quality of service (QoS)

parameter. The main use case for this rich service de-

scriptions is the service discovery, where a service de-

mand is matched against all available services. In our

work, we propose to use these service descriptions as

basis for an automated legal subsumtion, where com-

prehensive descriptions are needed to match terms in

codiﬁed law.

In addition to the service description extra infor-

mation is given through the context of a service. In

many real world scenarios services are used to exe-

cute parts of business processes. These are typically

modeled using BPMN

, but semantic approaches are

developed for this area as well (Hepp et al., 2005).

The context information provides an additional source

http://www.wsmo.org

http://www.w3.org/Submission/OWL-S/

http://theseus-programm.de

http://www.bpmn.org

WEBIST 2010 - 6th International Conference on Web Information Systems and Technologies

368

of semantic information that can be used in our ap-

proach.

2.2 Formalizing Legal Norms

Our approach in formalizing legal norms is driven

by the basic idea to reproduce the legal methodology

used by legal practitioners in continental Europe. This

ensures the appliance of a standard methodology to

solve a case.

2.2.1 Legal Methodology

Legal practitioners apply a standard methodology to

solve a case. In essence, the circumstances of a situ-

ation are identiﬁed and subsumed under the abstract

facts of the case of a norm. If all abstract facts of the

case are fulﬁlled by the situation, the corresponding

norm rules the speciﬁc legal consequence.

The concrete circumstances of a situation are ba-

sically the information described in Sec. 2.1, the facts

of the case are codiﬁed in legal text. The subsumtion

process itself guarantees an objective, reproducible

and justiﬁable result. These characteristics are of crit-

ical importance because the result of a legal examina-

tion is only valid, if the justiﬁcation is reproducible

and based on a valid path of legal argumentation. For

instance the legal text might mention the fact “natural

person” under which the concrete circumstance “John

Smith” can be subsumed, but not “Smith Corp.”. If

the fact “natural person”, alongside with other re-

quirements, is fulﬁlled, data protection laws for per-

sonal data might rule special requirements for the ap-

plication processing this information.

2.2.2 Formalizing Legal Norms

To formalize legal norms two tasks have to be

achieved. First, the abstract legal terms (concepts)

have to be represented in a taxonomy. For this pur-

pose we can create an ontology of legal terms, the

structure of ontologies are similar to laws. Second,

there is need to build rules to obtain conclusions.

For building these rules the formerly deﬁned ontol-

ogy of legal terms can be utilized. Having rules is

one prerequisite to obtain legal consequences stated

by norms.

Additional characteristics arising from interde-

pendencies of legal regulations are in particular the

following:

• Legal terms have to be connected con- or disjunc-

tively.

In this paper we apply a widely accepted methodology

described in (Larenz, 1983).

• Identity: A norm uses a concept, which is deﬁned

in the conclusion of another norm.

• Hierarchy: A norm using a concept on an upper

level of abstraction affects all norms that consist

of a concept on a lower level.

• Exception or extension: An exception reduces the

set of real world situations covered by a norm, an

extension increases this set.

• Specialty

: The conclusion of a general norm is

overwritten by the result of a more specialized

one.

These characteristics result in certain require-

ments for a modeling language as follows:

• a formal language for logic rules, that supports the

operators conjunction, disjunction and negation

• legal concepts have to be deﬁned as predicate

symbols in a controlled vocabulary

• support of modeling sub-superconcept relation-

ships

In addition, a reasoning engine to evaluate the rules

and compute legal consequences is required. Our

research indicates that F-Logic (Kifer et al., 1995)

meets the requirements, and is also supported by ma-

ture modeling environments. An example modeling

and implementation can be found at (Raabe et al.,

2010). A promising alternative for the future is ELP,

tractable rules for OWL 2 (Kr

otzsch et al., 2008).

However, at present the tool support is hardly given.

3 BRINGING THE WORLDS

TOGETHER

In the previous section we motivated the separation of

the (semantic) service description and formalized law.

With this separation a gap is opened between the el-

ements of legal rules and the elements of the service

description, thus, (static) connections are not estab-

lished between the two models. To apply formalized

law on a given service description we have to bridge

this gap and ﬁnd the matching deﬁnitions given in the

ontology of law for the service description elements.

Figure 1 shows an overview of the mapping problem.

This mapping is usually solved by legal practitioners

using legal subsumtion as introduced in Sec. 2.2.1.

Below we elaborate on the process of legal subsum-

tion in more detail and present a concept for an auto-

mated subsumtion using semantic techniques.

This case can be treated as a special case of exception.

COMPLIANCE FOR SERVICE BASED SYSTEMS THROUGH FORMALIZATION OF LAW

369

Formalized

Law (Rules)

Service

Description

Elements

Service

Ontology

Automated

Mapping

Figure 1: Mapping Overview.

3.1 Legal Subsumtion

As the rules given in law have to cover all possible

situations, abstract terms and deﬁnitions are used to

cover a wide range of concrete cases. Some of these

terms are further deﬁned in other paragraphs, so the

ﬁrst step of the subsumtion is to recursively resolve

all terms to ﬁnd a complete legal prerequisite.

On the other hand we have the concrete circum-

stances of the situation, which, in our work, are the

service description elements, the run time data and

the context information. These elements can now be

subsumed under the abstract deﬁnitions in the law. In

this subsumtion process it is important to consider the

semantic of the elements, which is typically trivial for

a human, but hard to achieve for a computer.

3.2 A Concept for Implementation

Our concept uses the ontologies introduced in Sec. 2

to automate the subsumtion process by using a rea-

soner, but keeping the process as close as possible to

the legal methodology as normally applied by a legal

practitioner.

When designing an automated algorithm to imple-

ment legal subsumtion we have to consider the con-

straints that are given by the legal methodology: our

results have to be reproducible and tractable. We use

the information that is stored in the ontologies, at

foremost the knowledge about the hierarchical rela-

tions between the elements of the service description

and the classes of the service ontology. This hierar-

chy can be used to ﬁnd more abstract terms for the

service instances. An example would be the element

“provider”, which is a subclass of “company”, thus it

is not a natural person.

In the ﬁrst step of the algorithm we gather all in-

formation of the service: from the service descrip-

tion we get the functional parameter (inputs and out-

puts) and the non-functional aspects. The second data

source is the run-time data that is passed to and re-

turned from the service during an actual service call.

Finally, we utilize additional context information like

a business process model in which the service call

takes place.

For each of these data elements we try to get the

information that is encoded in the ontologies, like

the subclass hierarchy or the relation to other classes.

These enriched elements are the basis for the actual

mapping where they are compared with the elements

of the formalized law.

As tool support we already work on an realiza-

tion based on NeOn toolkit

which integrates the

KAON2

API reasoning engine, including support

for F-Logic.

4 CONCLUSIONS

In this paper we pictured the legal challenges rising

with the development of modular applications built

upon atomic services. As applications can be com-

posed of services by different providers across the In-

ternet, we argue, that it is not possible to foresee legal

requirements for every situation.

To address this issue we propose to apply standard

legal methodology when formalizing legal norms and

the legal assessment to obtain legal rights and obli-

gations for a speciﬁc situation. Upon this foundation

http://neon-toolkit.org

http://kaon2.semanticweb.org

WEBIST 2010 - 6th International Conference on Web Information Systems and Technologies

370

an autarchic system which can subsume service de-

scription facts under the terms of legal text in order

to obtain legal consequences can be build. The key is

not to merge both worlds, but to keep them separated

for ﬂexibility and progress reasons – exactly the way

legal norms are utilized for real world situations in the

ofﬂine world.

We gave an outlook to a possible concept for im-

plementing such a subsumtion. Formal service de-

scriptions and formalized legal norms including rules

to obtain legal consequences can be found in recent

literature.

The subject-matter of this research area is highly

topical, as distributed and ad hoc service development

as well as usage becomes more and more common for

economical applications. In the area of copyright the

formal description of content, which is basically the

same as the description of usage policies for appli-

cations (licenses), is already common. For instance

the Creative Commons

project provides formalized

license attribution, which have already been picked

up by other applications such as browsers to analyse

the usage permission. This is a simple example, how-

ever, the inter-connectivity increases and next steps

will have to be more professional assessments on the

compliance of such disclosed legal information under

(national) laws.

In our opinion the next most critical upcoming le-

gal area will be data privacy. The rising integration

of applications, and therewith also (user) data, across

companies and the “open” Internet, will challenge

composed service based systems – e.g. the social net-

work platform Facebook is already integrated with the

microblocking platform Twitter

. This simple exam-

ple indicates ﬁrst data privacy issues for application

integration. It is easy to think ahead to apply such in-

tegrations in commercial as well as non-commercial

web information systems. This phenomena requires

advanced applications to assist in legal issues for all

involved parties: developers, providers, users etc.

ACKNOWLEDGEMENTS

The project was funded by means of the German Fed-

eral Ministry of Economy and Technology under the

promotional reference 01MQ07012. The authors take

the responsibility for the contents.

http://www.creativecommons.org

http://www.facebook.com/twitter/

REFERENCES

Composite Semantic Services. In 7th International

Semantic Web Conference (ISWC2008), pages 895–

900, Berlin. Springer.

Blau, B., Kramer, J., Conte, T., and Dinther, C. v. (2009).

Service Value Networks. In CEC ’09: Proceedings of

the 2009 IEEE Conference on Commerce and Enter-

prise Computing, pages 194–201, Washington. IEEE

Computer Society.

Hepp, M., Leymann, F., Domingue, J., Wahler, A., and

Fensel, D. (2005). Semantic business process manage-

ment: A vision towards using semantic web services

for business process management. In ICEBE ’05: Pro-

ceedings of the IEEE International Conference on e-

Business Engineering, pages 535–540, Washington,

DC, USA. IEEE Computer Society.

Heuser, L., Alsdorf, C., and Woods, D. (2008). Interna-

tional Research Forum 2007. Evolved Technologists

Press, New York.

Janiesch, C., Ruggaber, R., and Sure, Y. (2008). Eine In-

frastruktur f

ur das Internet der Dienste. HMD-Praxis

der Wirtschaftsinformatik, 45(261):71–79.

ager, T. (2008). Kommerzielle Applikationen f

ur Open

Source Software und deutsches Urheberrecht. In

Hoffmann, M., editor, Vernetztes Rechnen - Soft-

warepatente - Web 2.0, volume 16 of Recht und Neue

Medien, pages 61–78. Boorberg, Stuttgart.

Kifer, M., Lausen, G., and Wu, J. (1995). Logical Foun-

dations of Object-Oriented and Frame-Based Lan-

guages. J. ACM, 42(4):741–843.

otzsch, M., Rudolph, S., and Hitzler, P. (2008). ELP:

Tractable Rules for OWL 2. In 7th International Se-

mantic Web Conference (ISWC2008), pages 649–664,

Berlin. Springer.

Larenz, K. (1983). Methodenlehre der Rechtswissenschaft.

Springer, Berlin, 5. edition.

Oberle, D., Bhatti, N., Brockmans, S., Niemann, M., and

Janiesch, C. (2009). Countering Service Information

Challenges in the Internet of Services. Business &

Information Systems Engineering, Volume 1, Number

5 / Oktober 2009:370–390.

Raabe, O., Wacker, R., Funk, C., Oberle, D., and Baumann,

C. (2010). Lawful Service Engineering – Formal-

isierung des Rechts im Internet der Dienste. In Pro-

ceeding of the International Legal Informatics Sympo-

sium (IRIS2010), Salzburg (to appear).

Staab, S. and Studer, R., editors (2004). Handbook on

Ontologies. International Handbooks on Information

Systems. Springer.

COMPLIANCE FOR SERVICE BASED SYSTEMS THROUGH FORMALIZATION OF LAW

371