Int. IJBPIM. , Vol. x, No.

x, xxxx 1

Rule-based modeling & verification of business

processes

Boukhebouze Mohamed1, Amghar Youssef1,

Benharkat Aïcha-Nabila1 and Maamar
Zakaria2
1
Université de Lyon, CNRS, INSA-Lyon, LIRIS, UMR5205, F-69621, France
{mohamed.boukhebouze, youssef.amghar, nabila.benharkat}@insa-lyon.fr
2
CIT, Zayed University, Dubai, UAE
[email protected]

Abstract: Efficient organizations need to ensure that their business processes are at the same time
robust and agile. These two features could be verified using appropriate techniques. In this paper
we present a new rule based model for the business process flexibility management and
verification. To achieve these two objectives, the new model is grounded on a new formalism
issued from ECA model and supported by a language called RbBPDL (Rules based Business
Process Definition Language). In this model, a business rule has an Event-Condition-Action-Post
condition-Event triggered (ECAPE) formalism. This allows, in the one hand, the translation of a
process into a graph of rules that is analyzed for the sake of ensuring the agility of the business
processes. In the other hand, the ECAPE formalism allows the translation of a process into a new
colored Petri net, called ECAPE net, in order to verify the process functioning. Finally, we propose
an architecture of rule-based modeling and verification of business process that support the new
proposed model.
Keywords: Business processes modeling, business rules, declarative language, rule graph, flexible
modeling and Business processes verification.

In this context, a standard is proposed process execution

1 Introduction language called BPEL (OASIS, 2007), to make processes
portable on different platforms. This specification is now
To be efficient and remain competitive, organizations stable and adapted to business needs. In addition, several
need to rely on robust and at the same time agile business verification techniques have been proposed to ensure the
processes. The definition and execution of these reliability of the BPEL processes (Van Breugel et al.,
processes require appropriate models and tools that 2006). And several editors (e.g., Oracle BPEL Process
would permit defining, developing, collaborating, Manager, IBM WebSphere) have adopted and included
deploying, and last but not least controlling these this language in their tools. However, the use of BPEL
processes. Business Process Management (BPM) is language forces designer to implement regulations,
about managing the whole cycle of a business process policies and decisions (business rules) within the logic of
from early stage of requirement elicitation to later stage the process. This practice makes business process rigid
of deployment and maintenance. In this life cycle, and difficult to maintain. Indeed, the dynamic nature of
process modeling would allow to shed the light on the organizations environments makes the business rules
best practices and core knowledge in an organization. subject to modification.
For this purpose, this modeling must be based on
powerful languages in order to give a full business Therefore, the integration of the process logic and
process description. business rules into the same code processes compromises
agility of modeling. For this reason, we need sound
model that would provide the right means to support the

Copyright © 2009 Inderscience Enterprises Ltd.

Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

flexibility of the processes, and to support process

verification. However, these characteristics are highly
inter-related, which increases the complexity of 2 Preliminaries
satisfying them all. Real business processes tend to be
less flexible and difficult to analyze due to continuous In this section we give a brief definition of business rule,
changes in regulations and policies. we give a brief introduction to process flexibility and
process verification and we formulate the motivation of
In this paper we present a new rule based model in order our work.
to improve the management of business processes in
terms of flexibility and verification. This model issued 21 Business rules
from ECA model and grounds on powerful and formal
tools. The process logic, in this model, can be In a competitive environment, organizations increasingly
summarized using a set of business rules that implement need to manage complex processes, adapt to change and
the policies of organizations. Each business rule is ensure robust and reliable business processes in order to
formalized in term of the ECAPE formalism (Event- carry out their missions. Indeed, the dynamic
Condition-Action-Post condition- Event triggered). The environment of organizations makes the process
great advantage of ECAPE formalism is that processes elements subject of frequent change. According to
can be easily translated into a graph of rules. Then Goedertier et al. in (2006) the origin of change comes
analyzing this graph guarantees the flexibility mainly from frequent changes in first, regulations that
management by studying the relationships between the organizations have to comply with and second, internal
rules and giving change cost estimation if any rule policies that organizations themselves develop. These
change. Another great advantage of ECAPE formalism is regulations and policies are often expressed in terms of
the translation of the process into a new colored Petri net business rules
called ECAPE net. Indeed, ECAPE net allows rewriting
formally a business process and analyzing the resulting Business rules are defined as high-level structured
net to infer certain properties such as the no Deadlock, statements that constrain, control, and influence the
no Livelock and so on. Thus, we can detect errors by business logic (BRG, 2000). According to Wagner in
taking account of the identified properties of this ECAPE (2005) the different structural categories of a business
net. The representation of this new model doesn’t go rule can be considered: (1) Integrity rule: it concerns the
without the need for new declarative language in order to constraint or assertions that must be satisfied. Example:
offer a syntax and semantic necessary for description of the client must be registered to require an order. (2)
the ECAPE rules and the core elements in a business Derivation rule: it concerns one or more conditions and
process (such as participants, variables, and activities). one or several conclusions. Example: The loyal customer
For this reason, we propose the RbBPDL language receives a 10% off discount. Boukhebouze is loyal. As
(Rule-based Business Process Definition Language) conclusion: Boukhebouze receives a 10% off discount.
which uses syntax based on XML, inherited from the (3) Production rule: it concerns one or more conditions
most used languages in industry (BPEL, XPDL), to and one or more actions. Example: If the stock is sell out
describe business processes in declarative way. then launch supplying process. (4) Reaction rule: it
concerns the rule that is triggered by events occurrences
The rest of this paper is organized as follows. We and which require the satisfaction of conditions to
introduce in section 2 a brief definition of the principal perform actions. Example: when receiving an order, if
notions is given. We detail in section 3 our new model the raw materials are available then launch production.
and the new language RbBPDL. In section 4, we outline (5) Transformation rule: it concerns the rule that
the flexibility process modeling management. In section control change of the system state. Example: The age of
5, we explain how RbBPDL process can be verified by an employee must be changed in incremental way. Note
an ECAPE net. In section 6 we describe the BP-FAMA that, deontic assignment rule can be considered as sixth
architecture which use our new rule based model. We category if we look at ‘authorizations’ as business rules
wrap up the paper with the related work, a conclusion (Taveter et al, 2001). Indeed, deontic assignment rule
and some directions for future works. concern the rule that constraining the action by
specifying what must be obligation, permission,
prohibition and waived obligation. Example: Only the
manager has the right to grant promotions to employees.
 Rule-based modeling & verification of business processes

Therefore, Business rules should be formalized to reliance on its requirement by eliminating the
facilitate their use. Unfortunately, using imperative contradictions and ambiguities (formal specification). On
languages such as BPEL (OASIS, 2007) and XPDL the other hand, they minimize the likelihood that a
(WMC, 2005) designers implement business rules based malfunction can occur while on basing on the
on decisions (what process branch must be chosen) that verification properties of models for example deadlock
are defined using connectors (e.g., sequence, parallel or net vivacity...etc. In this way we can detect errors by
split, exclusive choice). In this way, these languages can taking into account the model properties.
use the results of the decisions to determine the process
behavior rather than to model these decisions. We have identified a number of works that use this
Consequently, the implementation of change is difficult. technique to verify the proper functioning of business
processes. In general way, the Petri Net is the model
22 Process flexibility mostly used (Martens et al., 2003), (Ouyang et al., 2005)
and (Yang et al., 2005). However, the process algebra
By flexibility we mean how to implement changes in also has imposed on the process verification (Koshkina
some parts of a business process without affecting the et al., 2004), (Smith et al., 2003). Although, other
rest of parts neither the continuity and stability of these approaches, based on different models, have been
parts (Regev et al. 2006). Indeed, in a dynamic proposed. An example is the work of Pu in (2005) which
environment, businesses need to rely on flexible process is based on the model TA (Timed Automata) and which
models to allow the modification of parties that have proposes a new language based on BPEL called µ-BPEL.
been changed while keeping the stability of other parts of This last defines the semantics of basic and structured
the process. According to the taxonomy of Regev in activities.
(2006) all the process elements are likely to be changed.
The change subject that concerns the different aspects of In our work, we are particularly interested in using a
the process those are subject to change. Indeed, the Petri net (PN) because it combines the advantages of a
change may affect the process activities (functional graphical representation with the semantic aspect that is
aspect), the flow control (behavior aspect), the process attributed to model process behavior. In general, the
data (information aspect) or the various protocols used in objective of using a PN is to minimize the likelihood that
the process (operational aspect). However, the change of a malfunction might occur by checking some properties
a process element may require a change of other like deadlock and net vivacity. However we should
elements that are related to changed elements in order to define the semantics of our model in terms of PN.
maintain process coherence. To do so, the impact of a Therefore, we should use PN that supports the semantics
change on the rest of the process should be studied to of our model.
help automate the management flexibility of a business
process model by estimation the change cost of one rule.
24 Problem statement
23 Process verification The general problem addressed in this paper is the need
to develop a rule-based model to improve the business
By verification we mean how to ensure that process process management in terms of flexibility and
execution is in accordance with its modeling plan and verification. To this end we identified three major
how to detect the unanticipated situations that may arise research directions: how to model a business process in a
during the execution of a process (Russell et al., 2006). flexible way, how to manage the impact of change and
Indeed, an erroneous business process usually has major how to verify a business process?
negative consequences on the continuity of these
activities. To assist a designer to detect errors during For this reason, in our work, we are particularly
process specification, several techniques are used. The interested in using a declarative model based on business
verification by formal models is viewed as the most used rules so that the flexibility of these processes can be
technique to detect errors in specifications during a achieved. However, in the existents declarative process
business process modeling. These models need to modeling languages, the modeling flexibility with focus
formalize the specification in a formal model (e.g., the on the impact of a rule change on the rest of a process is
Petri net, process algebra… etc.). The objective of using not well looked into. In order to ensure automatic
these models in specification process is double: on the flexibility management, we need to look at the
one hand, they provide the complete process description relationship between the rules so we can determinate the
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

other rules that will be affected with a change in some proper functioning of the process. Business rules in
rule. Therefore there is a need for a more powerful rules proposed model must be based on a formalism that
formalism that would allow a complete definition of this allows reaching our two objectives (favor a flexible
relationship. In addition, the various declarative process modeling and verification of a business process).
modeling languages do not allow to have an explicate
execution scenario. As a result, more powerful rules ON <Event>
IF <Condition>
formalism is deemed appropriate in order to translate, in DO <Action>
an easy way, a business process into a Petri net and Check <Post condition>
Trigger <Event triggered>
ensure the process verification by allowing to building an
execution scenario in an automatic way.
For this reason, we propose the formalism ECAPE which
In conclusion, there is a need for a new powerful rules is defined as: The semantics attached to an ECAPE rule
formalism that would help solve the problems of process is: when an event occurs, the condition is verified, if this
modeling rigidity and business process verification. For latter is satisfied, then the party action is executed by
that, we believe that the use reaction rules (ECA taking into account the rule attributes. The execution of
formalism) to model the rules set of business processes is the action raises the event triggered part. Finally, the rule
interesting. This is justified by the fact that this kind of is validated if the post condition is satisfied. Note that, if
rules is easier to maintain and it cover all other rules the post condition does not hold, a compensation
kinds (Integrity, deviation, production, and mechanism is launched in order to compensate the
transformation) (Wagner et al., 2006). However, we executed action part effects. ECAPE allows an implicit
need to a new type of ECA formalism that help us to description of sequences of rules. Each rule may trigger
deduct automatically some relationships between rules one or more rules. But, the originality of this formalism
and to built automatically an explicate execution scenario is the fact that the events triggered are explicitly
of a process. For this reason, we propose, in rest of this described. As a result, the rule sequence can be
paper, a new rule based model built on top of the new automatically deducted. Indeed, according to a post
formalism called ECAPE formalism (Event-Condition- event of a rule, we can detect which rules will be
Action-Post condition- Event triggered). On the hand, triggered.
this would allow translating a process into a graph of The great advantage of our rule based model is that
rules where the vertexes represent the rules and the processes can be seeing at three different abstractions
edges represent the relationship between these rules. By plans (see figure 1):
doing this, we favor the flexibility of business processes
modeling by determining the rules that are connected to
each other and the rules that are subject to changes. In
the other hand, the ECAPE formalism would allow
translating a process into a new colored Petri net called
ECAPE net where the places represent events and the
different kind of transitions for construction of the
complex events and representation of the rule’s action.

3 Rule based modeling of business process Figure 1: Three plans of our rule based modeling approach
The objective of our rule based model is to define, in a
declarative way, the business processes using a set of 1. At business plan, business processes are defined by
business rules. The logic of the process can be using ECAPE rules set. Indeed, these rules are
summarized with a set of business rules. The sequences statements that express, in a declarative way, a
of these rules define the behavior of a process. Indeed, business domain, policies, business concerns…etc. For
the rule sequences represent implicitly the control-flow this purpose, we must use a powerful language that
of elements that must be performed in a process. would provide the right means to describe the ECAPE
However, to provide a flexible process modeling we rules and the various elements of a process. To do this,
need to connect rules together. The verification process we propose a new language called RbBPDL (Rule-
requires the implementation of a scenario to test the
 Rule-based modeling & verification of business processes

based Business Process Definition Language) which

uses syntax based on XML, inherited from the most
used languages in industry (BPEL, XPDL), to describe,
Participant is any person, application, Web service or
business processes elements. entity, which has the authority to perform an activity.
2. At Behavior plan, business processes is translated
Variable represents pieces of information, which are
into a graph of rules in order to analyze the behavior produced or handled by a business process.
of business rules and ensure the flexibility of the
Business activity is the process element, which must be
business processes. Indeed, the need to take into executed. It is a unit of work that runs in an indivisible
accounts the dynamic of the various process elements, manner by a participant.
made us focus more on the relationship between the
rules to ensure automatic flexibility management. In
Event is an indicator that signals that a situation has
this way, we can determinate the set of rules that must occurred and for which a response is necessary. The
be changed after changing of one rule and manage the event is the activator element of a rule. It specifies
process flexibility in order to keep the coherence of when the rule should be evaluated. There are two
process. For this reason, three relationships between categories of events:
business rules are identified: inclusion relationship, o Simple events describe the occurrence of a
extension relationship and cause/Effect relationship. predefined situation in the system such as: activity
3. At operational plan, business processes is translated events (start, end, cancellation, error), process events
into an ECAPE net in order formal describe and verify (error trigger), time events (timer), and external
the proper process functioning. Indeed, to help events (reception message signal).
designers in detecting early these errors, it is useful to o Complex events that combine simple and/or
perform a high-level modeling verification for composed events using constructors such as:
providing a reliable operational process. To support
this verification, we have used formal models to - Disjunction (e1, e2) specifies that at least one of
identify possible functional errors. Among the different the two events is detected.
models used in the literature, we opted for Petri Net
- Conjunction (e1, e2) specifies that the events
(PN) due to their great ability to simulate and analyze
take place without taking into account their
the execution business process.
arrived order.
In the following sections we describe the RbBPDL
- Occurrence (e1, nbr_occurence) specifies
language used to express business concerns, the graph of
multiple occurrences of the same event.
rules used for manage the process flexibility and the
ECAPE net used to express and verify the operational - Sequence (e1, e2) specifies the sequence of
process. events.
- Not (e1, t) characterizes the fact that an event has
3 The RbBPDL language not happened in a time t.
To represent this ECAPE formalism as well as the
A Business Rule is a statement that controls the logical
various elements in a business process, the RbBPDL relationships between the activities of a process,
language is XML-based and inspired by BPEL and influencing the interactions between partners in this
XPDL (Figure 2.B). The overall structure of RbBPDL process. As business rules are described using ECAPE,
(Figures 2.A) represents five elements of a business they are represented as follows:
process:
o OnEvent: all events that activate a rule.
o Precondition: predicates upon which the execution
of an action depends.
o Action: set of instructions to be executed if a
precondition is true. For this we can use predefined
instructions such as:
- Execute: to execute the activity by a participant
(A) (B)
Figure 2: The global structure of the RbBPDL language
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

- Cancel: to cancel the execution of the activity Indeed, in our new business process model, a process is
- Skip: skip the execution of the activity seen as a set of decisions and policies. These decisions
and policies are defined by a set of business rules. For
- Discover: to find a service that performs a given example, rule R1 expresses the policy of request an order.
activity in a given registry This rule is activated by “begin process” event that
o Postcondition: predicates upon which the validation represents the customer will to place an order (it may be,
of a rule depends. for example, clicking on the button "Place an order").
The execution of the activity “RequestOrder” triggers the
o EventTriggered: the set of events triggered by the
execution of all instructions of the rule’s action. “Send message” event. This latter will activate the rule
R2. In turn, the rule R2 expresses the policy of receiving
To illustrate our rule based modeling approach, we an order. Indeed, during an occurrence the event
describe, in following section, real-life example of “Receive Order” the rule is triggered and the action’s
purchase order process instruction <Execute> will be executed.

31 Use case This instruction specifies that a given business activity

must be performed (“CostumerCheck” in our example).
In this section we introduce the famous example of
The execution of this instruction triggers the event
purchase order process to illustrate the RbBPDL
“CostumerCheck Executed”. This latter activates three
language. Upon on receipt order from costumer, the
rules R3 (policy of initial price calculation), R4 (policy of
calculation initial price of the order and selecting a
shipper selection) and R5 (policy of reject order when
shipper is done simultaneously. When the two tasks are
costumer is not registered). In turn, the execution of
completed, a purchase order is sent to the costumer. If
these rules actions actives another rules. And so on, until
the latter accept this purchase order, he’ll receive a bill
the end of process rules set. Note that, for the validation
and he’ll have to pay. The bill was finally registered.
of the rule R7, the post condition is satisfied (initial
However, we must respect two constraints: the first
prices + shipping price <= final price is true). Another
requires that the customer must be saved in the database
point is that, the event that activates the rule R10 is a
in order to satisfy his command. The second requires that
composite event. For this reason, we should use the
the bill must be done before 15 days from date of
constructor event SEQUENCE and NOT to express the
delivery.
fact that the rule is activate when, in first, the bill
calculation is executed, after that, any occurrence of “pay
Figure 3 represents the ECAPE rules set of the purchase
bill executed” event is happened until 15 days.
order process.

Figure 3: ECAPE rules set of the purchase order process.

 Rule-based modeling & verification of business processes

To describe the ECAPE rules set of the business process input/output parameters (<InputVariableName> $
we propose a new XML based language called RbBPDL. info_Costumer </ InputVariableName> and
Figure 4 represents the XML syntax of a rule of the <OutputVariableName> $CostumerRegistration </
RbBPDL purchase order process. Indeed, participants OutputVariableName>).
(see figure 4.A), variables (see figure 4.B), business
activities (see figure 4.C), and events (see figure 4.D) are And also indicating which participant has the role to
represented with XML tags like "Participants", perform this activity (<Performer>
"Variables", etc. Additional details could be added to the $Commercial_Service </ Performer>) of the rule R2 will
representation so that a complete definition of the trigger the events expressed in the <PostEvents> (in our
process elements is offered. These details could concern example the event of costumer check termination
type and role of each participant, data types of each $End_Costumer_Verification). Finally, the rule R2 is
variable, input/output parameters of each activity, and validated if the predicates of the post condition expressed
type and constructors used to express the events. in the tag <PostCondition> are true.

In our new declarative language, the set of business rules However, the need to take into accounts the dynamic of
is described in <Business rules> part. For example, rule the various process elements, made us focus more on the
R2 expresses the policy of receiving an order (see figure flexibility of business processes modeling. For example,
4.E). Indeed, during an occurrence the event (<OnEvent> if the enterprise decides not to deliver its products, rule
$ Receive_Order </ OnEvent>) the rule is triggered and R4 will be deleted from the process model.
ensures that the information is valid (<PreCondition> $ Consequently, we must determinate the set of rules that
info_Costumer! = "" < / Precondition>). The action’s must be changed after changing of rule R4 in order to
instruction <Execute> will be executed. This instruction keep the coherence of process. For this reason, we need
specifies that a given business activity must be to study the relationship between the rules to ensure
performed (<Operation> $Costumer_Verification </ automatic flexibility management. In the next section we
Operation> in our example) by specifying the detail how we manage the flexibility business process.

(A) (B) (D)

(C) (E)

Figure 4: One rule of the RbBPDL purchase order process.

Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

R2’s action (costumer verification) will trigger the post

4 Flexibility management event end costumer verification. This latter is the event
In a dynamic environment, companies need to be flexible activator of rule R3. Due to this, there is a cause and
business so they can quickly react to changes of several effect relationship between R2 and R3.
parts of a process. However, a change in a process
element may require changing other elements that are « Cause/Effect »
related to this element for the sake of maintaining the R1 R2
»
consistency of this process. Therefore, we need to study
Cause rule Effect rule
the relationship between the rules in order to automate
the flexibility modeling management. We identify three
relationships between business rules: Note that there is a slim difference between extension
and Cause/Effect relationship. Indeed, the extension
1. Inclusion relationship: shows the case of a rule (base relationship concerns the complementarily between rules
rule) that includes the functionality of another rule without necessarily having an extend rule that actives a
(inclusion rule). Two rules have an included relationship base rule. However the Cause/Effect relationship
between them if the completion of the base rule’s action concerns the activation’s rule without necessarily having
requires the completion of the inclusion rule’s action. In a functioning complementarily between the cause and
the previous example, to calculate the final price we base rules. Another point is that, the included and the
must have calculated the shipping price before. extension relationships are manually defined by a
designer, while the Cause/Effect relationship can be
« Inclusion » detected automatically by analyzing the events and post
R3 R4
events rules parts.
Based Inclusion
rule rule The fact of defining relationships between the business
2. Extension relationship: shows the case of rule rules will allow determining which rules must be revised
(extension rule) that extends the functionality of another in case of changes. Firstly, all bases rules which have an
rule (base rule). Two rules have an extension relationship inclusion relationship with a changed inclusion rule must
between them if the completion of the extend rule’s be revised by a business process designer. In the
action achieves the completion of the base rule’s action. previous example, if the enterprise decides not to deliver
In the previous example, if we suppose that a loyal its products the rule R4 is deleted from the process
customer receives a discount and a new discount rule R12 model. The suppression of an inclusion rule (R4) will
is added. As a result, there is an extension relationship affect a base rule which requires the completion of the
between R2 (rule responsible to identify a costumer) and inclusion rule’s action for its accomplishment. Due to
R12 (rule responsible to calculate of the discount) because this, human intervention is required to decide how we
the functioning of R2’s action will complete the can change the base rule in order to keep the process
functioning of R12’s action. coherence. Secondly, all bases rules which have an
extend relationship must be revised when a extend rule is
changed. In the previous example, if we change rule R2
« Extension »
R1 R12 (rule responsible to identify a costumer) which represents
an extension rule, then the base rule R12 (rule responsible
Extension Base rule to calculate of the discount) must be revised. Finally, all
rule effect rules which have a cause/effect relationship must
3. Cause/Effect relationship: shows the case of a rule be revised if the cause rule is changed in order to ensure
(cause rule) that activates another rule (effect rule). Two the activation of these rules. For example the
rules have cause and effect relationship if the execution consequence of the suppression of rule R2 in our
of a rule will activate the effect rule. As a result, the previous process is the inactivation of R3, because R2 is
execution of a cause rule’s action triggers a post event, the cause of the activation of R3. For this reason, a
which necessary activates the effect rule. Thanks to this designer must revises the effect rules if the cause rule is
relationship, the order of RbBPDL process activities can changed.
be defined by describing the post events based on
ECAPE. In our previous example, the performance of the
 Rule-based modeling & verification of business processes

To formalize the flexibility management of the process The rule graph helps formalize the flexibility
modeling, we propose to translate the business process management of the process modeling. Indeed, if any
into a graph of rules. Indeed, the vertices of this graph vertex changes, all successor vertex must be revised.
represent the business rules which constitute the business Formally this will be defined as following:
process, and the arcs represent the relationships between
the various rules. As a result, there are three kinds of Definition 2: let be a rules graph Gr (R, Y) and a vertex
arcs: includes arcs which correspond to an inclusion rule ri such that ri ∈ R.
relationship; extend arcs which correspond to an The set of the ri successor neighbors is noted N+(ri) such
extension relationship, and cause/effect arcs which that ∀ rj ∈ N+(ri), ri is an include, extend or cause rule
correspond to a cause/effect relationship between rules. for the base or effect rule rj.
A rules graph is formally defined as following: - We note Ni+(ri) the set of the ri successors such that ∀ rj
∈ N+(ri), ri is an include, for the base rule rj.
Definition1: a graph of rules is a directed graph Gr (R, - We note Ne+(ri) the set of the ri successors such that ∀ rj
Y) with ∈ N+(ri), ri is an extend rule for the base rule rj.
- R is a set of the vertices which represent business rules
- Y is a set of the arcs which represent three kind of - We note Nc+(ri) the set of the ri successors such that ∀ rj
relationship ∈ N+(ri), ri is a cause rule for the effect rule rj.
(1) Yi is a sub set of Y such that if yi (ri, rj) then ri is - We note Nc-(ri) the set of the ri successors such that ∀ rj
included in rj ∈ N-(ri), rj is a cause rule for the effect rule ri.
(2) Ye is a sub set of Y such that if ye (ri, rj) then ri extend
- We note N*(ri) the set of ri neighbors such that N*(ri) =
Ni+(ri) ∪ Ne+(ri) ∪ Nc+(ri) ∪ Nc-(ri). If ri ∈ R change,
rj
(3) Yc is a sub set of Y such that if yc (ri, rj) then ri cause
then the designer should revise all rules N*(ri).
the activation of rj
Indeed, to keep the process coherence, the flexibility
The rules graph of our previous example is illustrated by management of the process modeling will request from a
figure 5. An inclusion arc is represented by a dotted designer to revise the N*(ri) set when a rule ri is changed.
arrow with a small diamond head on the side of the base In the example of figure 5, rule R6 must be revised if rule
rule. In turn, an extend arc is represented by a dotted R4 is deleted because N*(R4) = {R2, R6}. This is why,
arrow. Finally, a cause/effect arc is represented a plain flexibility management notifies a business process
arrow. designer to revise rule R2, R6 in order to decide how this
rule can be changed. Note that we must check out the
predecessor neighbors Nc-(ri) for the cause/effect
relationship since it is not acceptable that a rule activates
a non-existing rule. For instance, if we delete R4 we must
also revise R2 to ensure that this letter does not activate a
deleted rule.

However, a cascade of the change rules can take place.

Indeed, if one rule changes, a set of successor neighbor’s
rules will be revised and properly changed. This will
generate the need to revise another set of successor
neighbor’s rules of the rule revised. And so on, we can
have the need to revise all business process rules set. In
the process example, if we change R4, then rules R2, R6
will be revised. If we change rule R6 after its revision,
this results into revising R7. Thus the change in rule R1
can cause the revision of all rules set.

It should be noted that a change cascade is not a

consequence of the flexibility management that we
Figure 5: Rules graph of the purchase order propose. Indeed, flexibility management does not do
process. more the change then the need to keep the consistency of
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

the process. In previous process, rule R4 change cascade Thus, one change rule cost can be calculated from the
(R2, R6, R7, R8, R9, R10, R11 and R12) needs to be revised change cost graph, by considering the rules of the rooted
in order to ensure the activation of all the rules and the tree with the changed rule root. For instance, ₡(R4) =
business coherence of the process as well. However we (6L, 2H) (figure 9). Finally, note that, as we are
can offer to the designer the possibility of assessing the interested in calculating the maximum change cost, so
efforts to put into per change. We call this effort change the rooted tree considered is the rooted tree with the most
cost. It is the number of rules that are subject to changes costly path.
following a change in a rule. For example If R4 is deleted
and R6 is changed in the previous example, so the
effective change cost applicable to R4 is one. It is more
beneficial to estimate the maximum change cost before
making any changes. This will indicate to a designer the
cost of a planned change. For this reason, in this paper
we use the term “change cost” to designate the maximum
change cost before doing effectively the change.
Formally this change cost is defined as following

Definition 3: the change cost that is applicable to rule Ri,

noted ₡(Ri) is the number of rules that constitutes the
directed, rooted tree in which Ri represents the root. For
instance, the cost ₡(R4) = 8 rules because the rooted tree
with root R4 contains eight rules (R2, R6, R7, R8, R9, R10,
R11 and R12). However, we propose two qualifications for
the change cost: Figure 6: the change cost graph of Figure 7: the change cost tree
the purchase order process of the rule R4
- We qualify high change cost (H) the effort to put into
changing inclusion and extension relationships because
the designer should revise entirely the rules concerned. 5 Process verification
- We qualify low change cost (L) the effort to put into Companies must be based on robust business processes
changing a cause/effect relationship because the designer to achieve their objective. The process reliability is a
should revise the event and post event part of the rules crucial issue because it automates all or part of the
concerned. company value chain and at the same time capitalizes on
their information system. For this reason, a formal
As a result, a change cost graph is defined where vertices verification step seen to be necessary to ensure that the
represent the rules and the arcs represent the change cost operational process meets all requirements. In our rule
qualification (figure 6). In this graph only one arc can based model we have used formal models to identify
exist between two vertices by calculating the maximum possible functional errors. Among the different models
change cost between the arcs as the following table: used in the literature for this type of verification, we
Cost1 Cost2 Max (Cost1,Cost2) opted for Petri Net (PN) due to their great ability to
H H H model the semantics of business process execution (Van
H L H der Aalst, 1998). Moreover, the PN offer a wide range of
L H H mathematical properties for analyzing the proper
L L L functioning of the process. To this end, we detail, in this
section, how to write an ECAPE rule based model in
terms of PN. The Petri Net obtained allows us to verify
Indeed, we consider high change cost the maximum cost
some properties for instance, deadlock or net
between a high cost and a high cost or between a high
vivacity...etc. We can detect errors by taking into
cost and a low cost. Therefore, we consider low change
account the properties detected. However, among the
cost the maximum cost between two low costs. In this
various kinds of proposed PN, which support the
why, the change cost can be represented by a couple of
semantic of ECPAPE rules set?
the number of the rules that require a high change cost
and the number of the rules that require a low change.
 Rule-based modeling & verification of business processes

To answer this question we present in following a brief Eshuis et al. in (2003) the environment of classical Petri
introduction to Petri Net and we cite some works which net models closed systems because it does not influence
use this formalism to verify a business process. the firing of transitions. In contrast, ECA system is open
because it usually needs some additional input event to
31 Petri Net for business process verification become enabled. For this reason, Eshuis et al. propose in
Petri Net (PN) was introduced to model and analyze the (2003) a reactive Petri Net (RPN) which considers two
behavior of systems based on in a graph model. Indeed, a type of transitions: internal transitions (Tinternal) and
PN is a bipartite directed graph with two types of nodes: external transitions (Texternal ). The firing rule of Tinternal is
A place models a condition or state of a system resource. "the transition must be fired" rather then "the transition
A transition models an event or action that takes place can be fired". In same time, the external transitions
within the system. The conditions necessary to trigger an interaction with the environment and the classical firing
action are modeled by arcs that connect one place to one rule can is preserved to ensure the stability of the Petri
transition. For modeling the dynamic aspect of the net. Therefore, RPN has two possible states: stable and
system, tokens are used. Indeed, if a place contains a unstable. A state is stable if no internal transition is
token that means the condition represented by this place enabled, it is unstable otherwise. A stable state can
is verified or indicate the availability of a resource in become unstable if some external transition fires. In an
case we have several tokens in one place. One transition unstable state, the reactive Petri Net must fire some
is fired if there is a defined number of a token at the enabled internal transitions. By firing these transitions, a
input place. After firing a transition, the tokens are new state is reached. If the new state is stable, the Petri
consumed from input places and will be places at the end Net has finished its reaction.
of all output places. Finally, a PN marking is the
distribution of tokens over the places at a given instance. Despite, the reactive Petri Net seen interesting to model
our ECAPE rules set, this Net is not enough, because it
To detect errors that may contain a business process, doesn’t explicitly include the construction necessary to
several studies have exploited the strengths of PN. An model complex events. For this reason, we are interested
example of this is the works conducted by research team in another PN called Conditional Colored Petri Net
of Eindhoven University of Technology which propose (CCPN). Indeed, this CPN is proposed by Li et al. in
to use a PN, called Workflow Nets (WF-nets), to validate (2004) in order to model an ECA rule of an active
and verify of workflow (Van der Aalst, 1998). WF-Nets database system. The particularity of this Petri Net is the
require a single initial and final place, transitions fact of defining some new elements on CPN to
represent real activities, or routing and places represent characterize ECA rules features. Specially, the complex
pres and post conditions. However, the classical Petri events can be modeled by defining new types of places
nets miss expressiveness since they don’t distinguish the and new types of transitions. For this way, ECA rules
two tokens of the same place. For this reason, several can be easily modeled by CCPN by considering the
Petri net extensions have be proposed. The well knows events and actions of one rule as places which are inputs
extension is the colored Petri net (CPN). Indeed, in this and outputs transition, ECA rules themselves are mapped
kind of net, tokens are typed (colored) to express the into transitions and conditions are attached to transitions.
different characteristics of resources. In this way, the However, a Conditional Colored Petri Net can not model
pre-conditions such as “only tokens which have of a perfectly an ECAPE rules set, because each ECAPE rule
given color can be are fired” can be supposed. The may trigger one or more rules by describing explicitly
colored Petri net is widely used to verify Web services the events triggered. As a result, the rule sequence can be
composition and business process. An example of this is automatically deducted.
the paper of Yang et al. in (2005).
Inspired by how CCPN model the complex events, we
Unfortunately, the semantics of the classical PN and detail in the next section, a new Colored Petri Net called
CPN don’t allow modeling the behavior of ECA rule ECAPE Net. This latter allows rewriting formally an
based process (specifically, ECAPE rule based process). ECAPE rules set in order to analyze and verify the
Indeed, in classical Petri net (or colored Petri net), when business process.
all the conditions necessary for firing one transition are
satisfied, the transition may be fired but not necessarily,
while in a ECA system, it must be fired. According to
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

32 ECAPE Net
An ECAPE Net is a colored Petri Net that models the
ECAPE rules execution sequence which represents the
logical of business process. Indeed, the rule’s events are
represented by places. The input places represent events
that activate one rule and the output places represent the
events triggered by the execution of a rule action. In turn,
the rule’s action is represented by the transitions. The
rule’s condition (and rule’s post condition) is attached to
transition (see figure 8).

Figure 9: ECAPE Net elements

Figure 8: General structure of ECAPE Net Definition 3 An ECAPE Net is a colored Petri Net with
11-tuple ECAPE Net = (∑, P, T, A, C, W, Activity,
However, in ECAPE rule, an event can be primitive or Cond, PstCond, D, τ )
composite. In addition, the rule’s action is consisted of
various predefined instructions. For this reason, we need
∑ is a finite set of types also called color sets.
new Petri Net elements to help us build composite events

P is a finite set of places that model the rule’s event. P
from primitive events and to model different action’s
is divided into three subsets: P = Pprim ∪ Pcomp ∪ Pinter
instructions. Figure 9 illustrates the ECAPE net
where Pprim, Pcomp and Pinter are set of primitive,
elements. Indeed, in this Petri Net, there are five types of
composite and intermediary places. In turn, Pprim
places, two types of transitions and two types of arcs:
contain tow subsets: Pstart ⊂ Pprim and PEnd ⊂ Pprim
- Primitive place used to represent a primitive event
where Pstart and PEnd are the set of start place and end
- Composite place used to represent a composite event place.
- Intermediary place used specially in ANY event
T is a finite set of transitions. T is divided into two
constructor to build a composite event. subsets: T = Tcomp ∪ Tcopy ∪ Taction where Tcomp and
- Start place used to represent the first primitive event Taction are set of composite and action transitions. In
that launches the process execution. turn, Taction is divided into four subsets : Taction = TExecute
∪ TSkip ∪ TCancel ∪ TDiscover where TExecute, TSkip,
- End place used to represent the last primitive event TCancel and TDiscover are the set of Execute, Skip, Cancel
that causes the end of process execution. and Discover transitions.
- Composite transition used to generate a composite
A is a set of directed arcs that connects a place to a
event from primitive event. This will be explained
thereafter. transition and vice-versa such that A ⊆ (PxT) ∪
(TxP). A is divided into two subsets: A = Anorm ∪ Ainhi
- Action transition used to represent rule’s action where Anorm and Ainhi are set of normal and inhibitor
instructions arcs.
- Normal arc used to represent the Petri Net control
C is a color function that assigns a unique color to each
flow. place p. The color of a place is denoted as C(p). C is
- Inhibitor arc used specially in NOT event constructor defined from P to ∑ such that: ∀p ∈ P, ∃C ( p ) : C ( p ) ∈ ∑
to build negation composite events.

W is a function that defines arcs by determining the
Now we give a formal definition of ECAPE Net. token’s variables that are either consumed or produced
during operation such that
 Rule-based modeling & verification of business processes

∀a ∈ A, Type(var(W (a )) = C ( p (a ))) and Type(var(W (a))) ⊆ Indeed, A state Mn is called reachable from M1 (notation
∑ where Type(var(W (a))) is a function that determines M1  ∗
→ Mn ) if and only if there is a firing sequence
the types of the variables in an arc. Indeed, the first σ
σ = t1t 2 ...t n −1 such that M1 → Mn
part, in this formula, express that the types of the arc’s
variables must be compatible with the colors set of the
Secondly, we define the five following input/output sets:
input place or output place. The second part, in this
formula, express that the token’s types must belong to - • t is the input places set of transition t such
that • t = {p ∈ P : ( p, t ) ∈ A} .
the colors set of the CPN.

Activity is an activity function that is defined from
Taction to an activity name. - n•t is the input normal arc places set of transition t where

Cond is a condition function that is defined from the arc that connects p to t is normal arc such
either Taction or Tcomp to expressions such that : that n•t = {p ∈ P : ( p, t ) ∈ Anormal } .
∀t ∈ Taction , Type(Cond (t )) = boolean where Cond function - •i t is the input inhibitor arc places set of transition t
evaluates the rule’s condition; where the arc that connect p to t is inhibitor arc such
∀t ∈ Tcomp , Type(Cond (t )) = boolean where Cond function that •i t = {p ∈ P : ( p, t ) ∈ Ainhabitor } .
evaluates the condition of composite transition.
- t • is the output places set of transition t such that

PstCond is a condition function that is defined from
Taction to expressions such that : t • = {p ∈ P : (t , p ) ∈ A}
∀t ∈ Taction , Type( PstCond (t )) = boolean where PstCond - p • is the output transitions set place p such that
function evaluates the rule’s post condition.
p • = {t ∈ T : ( p, t ) ∈ A}

D is a time interval function that is defined from Tcomp
to a time interval [d1, d2]
Finally, in ECAPE net, a Sequence S from a node n1

τ is a time stamp function which assign each token in (place or transition) to a node nk is a sequence
place p a time stamp corresponding to time event n1 , n2 ,..., nk such that ni , ni +1 ∈ A . A Sequence is
happen. τ is expressed in natural clock with the form
year : month : day - hour : minute : second. For elementary if each node is unique.
example, a token has time stamp 2009: 02: 06 -18: 46:
16. The ECAPE Net model the execution of ECAPE rules
set. For this reason, we will specify, in following, the
Note that, in ECAPE Net, a token is 4-tuple (p, c, data, firing rules of composite and action transition of an
timestamp) where p ∈ P, c ∈ C ( p ) called the color, data ECAPE Net.
is business information and timestamp specifies the
natural time when the token is deposited into place p. Definition of the composite transition firing rule
A composite transition is fired if there are at least one
Before continuing to explain the ECAPE net, we will token in all its input places, if the sum of all tokens in all
first define some usual functions, sets and notions that input places is more then the multiplicity of normal arcs
are used to formalize ECAPE net: that connect all input places to this composite transition
and if all conditions attached to the composite transition
Firstly, M is the net marking function that is defined is true.
from P to N (set of all natural numbers) to assigns to Formally, a composite transition is fired if and only if:
each place a number of tokens. We denote by M0, the 1- ∀p∈n• tcomp , M ( p ) ≥ 1
initial marking (initial state) of the Petri net. And we
denote by Mf, the final marking (final state) of the 2- ∀p ∈ P, M ( p ) ≥ W ( p, t comp )
ECAPE net. M(p) is the place marking function that 3- Cond(tcomp) = True
defined is from P to N (set of all natural numbers) to
specify the number of token in one place at given state. Note that a composite transition is also fired when there
are any tokens token in the time interval [d1, d2] at the
The state of the net may change according to change of input places that are connected with inhibitor arcs.
the tokens number during the execution of the net.
 Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

(A) (B) (C) (D) (E) (F) (G)

Figure 10: ECAPE Net structures of composite events

Formally, a composite transition is fired if and only if: In fact, the composite transition is fired when e1 marked
∀d ∈ [d1 , d 2 ], ¬∃p∈•i tcomp , M ( p ) ≥ 1 Indeed, as we said with n token in the time interval [d1, d2]. After firing of
this transition, the composite place ec is marked.
previously, a composite transition is used to generate a - Any event (ANY(m, e1, e2, …, en)) express that any m
composite event: events of e1, e2, …, en happen where m < n. Figure
- Conjunction event (e1 ∧ e2 ) express that both e0 and e1 10.G show how to generate this event. In fact, m
happen. Figure 10.A show how to generate this event. composite transitions are fired when e1, e2, …, en are
In fact, the composite transition is fired when both e1 marked. Each of these m transitions mark an
and e2 are marked. After firing of this transition, the intermediary place ei. This will help to limit the
composite place ec is marked. composite transitions fired to m because when ei has m
- Disjunction event (e1 ∨ e2 ) express that e1 or e2 happen. token, the last composite transition is fired to generate
Figure 10.B show how to generate this event. In fact, the composite event ec
one of the two composite transitions is fired when e1 or
e1 are marked. After firing of one of two transitions, the Definition of the action transition firing rule
composite place ec is marked. An action transition is used to represent rule’s action
- Negation event (¬e1in[d1, d 2]) express that e1 do not instructions. It is fired if there are at least one token in all
happen in the time interval [d1, d2]. Figure 10.c show its input places and all conditions and post conditions
how to generate this event. In fact, the composite attached to it is true. Formally, an action transition is
transition is fired when e1 is not marked in the time fired if and only if:
interval [d1, d2]. After firing of this transition, the 1- ∀p∈• t action , M ( p) ≥ 1
composite place ec is marked. 2- Cond(taction) = PstCond(taction) = True
- Sequence event (SEQ(e1 , e2)) express that event e1
before the event e0. Figure 10.D show how to generate However, the Skip transition (TSkip) and Cancel transition
this event. In fact, the composite transition is fired (TCancel) has some particular semantic execution. Indeed,
when both e0 and e1 are marked and if τ (e1) < τ (e2) . as illustrated in figure 11, the Cancel transition is
After firing of this transition, the composite place ec is attached to an Execute transition. If Cancel transition is
marked. fired, all tokens of all input places of its attached Execute
- Simultaneous event (SIM(e1 , e2)) express that event e0 transition are removed. In this why, the Cancel transition
happen at the same time with the event e1. Figure 10.E disables the Execute transition. In turn, Skip transition is
show how to generate this event. In fact, the composite also attached to an Execute transition. If Skip transition
transition is fired when both e1 and e2 are marked and if is fired, all tokens of all input places of its attached
τ (e1 ) = τ (e2) . After firing of this transition, the Execute transition are removed and one token is added
composite place ec is marked. into all output places of its Execute transition. In this
- Occurrence event (OCC(n, e1) in[d1, d2]) express that why, Skip transition skips the Execute transition.
event e1 occurs n time in the in the time interval [d1,
d2]. Figure 10.F show how to generate this event.

Figure 11: Cancel and Skip transition pattern

 Rule-based modeling & verification of business processes

To illustrate the ECAPE net, we present, in figure 12, the ensure the reliability of the process by analyzing the
ECAPE net of the previous purchase order process ECAPE net.
example. Indeed, the events of this process are
represented using places. The composite events are
generated by using the composite transitions and
represented by composite events. In turn, the rule’s
actions are represented using the action transitions.
Finally, the rule’s conditions are attached to action
transitions. We detail the semantic of this Petri net
execution through the following execution scenario
example. We assume that the first place has one token
when event (process beginning) of rule R1 occurs. So this
place is a start place because it launches the execution of
the process. After that marking, the action transition,
which represents the execution of the action request
order of rule R1, is fired. Consequently, one token is
placed in the place which represent post event of rule R1
and triggered by request order action (Send message).
After that the action transition which represents the
check customer action of the rule R2 is fired and one
token is placed in the output place. If the condition
“costumer is registered” is true then the two action
transitions, which represent respectively the initial price
calculation action of rule R3 and shipper selection action
of rule R4, are fired. Due to this firing, one token is
placed in each output place of these two action
transitions. However, to calculate the final price, we need
to complete the execution of the initial price calculation
action and shipping price calculation action. To model
that, we use a composite event that is generated by a
composite transition as shown in the figure. This
transition is fired only if one token is placed in each
input places. According to our execution scenario, the
composite transition is fired after firing the action
transition which represents the shipping price calculation
action of rule R5 and after placing one token in the output
primitive place because one token is already placed in Figure 12: ECAPE net of the purchase order
place which models accomplished of the initial place process
calculation action. And so on, the token move around the
primitive places, composite transitions, composite places
and action transitions until arrive to end place which
represents the end process event. 33 Verification of process using ECAPE Net

After detailing the formal ECAPE net definition, we will The aim of the process verification is to ensure the
show how to verify the business process using this net. correctness of the process. According to Van der Aalst in
Indeed, the great advantage of modeling the ECAPE (1998) a business process definition is correct if a set of
rules execution sequence via an ECAPE net is not minimal requirements or criterions is satisfy. These
limited to express formally the execution semantic of criterions can be related to the structure of the Petri net
these rules set, but this execution can also be verified by (so-called well-structuredness property) or relates to
using a this net in order to detect eventual execution the dynamics of the Petri net (so-called Soundness
errors. For this reason, we detail, in following, how to property).
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

1. Well-structuredness property and ├ (costumer is not registered) is satisfiable. For this

The Well-structuredness property is proposed in (Van reason, the satisfiability property is verified.
der Aalst, 1998) to formalize the need to satisfy that, in
WF-net, every split (OR, AND etc.) is followed by a 2. Soundness property
corresponding join of the same type. This property can Soundness property has been introduced in (Van der
be used to verify the structure UML activity diagrams Aalst, 1998) to formalize the need to satisfy that, in well-
and BPEL4WS code (Dehnert et al, 2005). However, in structured Petri net, there are there are no dead
ECAPE rule set model, the control flow is implicitly transitions and neither Deadlock nor Livelock. Indeed, a
defined and each rule has a condition and post condition. dead transition occurs when any transition can not be
For this reason, in terms of ECAPE net, well- reached. In turn, a Deadlock occurs if a jamming is
structuredness is characterized by need to satisfy, in happened before the condition ‘end’ is reached. Finally,
addition to structural properties, the satisfiability of the Livelock occurs if a sub set of transitions are fired in an
predicates which represent the condition and the post endless cycle. Furthermore, in well-structured Petri net
condition of rules. For this way, An ECAPE net is well- is sound if termination is always possible and once
structuredness if three following properties are verified: terminated there is no residual tokens in places. In terms
• Regular property supposes that (1) an ECAPE net has of well-structured ECAPE net, soundness property is
at last one start place pstart and at last one end place pend characterized by need to satisfy following conditions:
. (2) Each node of ECAPE net is on a sequence from • For every state M reachable from initial state, there
the Pstart place set to Pend place set. Formally, the regular exists a firing sequence leading from state M to end
property requeirts to respect two conditions: ∗ ∗
state. Formally: ∀M ( M o → M ) ⇒ ( M  → M f )
(1) Pstart ≠ Pend ≠ Ø
(2) ∀n ∈ P ∪ T ∃S such that n ∈ S ∧ p start ∈ S ∧ pend ∈ C • Final State is the only state reachable from initial state
with at least one token in place pend. Formally:
• Completeness property supposes that each place (or ∗
transition) of ECAPE net is linked to, at last, one ∀M ( M 0 
→ M ∧ M ≥ 0) ⇒ ( M = 0)
transition (or place) except the start place and end • There are no dead transitions in (ECAPE net, pstart).
place. Formally, the completeness property requires to ∗ t
Formally: ∀t ∈ T ∃M , M ' M 0 
→ M 
→ M '
respect two conditions:
(1) ∀p ∈ P − Pend , ∃t ∈ T such that t ∈ p • The ECAPE net of our previous example (see figure 12)
(2) ∀t ∈ T , ∃p ∈ P − Pstart such that p ∈ t • is sound because, firstly, this Petri net is well-structured.
Secondly, by simulating the net, we deduce that there are
• Satisfiability property supposes that (1) each no dead transitions and neither Deadlock nor Livelock
condition (post condition) of one transition is (termination is always possible). And once terminated
satisfiable. (2) For each ECAPE net path the there is no residual tokens in places.
conjunction the condition and post condition of
transitions t1, t2 ... tj-1 forming this path is satisfiable.
Formally, satisfiability property requires to respect the
following conditions: 6 THE BP-FAMA ARCHITECTURE
(1) ∀t ∈ T , Cond(t) is satisfiable and PstCond(t) is In this section we describe the architecture of the BP-
satisfiable FAMA framework (Business Process Framework for
(2) ∀s ∈ Sequences, ├ ∧ Cond (t ) ∧ PstCond (t ) is Agility of Modeling and Analysis) which is in progress
t ∈C
within our laboratory and which uses the ECAPE set
satisfiable such that Sequences is the set of rules to model a business process in declarative way.
distinguish sequence of an ECAPE net.
This new framework aims at tacking the following two
The ECAPE net of our previous example (see figure 14) issues: the implementation of business rules in a business
is Well-structured because this Petri net is regular, process code makes this process rigid and difficult to
complete net and each ECAPE net sequence the maintain, and the lack of mechanisms to support the
conjunction the condition and post condition of verification process. The BP-FAMA architecture we
transitions forming this path is satisfiable: ├ (costumer is proposed in Figure 13 illustrates how the RbBPDL
registered) ˄ (IP+SP ≤ FP) ˄ (τ (e1 ) < τ (e2 )) is satisfiable, language is a cornstone to this framework. RbBPDL uses
├ (costumer is registered) ˄ (IP+SP ≤ FP) is satisfiable
 Rule-based modeling & verification of business processes

ECAPE formalism to describe a business process using a In the execution phase, a Rule engine interprets the
set of business rules. fulfillment specification of business rules actions. This
interpretation is performed by automating interactions
between business participants (the documents, the
information and tasks) and allocating the different
resources. The activation of these rules is ensured by a
complex event processing (CEP) engine. Indeed, this
engine detects the predefined events (primitive of
complex events) and alerts the Rule engine by sending
messages. When it receives a message, the Rule engine
activates the rules according to the triggered events. Note
that, these messages are also fed back into the CEP
engine and treated as incoming events. This will allow
generating the composite events. Finally, the different
log files, historic of events and traces accumulated
during the execution of a large number of rules instances
are stored in a specific base to be used in the next step.

In the diagnostic phase, a Business Activity Monitoring

(BAM) is used in the aim to provide real time
Figure 13: the architecture of the BP-FAMA framework information about the status and results of various rules
actions, various events triggered and transactions. In this
way, the enterprise is better informed and can make
Indeed, in the specification phase, the designers define quickly business decisions.
the elements constituting the business process or they
redefine the elements of a process in order to improve it.
This definition is a dialogue medium between the 7 Related work
processes responsible and operational teams in charge of
executing them. To this end, the BP-FAMA Business The integration of business processes and business rules
Rules Definer (which represents the business plan) uses is a research topic for several years. This is why
RbBPDL language to define the business process. literature teems with proposals that attempt to answer
However, the BP-FAMA Business Rules Definer needs this delicate question. In general way, these proposals
to provide a convivial representation and an easier way can be classified into two major approaches: The first
to understand the process. In this perspective, a set of approach tries to add a flexibility dimension to the
complete graphical notations (graphics and charts) is imperatives languages in order to keep a straight face
needed to represent graphically an RbBPDL process. For their rigidities. Indeed, this approach can be used as
this reason, the notations of the URML language are complementary design method of imperatives languages.
adopted. Indeed, the latter is proposed by Wagner et al. In other word, it doesn’t substitute method of the
in (2006) to describe the rules with graphical notations imperatives languages model.
and meta-models inherited from its ancestor UML. In
this way, The BP-FAMA Business Rules Definer uses In literature, we list some works that were interested in
URML to graphical describe a business process and this approach. Indeed, the first works category tempts to
serializes rules using the language RbBPDL. encapsulate business rules as web services according to
associated architectures. An example for this, the work
After translating the process into the graph of rules and of Rosenberg et al. in (2005) which proposes to integrate
the ECAPE net. The BP-FAMA Business Rules business rules, managed by rules engines, into in the
behavior analyzer (which represents the behavior plan) BPEL or other languages composition services. For that,
ensures the flexibility of the business processes by the architecture proposed is based multiple modules:
analyzing the graph of rules of the process. In turn, the Enterprise Service Bus (ESB), which is used by all
Business Rules simulator (which represents the services as a platform for communication. BPEL engine
operational plan) verifies the process functioning by is linked to ESB by an adapter in order to communicate
analyzing the ECAPE net of the process. directly with the Web services gateway. The business
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

rules broker is defined to unify the access to different several rule-based declarative languages have been
business rules engines by using the web services proposed. According to Wagner in (2005), the rules
interfaces. The Rules Interceptor Service is used as a languages can be classified in accordance with the
bridge between business rules and the BPEL process by following three levels of abstraction (figure 14):
defining two types of interception: before activity
(before) and after activity (after). Another work is At computation independent (CIM) business rules meta-
presented by Lee et al. in (2007) which suggest a state- models are proposed in the aim to define the vocabulary
driven specification of a business process for insert used to express the business rules. Indeed, the business
process states into a process model using process units, vocabulary definition can be textually done as
and separates the business rules from the process flow by terminologies by using structured English, as proposed
regarding the states as the milestones which indicate by the standard SBVR (Semantics of Business
where the rules are separated. Vocabulary and Business Rules) in (OMG, 2008). The
business vocabulary definition can also be done visually
The second works category tempts to extend the as conceptual class diagrams in UML, as proposed by
imperative languages in order to take into account the Wagner in (2005). Finally, the business vocabulary
business rules in process model. An example for this is definition can formally be done as predicate logic or as
presented by Charfi et al. in (2007) which propose to ontologies in RDF and OWL (Wagner, 2005).
model a business rules as an aspect. In this way, the
technique of aspect oriented programming can be used in At platform independent modeling (PIM) business rules
the aim to integrate the business rules within a BPEL languages are proposed in the aim to formalize rule
process engine. Another work is proposed by Van expressions. Indeed, the rules formalism used in these
Eijndhoven et al. in (2008) which suggest to uses languages depend to what categories of rule they
business rules and workflow patterns to model the represent. An example of theses the languages is OCL
process flow parts that are most variable in order to (OMG, 2003) which is uses to express integrity rules and
increase in flexibility of service oriented business derivation rules in conjunction with UML models.
processes. And also, the work of Boukhebouze et al. in PENELOPE (Goedertier et al., 2006) is another language
(2007) which proposes to identify business rules in a that uses the deontic logic to formalize the rules in terms
business process model by adding a "Rule" activity to of obligations and authorizations that feature business
BPEL. interactions. Note that, some general rule markup
languages are proposed. These languages can be used for
Despite the solutions provided by this approach which interchanging rules between different rule languages like
respond in some way to the problem of imperative RuleML (Schroeder et al. 2002) and R2ML (Wagner,
languages rigidity, they do not guarantee complete 2005). However, these languages are either generic or
flexibility including the impact of the change of a rule on specialized and in either case they are not appropriate for
the rest of the process. Moreover, experiments have defining a process since elements such as business
shown that organizations express their policies and activities, participants, event, just to cite a few are
regulations in business rules form using natural language execluded.
or adding text annotations in their models (Zur Muehlen
et al., 2007). However, the formulation of business rules Furthermore, according to Knolmayer et al. in (2000)
must be rigorous, concise and precise to ensure that these and Lu et al. in (2007) the reaction rules (ECA) are the
rules are unambiguous, coherent, and set out with a most adapted to model business rules. This is justified by
common business vocabulary. the fact that this kind of rules is easier to maintain and it
cover all other rules kinds (Integrity, deviation,
In this spirit, a second approach proposes to model the production, and transformation). This is done in various
logic of the process with a set of rules using declarative works, like the AgentWork framework of Müller et al. in
languages. These languages focus on what to do rather (2004), where ECA rules are used for temporal workflow
than how and that in describing the behavior of the management, or in the work of Zeng et al. in (2001) that
process in a way implied (Lu et al., 2007). In our work, considers a process as a set of tasks coordinated between
we are particularly interested in using a declarative them by ECA rules and use agents to encapsulate
language based on business rules so that the flexibility of services that perform the process tasks. Our work is
these processes can be achieved. Indeed, in the literature, positioned in this rule category.
 Rule-based modeling & verification of business processes

Figure 14: Rule languages at different levels of abstraction (Wagner, 2005)

Thus, the use of the ECA formalism is interesting to For representing the ECAPE rules set, we have proposed
model, in our framework, business processes. However, the new XML based language called RbBPDL.
in the aforementioned declarative process modeling
languages used this formalism, the modeling flexibility Finally, we proposed architecture, called BP-FAMA, for
with focus on the impact of a rule change on the rest of a rule-based modeling and verification of business process
process is not well looked into. Therefore, there is a need that use the new proposed model.
for a more powerful formalism that would allow a
complete definition of this relationship. This is way, we In the future, we aim to extend the model in order to
opted for the use of ECAPE formalism and RbBPDL propose a vocabulary meta-model. Another future aim is
language. to optimize the operational process by analyzing, in
diagnostic phase, the events historic.
At platform specific modeling (PSM) the execution rule
models is proposed in order to formalize the execution of
the rules set as ILOG JRules. However, these execution REFERENCES
rule models do not allow to have an explicate execution
scenario. As a result a more powerful paradigm is Boukhebouze.M, Amghar. Y, Benharkat.A.N. (2007) ‘BP-
deemed appropriate in order to translate, in an easy way, FAMA: business process framework for agility of
a business process into a formal model and ensure the modelling and analysis’. In ICEIS: 10th International
Conference on Enterprise Information Systems ICEIS,
process verification by allowing to building an execution Barcelona, SPA
scenario in an automatic way. This is way, we opted for
the use of ECAPE formalism and ECAPE net. Charfi.A, Schmeling.B, Mezini.M, (2007) 'Transactional BPEL
Processes with AO4BPEL Aspects.' in ECOWS 2007:
149-158
Dehnert.J, Zimmermann A. (2005). ‘On the suitability of
8 Summary correctness criteria for business process models.’ Proc. 3rd
Int. Conf. on Business Process Management (BPM 2005)
In this paper we proposed a new rule based model that Nancy, France, September 2005, pp. 386-391.
aims at tacking the following two issues: the
Eshuis.R, Dehnert.J, (2003) 'Reactive petri nets for workflow
implementation of business rules in a business process
modeling' in Application and Theory of Petri Nets 2003.
code makes this process rigid and difficult to maintain, Pages 296--315, Springer
and the lack of mechanisms to support the verification
Goedertier, S. and Vanthienen, J. (2006). ‘Designing compliant
process. For this reason, ECAPE formalism is used in
business processes with obligations and permissions’. In
order to describe a business using a set of business rules Eder and Dustdar (2006), pages 5–14.
that are translated into a graph of rule for managing the
Knolmayer, G., Endl, R., and Pfahrer, M. (2000). ‘Modeling
flexibility and ECAPE net for simulating the process Processes and Workflows by Business Rules.’ In Business
execution.
Boukhebouze Mohamed, Amghar Youssef, Benharkat Aïcha-Nabila and Maamar Zakaria

Process Management, Models, Techniques, and Empirical Russell.N, Van der Aalst.W.M. P., ter Hofstede.A.H. (2006).
Studies W. M. Aalst, J. Desel, and A. Oberweis, Eds. Exception Handling Patterns in Process-Aware
Lecture Notes In Computer Science, vol. 1806. Springer- Information Systems. BPM Center Report BPM-06-04 ,
Verlag, London, 16-29. BPMcenter.org, 2006.
Koshkina.M, van Breugel.F. (2004) ‘Modelling and verifying Schroeder. M, and Wagner. G, (2002) ‘Languages for Business
web service orchestration by means of the concurrency Rules on the Semantic Web’. In Proc. of the Int.
workbench.’ ACM SIGSOFT Software Engineering Workshop on Rule Markup Italy, June 2002. CEUR-WS
Notes, 29(5), September 2004. Publication Vol-60
Lee.S, Kim.T.Y, Kang.D, Kim.K, Lee.J.Y. (2003) Smith.H, Fingar.P. (2003). ‘Workflow is just a Pi process’,
‘Composition of executable business process models by Rapport Computer Sciences Corporation, Novembre 2003
combining business rules and process flows.’ in Expert Taveter.K, Wagner G., (2001) ‘Agent-oriented business rules:
Systems with Applications. Volume 33, Issue 1, July Deontic assignments’. In Proc. of Workshop on Open
2007, Pages 221-229 Enterprise Solutions: Systems, Experiences, and
Li.X. Marín.J.M, (2004) ‘Composite Event Specification in Organizations (OES-SEO2001)
Active Database Systems: A Petri Nets Approach.’ In: The Business Rules Group, (2002) ‘Defining Business Rules,
Kurt Jensen (Ed.): Proceedings of the Fifth Workshop and What are they really?‘ in www.businessrulesgroup.org,
Tutorial on Practical Use of Coloured Petri Nets and the July 2000.
CPN Tools, Aarhus, Denmark, October 8-11, 2004,
DAIMI PB - 570, pages 97-116. October 2004. The Workflow Management Coalition, (2005) ‘Workflow
Management Coalition Workflow Standard Process
Lu.R, Sadiq.S. (2007) ‘A Survey of Comparative Business Definition Interface: XML Process Definition Language.’
Process Modeling Approaches’. In BIS 2007: 82-9429 In the specification rapport (2005).
Müller, R., Greiner, U., Rahm, Erhard.: (2004) ‘AgentWork: a Van Breugel.F, M. Koshkina. (2006) ‘Models and Verification
Workflow System Supporting Rule-Based‘ Workflow of BPEL Rapport de recherche’, L’université de York.
Adaptation. In Data & Knowledge Engineering, Vol. Department of Computer Science and Engineering.
51(2) (2004) 223-256 Sptembre 2006.
OASIS, (2007) ‘Business Process Execution Language for Web Van der Aalst.W.M. (1998).’The Application of Petri Nets to
Services (BPEL4WS): Version 2.0.’ In BPEL4WS Workfow Management.’ The Journal of Circuits, Systems
specification report and Computers, 8(1):21{66, 1998.
Object Management Group, (2003) Object Constraint Van Eijndhoven.T, Iacob.M.E, Ponisio.M.L. (2008).
Language (OCL) in www.omg.org/docs/ptc/03-10-14.pdf ‘Achieving Business Process Flexibility with Business
Object Management Group, (2008) Semantics of Business Rules.’ In EDOC 2008: 95-104
Vocabulary and Business Rules (SBVR) in Wagner. G, (2005) ‘Rule Modeling and Markup’ in Reasoning
http://www.omg.org/spec/SBVR/1.0/PDF Web, 3564 ed, N. Eisinger and J. Maluszynski, Eds.
Ouyang, C., Verbeek, E., van der Aalst, W.M.P., Breutel, S., Msida, Malta: Springer, 2005, pp. 251-274.
Dumas, M. ter Hofstede, A.H.M., (2005). ‘WofBPEL: a Wagner. G, Giurca, A., Lukichev, S. (2006), ‘Modeling Web
tool for automated analysis of BPEL processes’. In ICSOC Services with URML.’ In proceedings of Semantics for
2005, International Conference of Service-Oriented Business Process Management Workshop, Budva,
Computing ,Berlin. Montenegro, June 2006
Pu.G., Zhao.X., Wang.S., and Qiu.Z. (2005) ‘Towards the Yang, Y., Tan, Q. Yu, J., Liu, F. (2005). ‘Transformation
semantics and verification of BPEL4WS.’ In Proceedings BPEL to CP-nets for verifying web services composition’.
of the International Workshop on Web Languages and In the International Conference on Next Generation Web
Formal Methods, volume 151(2) of Electronic Notes in Services Practices, Korea
Theoretical Computer Science, pages 33{52, New Castle,
UK, July 2005. Elsevier. Zeng, L., Ngu, A., Benatallah, B., O'Dell, M. (2001) ‘An
Agent-Based Approach for Supporting Cross-Enterprise
Regev.G, Soffer.P, Schmidt.R, (2006) ‘Taxonomy of Workflows.’ In proceedings of the 12th Australasian
Flexibility in Business Processes’. Seventh Workshop on Database Conference (ADC2001) (2001)
Business Process Modeling, Development, and Support In
conjunction with CAiSE’06
Rosenberg.F, Dustdar.S, (2005) 'Business Rules Integration in
BPEL – A Service-Oriented Approach' in Proceedings of
the Seventh IEEE International Conference on E-
Commerce Technology CEC 2005.