DiALog: A Distributed Model for Capturing Provenance and Auditing Information

Service-oriented systems facilitate business workflows to span multiple organizations (e.g., by means of Web services). As a side effect, data may be more easily transferred over organizational boundaries. Thus, privacy issues arise. At the same time, there are personal, business and legal requirements for protecting privacy and IPR and allowing customers to request information about how and by whom their data was handled. Managing these requirements constitutes an unsolved technical and organizational problem. The authors propose to solve the information request problem by attaching meta-knowledge about how data was handled to the data itself. The authors present their solution, in form of an architecture, a formalization and an implemented prototype for logging and collecting logs in service-oriented and cross-organizational systems. DOI: 10.4018/jwsr.2010040101 2 International Journal of Web Services Research, 7(2), 1-20, April-June 2010 Copyright © 2010, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. tion about the processing and whereabouts of his data. The answer must contain details defined by the contract or law (e.g., who processed the data as well as why and how the data has been processed). The answer can be generated in different ways, e.g., by modeling and observing the distributed data processing. However, the answer can only be generated, if the model and the observation facilitate a detailed overview of the processing. Most frequently such an overview is lacking, even for internal workflows and data storage. Hence, we require a model of the distributed processing of data in service-oriented systems in combination with a distributed mechanism for logging in service-oriented systems to collect the needed information and answer the request. Existing logging mechanisms, like the Extended Log File Format (HallamBaker et al., 1996) or syslog (Lonvick, 2001), are not sufficient to gain a full overview of a workflow that is distributed among multiple organizations, because they perform logging only in one execution environment. Because of the diversity of execution environments and because of a lack of standardized interfaces for exchanging logs, aggregating distributed logs remains a challenge. In the following we present DIALOG (DIstributed Auditing LOGs) and sticky logging. DIALOG is a method for auditing the distributed processing of data in service-oriented systems. Sticky logging monitors the processing of data items (independent of the actual business process) attaching the logs directly to the processed data as metadata. Furthermore, sticky logging allows for the reconstruction of how the data was processed by whom and why following the specification of DIALOG. Thus, sticky logging is a generic middleware for distributed logging. The paper is organized as follows: First, we present a scenario and analyze requirements for collecting information about the processing of private data in service-oriented systems. Following the requirements, we discuss various models for distributed processing of data. Then we introduce DIALOG and define notions of soundness and completeness relevant for the auditing in distributed systems. Based on DIALOG we present the architecture and a prototype1 implementation of sticky logging. Before we eventually discuss our approach and conclude, we compare it with related work.