that combine other, possibly distributed, services, in order to achieve a given business
goal. Starting from the description of the external protocols (e.g., expressed as an abstract
BPEL4WS specification) and given a “business requirement” for the process (i.e.
the goal it should satisfy, expressed in a proper goal language), the planner synthesizes
automatically the code that implements the internal process and exploits the services
of the partners to achieve the goal. This code can be expressed in a process execution
language such as executable BPEL4WS.
Our planning techniques are also exploited to automatically generate a monitor of
the process, i.e., a piece of code that is able to detect and signal whether the external
partners do not behave consistently with the specified protocols. This is vital for the
practical application of web services. Run-time misbehaviors may take place even for
automatically composed (and possibly validated) services, e.g. due to failures of the underlying
message-passing infrastructure, or due to errors or changes in the specification
of external web services.
In order to achieve these results, our planner must address the following difficulties,
which are typical of planning under uncertainty:
– Nondeterminism: The planner cannot foresee the actual interaction that will take
place with external processes, e.g., it cannot predict a priori whether the answer to
a request for availability will be positive or negative, whether a user will confirm or
not acceptance of a service, etc.
– Partial Observability: The planner can only observe the communications with
external processes; that is, it has no access to their internal status and variables. For
instance, the planner cannot know a priori the list of items available for selling from
a service.
– Extended Goals: Business requirements often involve complex conditions on the
behavior of the process, and not only on its final state. For instance, we might require
that the process never gets to the state where it buys an item costing more than the
available budget. Moreover, requirements need to express conditional preferences
on different goals to achieve. For instance, a process should try first to reserve
and confirm both a flight and an hotel from two different service providers, and
only if one of the two services is not available, it should fall back and cancel both
reservations.
We address these problems by developing planning techniques based on the “Planning
as model checking” approach, which has been devised to deal with nondeterministic domains,
partial observability, and extended goals.Aprotocol specification for the available
external services is seen as a nondeterministic and partially observable domain, which
is represented by means of a finite state machine. Business requirements are expressed
in the EaGLe goal language [8], and are used to drive the search in the domain, in order
to synthesize a plan corresponding to the internal process defining the web-service
composition. Plan generation takes advantage of symbolic model checking techniques,
that compactly represent the search space deriving from nondeterministic and partially
observable domains. These are also exploited to produce compact monitoring automata
that are capable to trace the run-time evolution of external processes, and thus to detect