Compliance in service-oriented architectures (SOA) means in general complying with laws and regulations applying to a distributed software system. Unfortunately, many laws and regulations are hard to formulate. As a result, several compliance concerns are realized on a per-case basis, leading to ad hoc, handcrafted solutions for each specific law, regulation, and standard that a system must comply with. This, in turn, leads in the long run to problems regarding complexity, understandability,

more »

... maintainability of compliance concerns in a SOA. In this book chapter, we present a case study in the field of compliance to regulatory provisions, in which we applied our view-based, model-driven approach for ensuring the compliance with ICT security issues in business processes of a large European company. The research question of this chapter is to investigate whether our model-driven, view-based approach is appropriate in the context of the case. This question is generally relevant, as the case is applicable to many other problem of requirements that are hard to specify formally (like the compliance requirements) in other business cases. To this end, we will present lessons learned as well as metrics for measuring the achieved degree of separation of concerns and reduced complexity. 3