Architecture TutorialArchitecture Tutorial

Overview of Today’s Talks

• Provenance Data Structures

• Recording and Querying Provenance– Break (30 minutes)

• Distribution and Scalability

• Security

• Methodology

Architecture TutorialArchitecture Tutorial

Querying for Provenanceby Simon Miles (sm@ecs.soton.ac.uk)

Architecture TutorialArchitecture Tutorial

P-Structure

• To help execute queries about the past processes in an application, a provenance store categorises recorded p-assertions in a larger data structure

• The p-structure is a navigable hierarchy exposed through query interfaces of the provenance store.

Architecture TutorialArchitecture Tutorial

Collect p-assertions together in a view. • A view is the set of

assertions by 1 actor about 1 interaction.

• A view contains:– An actor identity– A set of p-assertions

• A view is one of two view kinds: sender or receiver

Donor DataCollector

User Interface

Architecture TutorialArchitecture Tutorial

Interaction Records

Architecture TutorialArchitecture Tutorial

Query Types

• There are two types of query over a provenance store:– A process documentation query is a query

over the p-structure to retrieve individual pieces of data, e.g. XQuery or XPath

– A provenance query is a query for the provenance of an entity, making use of the process documentation to determine this

Architecture TutorialArchitecture Tutorial

Provenance Queries

• Example provenance question:– What is the provenance of a donor organ’s

diagnosis?

• Or can be rephrased as…– Why was a potential donor organ accepted /

rejected for use?

• May be asked when a possible mistake was made, or just for regular auditing

• The results of a query is a subset of the recorded process documentation

Architecture TutorialArchitecture Tutorial

Provenance of Donor Diagnosis

DonationDecision Donor Data

CollectorUser Interface

Architecture TutorialArchitecture Tutorial

Provenance of Donor Diagnosis

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Architecture TutorialArchitecture Tutorial

Provenance of Donor Diagnosis

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Architecture TutorialArchitecture Tutorial

Provenance of Donor Diagnosis

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

EHCRRequest

EHCRSDonor Data

Collector

Is Response To

Testing LabDonor Data

Collector

Request BloodTests

Is Response To

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Architecture TutorialArchitecture Tutorial

Provenance of Donor Diagnosis

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

Data CollectionRequest Donor Data

CollectorUser Interface

EHCRRequest

EHCRSDonor Data

Collector

Is Response To

Was Caused By

Testing LabDonor Data

Collector

Request BloodTests

Is Response To

Was Caused By

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Request BloodTests Donor Data

CollectorUser Interface

Was Caused By

Architecture TutorialArchitecture Tutorial

Provenance Queries

• A provenance query is made up of two parts:– Query Data Handle

• Identifies the entity of which you want to find the provenance, e.g. the donor organ decision

– Relationship Target Filter• Scopes the query results, so that only a

manageable amount of relevant information is returned

Architecture TutorialArchitecture Tutorial

Query Data Handles

• Identifies a particular entity at the time of a particular event

• For example, a patient at the end of a transplant operation

• In our model, events are identified as the sending or receiving of messages

• The provenance of an entity is the process by which it came to be in the state it is in at that event

Architecture TutorialArchitecture Tutorial

Query Data Handles

• For a provenance store, a query data handle is a search within process documentation for a given documented entity

• Therefore, a query data handle is expressed as a search over the p-structure, e.g. in XPath

• In the example, the entity, the donation decision, is documented in the interaction between the User Interface and Donor Data Collector

DonationDecision Donor Data

CollectorUser Interface

Architecture TutorialArchitecture Tutorial

Relationship Target Filters

• To scope the results of a provenance query, a relationship target filter is used

• The filter is a function over an object of a relationship (a relationship target) returning true or false, depending on whether that object should be included in the results

Donor DataCollector

Testing Lab

TestResults

DecisionRequest

User InterfaceDonor Data

Collector

Test ResultsIs Based On

Architecture TutorialArchitecture Tutorial

Relationship Target

• The set of information about an object of a relationship– Relationship name– Data item content– Parameter name– Source and sink of interaction– Asserter identity– Provenance store location– View kind (sender/receiver)

Donor DataCollector

Testing Lab

TestResults

DecisionRequest

User InterfaceDonor Data

Collector

Test ResultsIs Based On

Architecture TutorialArchitecture Tutorial

Exclude“Is JustifiedBy”Relation

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

Data CollectionRequest Donor Data

CollectorUser Interface

EHCRRequest

EHCRSDonor Data

Collector

Is Response To

Was Caused By

Testing LabDonor Data

Collector

Request BloodTests

Is Response To

Was Caused By

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Request BloodTests Donor Data

CollectorUser Interface

Was Caused By

Architecture TutorialArchitecture Tutorial

ExcludeDonor DataCollectionParameter

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

Data CollectionRequest Donor Data

CollectorUser Interface

EHCRRequest

EHCRSDonor Data

Collector

Is Response To

Was Caused By

Testing LabDonor Data

Collector

Request BloodTests

Is Response To

Was Caused By

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Request BloodTests Donor Data

CollectorUser Interface

Was Caused By

Architecture TutorialArchitecture Tutorial

ExcludeProcessMarked withTracer

DonationDecision Donor Data

CollectorUser Interface

DecisionRequest

User InterfaceDonor Data

Collector

Donor DataCollector

Testing LabEHCR Donor Data

CollectorEHCRS

Patient(in Brain DeathNotification) Brain Death

ManagerUser Interface

Is Response To

Is Based On

Patient

TestResults

Test ResultsDonor Data Collection

Data CollectionRequest Donor Data

CollectorUser Interface

EHCRRequest

EHCRSDonor Data

Collector

Is Response To

Was Caused By

Testing LabDonor Data

Collector

Request BloodTests

Is Response To

Was Caused By

Is Decision On

JustificationReport Donor Data

CollectorUser Interface

Is Justified By

Request BloodTests Donor Data

CollectorUser Interface

Was Caused By

Architecture TutorialArchitecture Tutorial

Summary

• The p-structure is the schema of a provenance store and a categorisation of p-assertions

• The process documentation query interface allows querying actors to search and extract process documentation from the p-structure

• The provenance query interface allows querying actors to find the provenance of an application entity

• Querying for provenance involves following relationships back from the documentation of the entity, to find its causes

• Results are scoped to that relevant to the querier

Architecture TutorialArchitecture Tutorial

Questions?

Simon Miles

sm@ecs.soton.ac.uk