istar 2013: using i* to represent oss ecosystems for risk assessment

Using i* to Represent OSS Ecosystems for Risk

Assessment Claudia Ayala, Xavier Franch, Lidia

López, Mirko Morandini, Angelo Susi

2

i* for Risk Assess. in OSS Ecosystems

Content

• Motivation

• Research Objectives

• Scientific Contributions

• Conclusions, Ongoing & Future Work

3


MOTIVATIONS

4


Motivation• OSS Strategic asset

Short-time to market Reduced development & maintenance cost …

• OSS Integration involves risks RISCOSS will provide some risk management

strategies for risk identification & mitigation• OSS Project composed by multiple “Actors”

RISCOSS wants to explore the Strategic Rationale behind the OSS Ecosystem

5


RISCOSS ProjectSpecification of risk identification, management

and mitigation methods

community-based and industry-supported Open Source Software (OSS) development,

composition and life cycle management

individually, collectively and collaboratively manage OSS adoption risks

for

to

6


RESEARCH OBJECTIVES

7


Research Objectives• COTS Adoption Processes: Well-defined

Guidelines for risk analysis, cost estimation & contract agreement

• OSS Adoption Process: Missing • OSS Community:

+1 business goal No service Agreement No “formal” roadmap Risks: lack of roadmap and ownership, unclear

responsibility and response time (bugs),…

8


One RISCOSS Main Objective• O1: Support Risk Assessment for OSS adoption

using i* framework … Understanding the OSS Ecosystem Evaluating risks

• Lack of ownership: strategic dependencies?• Lack of roadmap: community structure?

• … providing … Guidelines Measures

• … to support the decision process

9


SCIENTIFIC CONTRIBUTIONS

10


Scientific Contributions

• Ecosystem Patterns

• Levels of abstraction

• Guidelines for specification models &

repositories

• New modelling concepts

11


Ecosystem Patterns• Role: Producer, Consumer, Community• Setting: Industrial, Academia, Public

Administration• Business Strategy: from OSS collaboration to

exploitation• Business Process: adoption, migration,

consolidation, improvement

12


Level of Abstraction• Different level of detail (class/instance)

E.g. Instances for identifying heroes • 3 i* Diagrams

SA: OSS Ecosystem actor relationships SD: OSS Ecosystem actors dependencies SR: OSS Ecosystem actor & dependencies rationale

13


XWiki.org SA Diagram

14


XWiki.org SD Diagram

15


XWiki.org SR Diagram

16


Guidelines & Repository• RiSD Adaptation• Need to define

General guidelines for SR Specific guidelines related to OSS Ecosystems

Who is the “responsible” for the roadmap? How “companies” influences the community?

• Repository for OSS models For analysts to get project overview and identify

risks

17


New Modelling Concepts• Risk-related constructs

Risk, event, …• For dependencies:

No delegations/responsibilities, but “expectations”?

No duties, but “social norms”?

Available i* risk modelling approaches

18


CONCLUSIONS & FUTURE WORK

19


Conclusions• RISCOSS objective: Support decision making

related to the risk assessment in OSS adoption• i* for OSS Ecosystem models• Scientific Contributions

Ecosystem Patterns: Role, Setting, Business Strategy & Business Process

Levels of abstraction & SA Diagrams Guidelines for specification models & repositories New modelling concepts

20


Ongoing & Future Work• We …

Modeled RISCOSS 5 use cases (i*) Are analyzing these models in order to …

• Identifying potential patterns• Identify potential new modelling concepts

• Furthermore, we are … SLRs: OSS Ontologies, OSS Ecosystems & OSS Risks

• In order to… Define an ontology linked to the i* elements (UFO) Identifying risks, metrics & mitigation activities

Lidia Ló[email protected]

du

Hope you liked it!

22


i* Mapping

RISCOSS Ontology concepts i* Construct

Activity and all the Activity types Task

Actor and all the Actor types Actor

Community Actor

Resources and all the Resource types Resource

Role and all the Role types Actor

Property has-actor is-part-of link

Generalization/specialization hierarchies is-a link

23


RiSD for OSS Ecosystem RiSD RiSD for EcosystemsPhase II

Activity II.1 Identifying departing actors … including OSS Adopter and/or OSS Project as an actor

Activity II.2 Establish goal dependencies among actors

Activity II.3 Classify and rename dependumsActivity II.4 Check for new actors and

dependencies… no related to actor inside the OSS Adopter and/or OSS Project

Phase III

Activity III.1 Include Software System No ApplyActivity III.2 Identify subsystems (is-part-of

link)Identify OSS Adopter’s and/or OSS

Project’s actors (is-part-of link)

Activity III.3 Refine software system dependencies

Refine OSS Adopter and/or OSS Project’s actors dependencies

Activity III.4 Identify subsystems dependencies

Identify Adoper and/or OSS Project`s actors dependencies

Activity III.5 Classify and rename dependums

Activity III.6 Check for new actors and dependencies

… specializations and aggregations)

istar 2013: using i* to represent oss ecosystems for risk assessment

Technology

oss ecosystems oss risks

oss models

oss adoption i

oss collaboration

oss ontologies

oss ecosystemsi

oss ecosystemactivity

oss ecosystemsrisd