Finding Non-compliances with Declarative Process Constraints Through Semantic Technologies

. Business process compliance checking enables organisations to assess whether their processes fulﬁl a given set of constraints, such as regulations, laws, or guidelines. Whilst many process analysts still rely on ad-hoc, often handcrafted per-case checks, a variety of constraint languages and approaches have been developed in recent years to provide automated compliance checking. A salient example is D E - CLARE , a well-established declarative process speciﬁcation language based on temporal logics. D ECLARE speciﬁes the behaviour of processes through temporal rules that constrain the execution of tasks. So far, however, automated compliance checking approaches typically report compliance only at the aggregate level, using binary evaluations of constraints on execution traces. Consequently, their results lack granular information on violations and their context, which hampers auditability of process data for analytic and forensic purposes. To address this challenge, we propose a novel approach that leverages semantic technologies for compliance checking. Our approach proceeds in two stages. First, we translate D ECLARE templates into state-mentsinSHACL,agraph-basedconstraintlanguage.Then,weevaluatetheresulting constraintsonthegraph-based,semanticrepresentationofprocessexecutionlogs. Wedemonstratethefeasibilityofourapproachbytestingitsimplementationonreal-worldeventlogs.Finally,wediscussitsimplicationsandfutureresearchdirections.


Introduction
Declarative business process specification approaches rely on a normative description of processes' behaviour by means of inviolable rules. Those rules, named constraints, exert restrictions on the process behaviour. DECLARE [1], Dynamic Condition Response Graphs (DCR Graphs) [24], and the Case Management Model and Notation (CMMN) 3 are examples of such declarative process specification languages. Declarative process discovery is the branch of the process mining discipline [2] aimed at extracting the constraints that specify a process by their verification over execution data, namely event logs. To date, research in the area has mainly focused on devising of efficient algorithms for mining constraints verified in the event log [9,32,14,11]. All of these approaches return constraints that are never (or rarely) violated in the event log, thus implicitly assuming that rarity corresponds to noise. Similarly, approaches have been proposed to verify the compliance and conformance of event logs with declarative process specifications [39,30,29,28], indicating whether and to what extent constraint sets are satisfied by process executions.
However, it is often not sufficient to solely assess whether constraints are satisfied or not. Especially in cases with rare exceptions, knowing when and why certain constraints are violated is key. Those circumstances apply in many scenarios: To mention but a few, inspecting the root cause of enactment errors [15], deriving digital evidence of malicious behaviour [25], identifying the origin of drifts in the process [31], or identifying illicit inflows into digital currency services [26].
Against this background, we leverage semantic technologies for the verification and querying of event logs, in an approach that (i) checks whether they comply with provided declarative process specifications, and (ii) if not, reports on the cause of violations at a finegrained level. We evaluate our technique by applying our prototype to real-world event logs. We empirically show the insights into detected violations provided by detailed reports. The opportunities brought about by the use of semantic technologies go well beyond the promising results presented in this vision paper. We thus endow the discussion on the evaluation of our approach with considerations on potential improvements over the current achievements, especially in regard to further semantic analyses of the current results.
The remainder of the paper is structured as follows. Section 2 provides an overview of the literature on declarative process mining and semantic technologies. Section 3 describes our approach, i.e., its workflow and components, from the bare event log to its semantic representation and reasoning. Section 4 evaluates and discusses the feasibility of the approach against real-life logs. Section 5 concludes the paper and highlights future research directions.

Background and State of the Art
Our approach draws on two main strands of research: on the one hand, it is grounded in state-of-the-art process mining techniques for declarative specifications; on the other hand, it adopts validation concepts developed in the semantic web research community and applies them to fine-grained compliance checking. Declarative process mining. A declarative process specification defines a process behaviour through a set of temporal rules (constraints) that collectively determine the allowed and forbidden traces. Specifically, constraints exert conditions that allow or forbid target tasks to be executed, depending on the occurrence of so-called activation tasks. A declarative specification allows for any process executions that do not violate those constraints. Each constraint is defined using a template that captures the semantics of the constraint, parametric to the constrained tasks. The number of parameters denote its cardinality. DE-CLARE [1] is a well-established declarative process specification language. Its semantics are expressed in Linear Temporal Logic on Finite Traces (LTL f ) [10]. It offers a repertoire of templates extending that of the seminal paper of Dwyer et al. [16]. Table 1 shows some of those. RESPONSE, for example, is a binary template stating that the occurrence of the first task imposes the second one to occur eventually afterwards. RESPONSEpa,bq applies the RESPONSE template to task a and b, meaning that each time that a occurs in a trace, b is expected to occur afterwards. ALTERNATERESPONSEpa,bq is subsumed by RESPONSEpa,bq as it restricts the statement by adding that a cannot recur before b. PRECEDENCEpa,bq switches activation and target as well as the temporal dependency: b can occur only if a occurred before. NOTSUCCESSIONpa,bq establishes that after a, b cannot occur any more. Finally, PARTICIPATIONpaq is a constraint stating that in every process execution, a must occur. It applies the PARTICIPATION unary template. The fundamental input for process mining is the event log, i.e., a collection of recorded process executions (traces) expressed as sequences of events. For the sake of simplicity, we assume events to relate to single tasks of a process. The eXtensible Event Stream (XES) format is an IEEE standard 4 for the storage and exchange of event logs and event streams, based on XML. In declarative process mining, constraints are verified over event logs to measure their support (i.e., how often they are satisfied in the traces), and optionally their confidence (i.e., how often they are satisfied in traces in which their activation occurs), and interest factor (i.e., how often they are satisfied in traces in which both activation and target occur) [32,14]. Table 1 reports traces that satisfy or violate the aforementioned constraints. For instance, a trace like caacb satisfies RESPONSEpa,bq (increasing its mining measures) but violates ALTERNATERESPONSEpa,bq (decreasing it). Although a trace like bcc satisfies RESPONSEpa,bq, it does not contribute to its confidence or interest factor, since the activation (a) does not occur. Support is thus an aggregate measure for compliance as those traces that do not comply with a constraint, decrease its value. Semantic web technologies provide a comprehensive set of standards for the representation, decentralised linking, querying, reasoning about, and processing of semantically explicit information. We mainly base our approach on two elements of the semantic web technology stack: (i) the Resource Description Framework (RDF), which we use as a uniform model to express process information, declarative constraints, and validation reports, and (ii) the SHACL Shapes Constraint Language (SHACL), which provides a constraint specification and validation framework on top of RDF. In the following, we provide a brief overview of both these standards. RDF is a data representation model published by the World Wide Web Consortium (W3C) as a set of recommendations and working group notes. 5 It provides a standard model for expressing information about resources, which in the context of the present paper represent traces, tasks, events, actors, etc. An RDF dataset consists of a set of statements about these resources, expressed in the form of triples xs,p,oy where s is a subject, p is a predicate, and o is an object; s and o represent the two resources being related whereas p represents the nature of their relationship. Formally, we define an RDF graph G as a set of RDF triples pv 1 ,v 2 ,v 3 q P pU YB YLqˆUˆpU YB YLq where: U is an infinite set of constant values (called RDF Uniform Resource Identifier (URI) references); B is an infinite set of local identifiers without defined semantics (called blank nodes); and L is a set of values (called literals). For instance, a trace expressed in RDF may contain a statement such as eventA xes:nextEvent eventB to describe the temporal relationship between two particular events. A key advantage of RDF as a data model is its extensible nature, i.e., additional statements about eventA and eventB can be added at any time, adding concepts and predicates from various additional, potentially domain-specific vocabularies.
Furthermore, ontology specification languages such as the Web Ontology Language (OWL) 6 can be used to more closely describe the semantic characteristics of terms. Although beyond the scope of the present paper, this extensible semantic web technology stack opens up opportunities for the use of reasoners in compliance checking and in the interpretation of violations (e.g., generalisations, root cause analyses, etc.) [17,4]. Other benefits of RDF include interoperability, i.e., information expressed in RDF using shared vocabularies can be exchanged between applications without loss of meaning. Furthermore, it makes it possible to apply a wide range of general purpose RDF parsing, mapping, transformation, and query processing tools.
Finally, once transformed into RDF, information (such as process information and compliance checking rules) can be easily published online, interlinked, and shared between applications and organisations, which is particularly interesting in the context of collaborative processes. SHACL is a W3C Recommendation and language for validating RDF graphs against a set of conditions. 7 These conditions are specified in the form of RDF shape graphs which can be applied to validate data graphs. SHACL thereby provides a flexible declarative mechanism to define arbitrary validity constraints on RDF graphs. Specifically, these constraints can be formulated using a range of constraint components defined in the standard, or as arbitrary constraints implemented in SPARQL Protocol and RDF Query Language (SPARQL). 8 Validation of a data graph against a shapes graph produces a validation report expressed in RDF as the union of results against all shapes in the shapes graph. Importantly, compliance checking in SHACL is performed gradually by validating each individual so-called focus node against the set of constraints that apply to it. Compliance checks therefore produce detailed validation reports that not only conclude whether a data graph conforms globally, but also reports on the specific violations encountered. In the context of process compliance checking, this provides a foundation to not only determine whether a process trace conforms, but to also report on the specific declarative rules that are violated. Semantic approaches to compliance checking. Several approaches have been developed to support organisations in their compliance efforts, each offering their own functional and operational capabilities [5,22]. The underlying frameworks, such as Process Compliance Language (PCL) [20], DECLARE [1], and BPMN-Q [3], offer different levels of expressiveness, and consequently, varying reasoning and modelling support for normative requirements [23]. Three main strategies for business process compliance checking have been proposed in the literature to date [22]: (i) runtime monitoring of process instances to detect or predict compliance violations (runtime compliance checking, online monitoring, compliance monitoring); (ii) design-time checks for compliant or non-compliant behaviour during the design of process models; (iii) auditing of log files in an offline manner, i.e., after the process instance execution has finished. Based on DECLARE, techniques such as the one described in [34] can discover declarative models, use them to check process compliance, and apply the model constraints in online monitoring. Presently, however, all reported result are at the granularity of a trace, without pointing at the cause. Remarkably, Maggi et al. [33] apply the outcome of that technique to repair BPMN [15] process models according to the constraints to which an event log is not compliant.
In our approach, we implement DECLARE constraints with semantic technologies. Related work on semantic approaches in process mining include Thao Ly et al. [38], which presents a vision towards life-time compliance. The authors motivate the creation of global repositories to store reusable semantic constraints (e.g., for medical treatment). and advocate the importance of intelligible feedback on constraint violations. This includes the reasons for the violations, to help the user to devise strategies for conflict avoidance and compensation. Furthermore, the results of semantic process checks must be documented. In our paper, we address these requirements. To reason about the data surrounding a task, semantic annotations of tasks are introduced in [21,19] as logical statements of the PCL language over process variables, to support business process design. Governatori et al. [18] show how semantic web technologies and languages like LegalRuleML (based on RuleML) 9 can be applied to model and link legal rules from industry to support humans in analysing process tasks over legal texts. They apply semantic annotations in the context of a regularity compliance system. To that end, they extend their compliance checker Regorous [21] with semantics of LegalRuleML. An approach to include additional domain knowledge to the process perspective is introduced in [39]. The authors extract additional information from domain models and integrate this knowledge in the process compliance check. Pham et al. [36] introduce an ontology-based approach for business process compliance checking. They use a Business Process Ontology (BPO) and a Business Rules Ontology (BRO) including OWL axioms and SWRL 10 rules to model compliance constraints. They do not, however, systematically translate compliance rules as in our approach, and mention that performance is a key problem with standard reasoners. Our focus is different from the work presented in that our main aim is not to validate process models against rules, but to verify declarative specifications on existing process executions.
A Folder-Path enabled extension of SPARQL called FPSPARQL for process discovery is proposed in [6]. Similarly, Leida et al. [27] focus on the advantages of process representation in RDF and show the potential of SPARQL queries for process discovery. Our approach also builds on semantic representations of process data but explores how compliance checking can be conducted with semantic technologies.

Approach
Our approach applies a set of semantic technologies, including SHACL on event logs to check their compliance with DECLARE constraints. 11 As depicted in Fig. 1, the SHA-CLARE compliance checking workflow is composed as follows. We generate SHACL compliance constraints for a target process from a set of DECLARE constraints. To this end, we translate the DECLARE constraints through respective SHACL templates. Because SHACL constraints can only be validated against RDF graphs, we next transform the event log into RDF. This step takes an event log in XES format as input and produces a traces file in RDF. At this point, we have all necessary inputs to perform the SHACL compliance check, which results in a detailed report on each constraint violation.
DECLARE to SHACL. In this first step, we generate SHACL compliance constraints for a target process. As input, we take a set of DECLARE constraints, which can be automatically discovered with tools such as MINERful [12]. Table 2 shows an excerpt of the declarative constraints retrieved by MINERful from the real-life Sepsis event log [35]. We then use the RDF Mapping language (RML) 12 to map each constraint (e.g., ALTERNATERESPONSEpAdmission IC,CRPq) to the respective DECLARE RDF data model elements (available at http://semantics.id/ns/declare).
To enable SHACL validation on DECLARE constraints, we developed a complete set of SHACL templates to represent the DECLARE ones. Specifically, we analysed the DE-CLARE constraint semantics and derived a set of equivalent SHACL constraint templates, similarly to what Schönig et al. [37] did with SQL. These SHACL templates are publicly available at http://semantics.id/resource/shaclare as documents written using the RDF Turtle notation. 13 Listing 1 shows an excerpt of SHACL template that represents 11 Hence, we call it SHACLARE. 12 http://rml.io/RMLmappingLanguage 13 https://www.w3.org/TR/turtle/ Listing 1: SHACL template excerpt for ALTERNATERESPONSE ALTERNATERESPONSE in RDF Turtle notation. Lines 1-4 list the namespaces used in the templates. In addition to the standard rdf, rdfs, and shacl vocabularies defined by the W3C, we introduce the following vocabularies: (i) desc: provides a set of properties and parameters used in the template, which are specific to the SHACLARE approach, (ii) dec: defines the RDF classes and properties to describe the DECLARE language, and (iii) xes: provides the terms used to represents XES data in RDF. Line 5 contains a placeholder that will be replaced by the name of the particular DECLARE constraint instance during the compliance checking runtime. Lines 6-7 signify that the constraint will be validated against instances of class xes:Trace. Lines 8-9 specify that the SHACL constraint will evaluate ALTERNATERESPONSE, while line 12 provides a template for the violation constraint message. Lines 14-34 are the main part, representing the ALTERNATERESPONSE DECLARE constraint template in its SHACL-SPARQL representation. Subsequently, we translate the DECLARE constraints into SHACL constraints by injecting the constraint parameters Activation and Target in the SHACL template. All generated SHACL constraints are stored in memory for later execution, but also get persisted as a SHACL shape graph in the RDF Turtle .ttl format as a reference.
From XES to RDF. The transformation takes as input an event log in XES format and translates it in RDF. To that end, we developed an XES RDF vocabulary (available at http://semantics.id/ns/xes), which provides the terms and concepts to represent XES data in RDF. We transform into main classes the basic XES objects: (i) xes:Log for the complete event log, (ii) xes:Trace to refer to individual traces, and (iii) xes:Event for single events. In addition to those classes, we define a set of data properties for the optional event attributes, such as xes:timestamp and xes:transition. Object properties (relation) bind together the elements, e.g., xes:hasTrace to relate xes:Log and xes:Trace, and xes:hasEventList to relate an xes:Trace and an rdf:List that contains event sequences.
SHACL compliance checking. Given the SHACL DECLARE constraints () and the RDF event log (), we have all the required input to run the SHACL Compliance Checking component. All generated SHACL constraints are grouped according to their template (e.g., ALTERNATERESPONSE) and subsequently checked one by one by a SHACL validation engine. The result of a SHACL validation is an RDF graph with one ValidationReport instance. In case the conforms attribute of a ValidationReport is false, a result instance provides further details for every violation, including: (i) focusNode, which points to the trace in which the violation occurred; (ii) sourceShape, linking the SHACL constraint instance which triggered the result; (iii) resultMessage, explaining the reason for the constraint violation with a natural-language sentence.

Evaluation
To demonstrate the efficiency and effectiveness of our compliance checking approach, we developed a proof-of-concept software tool, available for download at gitlab.isis. tuwien.ac.at/shaclare/shaclare. In this section, we report on its application on publicly available real-world event logs. In particular, we focus on the report produced on a specific event log to demonstrate the capability of SHACLARE to provide detailed insights into compliance violations. The experiment environment, as well as the full set of input and output files are available on the aforementioned SHACLARE GitLab project page.
The prototype. The prototype is implemented in Java, using a number of open source libraries, 14 including (i) Apache Jena, for RDF Graph manipulation and processing, (ii) OpenXES, for accessing and acquiring XES data into RDF Graph, (iii) caRML, for acquiring RDF representation of DECLARE constraints, and (iv) the TopBraid SHACL engine, for compliance checking. Based on the SHACLARE approach description in Section 3, the following functions are available: translation of DECLARE to SHACL constraints, translation of XES event logs to its RDF Graph representations, and compliance checking of event logs against defined constraints. Insights into violations. The steps are illustrated on the example of the Sepsis treatment process event log [35]. That event log reports the trajectories of patients showing symptoms of sepsis in a Dutch hospital, from their registration in the emergency room to their discharge. Because of the reported flexibility of the healthcare process [35] and its knowledge-intensive nature, it is a suitable case for declarative process specification [13].
After running our prototype with the mined DECLARE constraints and the Sepsis event log as inputs, we receive as output the compliance report, the traces in RDF, and the set of checked constraints in SHACL (cf. Fig. 1). Those files form the basis of our analysis. We thus import the report and trace triples in GraphDB 15 to query and visualise the result data structures. An excerpt of non-compliant validation results is shown in Table 3.
Next, we explore why particular constraints are violated. For instance, the constraint ALTERNATERESPONSEpAdmission IC,CRPq dictates that after every admission at the Intensive Care unit (Admission IC), a C-Reactive Protein test (CRP) must be performed later on, and the patient should not be admitted again at the IC before the CRP. As it can be noticed in Table 2, the support of the constraint is high (0.974), therefore we are interested in understanding what event(s) determined its violation. We thus extract the event xesi:event/A657AD0E-AD65-4E6F-B141-871A8C340B37 signalled by the report and visualise it from the XES RDF representation. Figure 2(a) depicts a graph with the violating event and the connected events from its trace. We observe that the violation is due to the fact that the two events are swapped in the trace (CRP occurs before Admission IC). The right-hand side in the screenshot features a sample of metadata on the selected event (the violating activation, namely Admission IC). The tool allows us to scroll through all available properties and navigate through the trace, thus providing the user a powerful tool to inspect the violations in detail. Similarly, Fig. 2(b) shows that despite the high support of PRECEDENCEpCRP,Return ERq in the event log (0.996 as per Table 2), in one trace it was recorded that the patient was discharged and sent to the emergency room (Return ER), although no CRP took place before.
The analysis can be further extended through the integration of additional context information on the traces, which may be specified in domain-specific vocabularies. Furthermore, the by-products and results of our approach can be utilised for further analyses via semantic technologies. This can provide a rich interpretation context for the qualitative analysis of constraint violations. An important aspect is that it is possible to use all the metadata information directly in the SHACL constraints or later on in a SPARQL query. Therefore, the analysis is readily extensible beyond the control flow perspective. The investigation of those extensions draws future plans for our research, outlined in the next section.

Conclusion and Future Work
In this vision paper, we proposed a novel approach for compliance checking leveraging semantic technologies, named SHACLARE. In particular, we provide a set of templates to translate DECLARE constraints into SHACL constraints, and subsequently validate them against a graph representation of XES process execution data. Thereby, we overcome a typical limitation of existing compliance checking approaches, which lack granular information on violations and their context. The compliance reports SHACLAREprovides contain links to the respective traces, as well as to the events triggering constraint violations. Due to the semantically explicit representation, we can easily query and visualise connected events and inspect all metadata provided in the original log files. The preliminary results attained illustrate how our approach could be used and extended further for auditability of event logs. This new approach opens opportunities for future work in various directions. We aim at leveraging Linked Data frameworks so as to conduct compliance checking over multiple process data sources beyond single event logs, inspired by the seminal work of Calvanese et al. [8]. In that regard, the checking of richer constraints encompassing perspectives other than the usual control flow (i.e., data, time, resources, etc.) [7], draws our future research endeavours, driven by the capabilities readily made available to that extent by SHACL and SPARQL. This paper analysed the compliance checking setting, thus the analysis of constraints violations. If the goal is also to analyse the relevance of satisfaction, verification of a formula is not sufficient and the vacuity problem must be taken into account [12]. We will investigate how our approach can be extended to tackle this problem. Online compliance checking is another topic of interest. It would be worth exploring how SHACL constraints can be checked in a streaming fashion, potentially based on stream reasoning engines. In addition, we aim to further (automatically) enrich the metadata extracted from the log data, using Natural Language Processing (NLP) and ontologies. From a formal analysis viewpoint, we will investigate the semantic equivalence of the SHACL constraints with respect to DECLARE LTL f formulas, and more generally the expressive power of those languages. Finally, additional compliance checking tools could be developed to provide users with easy-to-use and feature-rich options to adopt this approach in their process management strategies.