Design and validation of stateful composite RESTful web services

A web service is a software system that provides a machine-processable interface to the other machines over the network using different Internet protocols. They are being increasingly used in the industry in order to automate different tasks and offer services to a wider audience. The REST architectural style aims at producing scalable and extensible web services using technologies that play well with the existing tools and infrastructure of the web. It provides a uniform set of operation that can be used to invoke a CRUD interface (create, retrieve, update and delete) of a web service. The stateless behavior of the service interface requires that every request to a resource is independent of the previous ones facilitating scalability. Automated systems, e.g., hotel reservation systems, provide advanced scenarios for stateful services that require a certain sequence of requests that must be followed in order to fulfill the service goals. Designing and developing such services for advanced scenarios with REST constraints require rigorous approaches that are capable of creating web services that can be trusted for their behavior. Systems that can be trusted for their behavior can be termed as dependable systems. This thesis presents an integrated design, analysis and validation approach that facilitates the service developer to create dependable and stateful REST web services. The main contribution of this thesis is that we provide a novel model-driven methodology to design behavioral REST web service interfaces and their compositions. The behavioral interfaces provide information on what methods can be invoked on a service and the pre- and post-conditions of these methods. The methodology uses Unified Modeling Language (UML), as the modeling language, which has a wide user base and has mature tools that are continuously evolving. We have used UML class diagram and UML state machine diagram with additional design constraints to provide resource and behavioral models, respectively, for designing REST web service interfaces. These service design models serve as a specification document and the information presented in them have manifold applications. The service design models also contain information about the time and domain requirements of the service that can help in requirement traceability which is an important part of our approach. Requirement traceability helps in capturing faults in the design models and other elements of software development environment by tracing back and forth the unfulfilled requirements of the service. The information about service actors is also included in the design models which is required for authenticating the service requests by authorized actors since not all types of users have access to all the resources. In addition, following our design approach, the service developer can ensure that the designed web service interfaces will be REST compliant. The second contribution of this thesis is consistency analysis of the behavioral REST interfaces. To overcome the inconsistency problem and design errors in our service models, we have used semantic technologies. The REST interfaces are represented in web ontology language, OWL2, that can be part of the semantic web. These interfaces are used with OWL 2 reasoners to check unsatisfiable concepts which result in implementations that fail. This work is fully automated thanks to the implemented translation tool and the existing OWL 2 reasoners. The third contribution of this thesis is the verification and validation of REST web services. We have used model checking techniques with UPPAAL model checker for this purpose. The timed automata of UML based service design models are generated with our transformation tool that are verified for their basic characteristics like deadlock freedom, liveness, reachability and safety. The implementation of a web service is tested using a black-box testing approach. Test cases are generated from the UPPAAL timed automata and using the online testing tool, UPPAAL TRON, the service implementation is validated at runtime against its specifications. Requirement traceability is also addressed in our validation approach with which we can see what service goals are met and trace back the unfulfilled service goals to detect the faults in the design models. A final contribution of the thesis is an implementation of behavioral REST interfaces and service monitors from the service design models. The partial code generation tool creates code skeletons of REST web services with method pre and post-conditions. The preconditions of methods constrain the user to invoke the stateful REST service under the right conditions and the post condition constraint the service developer to implement the right functionality. The details of the methods can be manually inserted by the developer as required. We do not target complete automation because we focus only on the interface aspects of the web service. The applicability of the approach is demonstrated with a pedagogical example of a hotel room booking service and a relatively complex worked example of holiday booking service taken from the industrial context. The former example presents a simple explanation of the approach and the later worked example shows how stateful and timed web services offering complex scenarios and involving other web services can be constructed using our approach.

Management of Soft Information in Sales and Operations Planning

With a Sales and Operations Planning (S&OP) process, a company aims to manage the demand and supply by planning and forecasting. The studied company uses an integrated S&OP process to improve the company's operations. The aim of this thesis is to develop this business process by finding the best possible way to manage the soft information in S&OP, whilst also understanding the importance and types (assumptions, risks and opportunities) of soft information in S&OP. The soft information in S&OP helps to refine future S&OP planning, taking into account the uncertainties that affect the balance of the long-term demand and supply (typically 12-18 months). The literature review was used to create a framework for soft information management process in S&OP. There were not found a concrete way how to manage soft information in the existing literature. In consequence of the poor literature available the Knowledge Management literature was used as the base for the framework creation, which was seen in the very same type of information management like the soft information management is. The framework created a four-stage process to manage soft information in S&OP that included also the required support systems. First phase is collecting and acquiring soft information in S&OP, which include also categorization. The categorization was the cornerstone to identify different requirements that needs to be taken into consideration when managing soft information in S&OP process. The next phase focus on storing data, which purpose is to ensure the soft information is managed in a common system (support system) in a way that the following phase makes it available to users in S&OP who need by help of sharing and applications process. The last phase target is to use the soft information to understand assumptions and thoughts of users behind the numbers in S&OP plans. With this soft management process the support system will have a key role. The support system, like S&OP tool, ensures that soft information is stored in the right places, kept up-to-date and relevancy. The soft information management process in S&OP strives to improve the relevant soft information documenting behind the S&OP plans into the S&OP support system. The process offers an opportunity to individuals to review, comment and evaluate soft information in S&OP made by their own or others. In the case company it was noticed that without a properly documented and distributed soft information in S&OP it was seen to cause mistrust towards the planning.

Defining Sales and Operations Planning Process in an Environmental Management Company

Sales and operations research publications have increased significantly in the last decades. The concept of sales and operations planning (S&OP) has gained increased recognition and has been put forward as the area within Supply Chain Management (SCM). Development of S&OP is based on the need for determining future actions, both for sales and operations, since off-shoring, outsourcing, complex supply chains and extended lead times make challenges for responding to changes in the marketplace when they occur. Order intake of the case company has grown rapidly during the last years. Along with the growth, new challenges considering data management and information flow have arisen due to increasing customer orders. To manage these challenges, case company has implemented S&OP process, though initial process is in early stage and due to this, the process is not managing the increased customer orders adequately. Thesis objective is to explore extensively the S&OP process content of the case company and give further recommendations. Objectives are categorized into six different groups, to clarify the purpose of this thesis. Qualitative research methods used are active participant observation, qualitative interviews, enquiry, education, and a workshop. It is notable that demand planning was felt as cumbersome, so it is typically the biggest challenge in S&OP process. More proactive the sales forecasting can be, more expanded the time horizon of operational planning will turn out. S&OP process is 60 percent change management, 30 percent process development and 10 percent technology. The change management and continuous improvement can sometimes be arduous and set as secondary. It is important that different people are required to improve the process and the process is constantly evaluated. As well as, process governance is substantially in a central role and it has to be managed consciously. Generally, S&OP process was seen important and all the stakeholders were committed to the process. Particular sections were experienced more important than others, depending on the stakeholders’ point of views. Recommendations to objective groups are evaluated by the achievable benefit and resource requirement. The urgent and easily implemented improvement recommendations should be executed firstly. Next steps are to develop more coherent process structure and refine cost awareness. Afterwards demand planning, supply planning, and reporting should be developed more profoundly. For last, information technology system should be implemented to support the process phases.

The role of management accounting systems and venture capital investors for start-up firms

The role of star-up firms in economy and the importance of venture capital investors for the growth of start-up firms have been highlighted in recent years. The growth challenges of start-up firms consist of fast changing environment, the availability of venture capital funding and the development of firm management in the growth phase. A growing number of studies have focused on management accounting systems and venture capital in start-up and growth firm context. In this thesis the role of management accounting systems and venture capital investors is considered in the growth phase of firm development. The theoretical objective of this thesis is to construct a theoretical framework in order to describe the importance of management accounting systems and venture capital investors in start-up firms. The practice orientated objective of this thesis is to study the application of management accounting systems and management accounting based information in start-up firms in high-technology industry as well as the impact of venture capital for management accounting system design. In addition, the growth challenges of start-up firms are studied in order to understand the context in which management accounting systems are used. The research approach of theoretical part is conceptual as the theoretical framework is constructed by combining literature on firm growth, management accounting and venture finance in order to analyse the phenomenon. The action-orientated research approach is appropriate for analysing and describing of the studied phenomenon through empirical evidence. The empirical evidence was collected through interviews with three experts in start-up firm accelerator centers, four representatives of start-up firms and one venture capital investor. The results indicate that the growth challenges of stat-up firms are not related to the development of management accounting systems. Managers of start-up firms expressed a positive attitude towards management accounting systems that improve efficiency of operations. In start-up firms flexible and adjustable management accounting practices, such as budgets, cash flow calculations and future-orientated analysis tools, are applied that support planning and coordination of operations. The results indicate that venture capital investors affect the provision and the quality of management accounting information during the investment process. In addition, venture capital investors enhance the use of management accounting information for internal coordination in start-up firms. By applying the theoretical framework in the analysis, it can be stated that by acting as support function management accounting systems facilitate start-up firms development.

Development and Effect Analysis of the Asteri Consultative Auditing Process - Safety and Security Management in Educational Institutions

The Finnish legislation requires for a safe and secure learning environment. However, the comprehensive, risk based safety and security management (SSM) and the management commitment in the implementation and development of the SSM are not mentioned in the legislation. Multiple institutions, operators and researchers have studied and developed safety and security in educational institutions over the past decade. Typically the approach has been fragmented and without bringing up the importance of the comprehensive SSM. The development needs of the safety and security operations in universities have been studied. However, in universities of applied sciences (UASs) and in elementary schools (ESs), the performance level, strengths and weaknesses of the comprehensive SSM have not been studied. The objective of this study was to develop the comprehensive, risk based SSM of educational institutions by developing the new Asteri consultative auditing process and study its effects on auditees. Furthermore, the performance level in the comprehensive SSM in UASs and ESs were studied using Asteri and the TUTOR model developed by the Keski-Uusimaa Department for Rescue Services. In addition, strengths, development needs and differences were identified. In total, 76 educational institutions were audited between the years 2011 and 2014. The study is based on logical empiricism, and an observational applied research design was used. Auditing, observation and an electronic survey were used for data collection. Statistical analysis was used to analyze the collected information. In addition, thematic analysis was used to analyze the development areas of the organizations mentioned by the respondents in the survey. As one of the main contributions, this research presents the new Asteri consultative auditing process. Organizations with low performance levels on the audited subject benefit the most from the Asteri consultative auditing process. Asteri may be usable in many different types of audits, not only in SSM audits. As a new result, this study provides new knowledge on attitudes related to auditing. According to the research findings, auditing may generate negative attitudes and the auditor should take them into account when planning and preparing for audits. Negative attitudes can be compensated by producing added value, objectivity and positivity for the audit and, thus, improve the positive effects of auditing on knowledge and skills. Moreover, as the results of this study shows, auditing safety and security issues do not increase feelings of insecurity, but rather increase feelings of safety and security when using the new Asteri consultative auditing process with the TUTOR model. The results showed that the SSM in the audited UASs was statistically significantly more advanced than that in the audited ESs. However, there is still room for improvement in the ESs and the UASs as the approach to the SSM was fragmented. It can be assumed that the majority of Finnish UASs and ESs do not likely meet the basic level of the comprehensive, risk based the SSM.