Presents a more expansive view of "stakeholders" in systems design, specifically beyond purely human notions. Produced for use by the IEEE P7000 working group "Model Process for Addressing Ethical Concerns During System Design."
1. Stakeholders in Systems Design
Identify, Model, Service, Audit, Defend
CC BY-SA Attribution ShareAlike
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 1
2. Stakeholder study is conventionally
part of requirements engineering.
Requirements engineering is often lightly developed in systems development organizations.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 2
3. Identification
Stakeholder identification process can be (too) casual
Are a single retail customer’s dependents and relatives also stakeholders?
What is different about an enterprise customer?
Stakeholders can be internal to an enterprise
Not unusual to have both internal and external stakeholders
Big Data => more external, hard-to-anticipate stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 3
4. Warning
A stakeholder is not necessarily beneficial or even benign
Stakeholders can sue you
Stakeholders can be regulators
Stakeholders can be domestic or foreign governments
Competitors can be stakeholders (Lack of confidence in an entire sector can affect revenue,
viability)
Some conventional stakeholder notions are weak: Pub/Sub fails because some stakeholders are
producers, others are consumers, and still others do both
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 4
5. Casual Elicitation, Identification
Casual doesn’t write code, but can help elicit requirements and identify stakeholders.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 5
6. Stakeholder Identification:
Reality Check
Excel is not a mature engineering tool but works well when paired with a savvy analyst.
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 6
7. Simple (Simplistic?) Approaches
Still Prevail
A stakeholder is an actor in a story
Storytelling can be as simple or as complex as human discourse
Vignettes can include nominal stakeholders as well as outliers and exceptions
Storytelling is essential for situation awareness, central to decision support systems
Some developers may not be good at recognizing / honoring stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 7
8. Casual Stakeholder Elicitation Processes
Study existing “business” processes and ecosystems
Ask current “users”
Follow the money (i.e., on whom are resources being spent?)
Stakeholder mapping: As casual as the analyst doing it
Exploit risk, security, safety, quality frameworks
Constraint-based (Jastram M. & Kara, A.)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 8
9. Less Casual Identification Methods
More detailed, deeper granularity, but not necessarily “code”
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 9
10. Stakeholder Elicitation: Deeper Dives
Unpack transactions (the “Who” in Who, What . . . )
Study policy groups in Active Directory and LDAP (existing, proposed)
Extract from discipline-specific Body of Knowledge, e.g., accounting, civil engineering,
cybersecurity, law
Dataflow Model: User Interface “touch”
“Acceptance Testing” (Test for value)
Study BPMN and SysML adoption (rare)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 10
11. Stakeholder as Agent
Mature concept in software engineering
Encompasses software-based and human agents
Distributed systems agent approach is IoT-friendly
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 11
12. Stakeholders in
Model Based Software Engineering
Stick figures in UML
MBSE Advantages
MBSE Adoption Prospects
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 12
13. Stakeholders in SysML
“With version 1.4 SysML provides a model element for stakeholders. The stakeholder has a name
and a list of stakeholder concerns. The concerns are comment model elements. The relationship
between the stakeholder and the comments has no notation. The SysML model element
stakeholder extends the UML classifier, i.e. a stakeholder could be a special actor as well as a
special block. The stakeholder is defined in the context of the view and viewpoint concept. It is
not the common stakeholder known from requirements engineering.”
Credit: OOSE @OOSENews
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 13
14. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 14
In SysML 1.4, viewpoint has some updated properties:
• concernLIst is a list of concerns of the stakeholders that should be addressed
by this viewpoint. Each concern is modeled by a comment. There is a
relationship notation defined between viewpoints and comments.
• concern is a derived property that lists the bodies of the comments of the
concernList.
• method is a derived property that shows the behavior that is used to create
the view. It is derived from the behavior of the constructor of the viewpoint
(see below).
• language specifies a list of languages used to express the models that
represent content which is represented by the view.
• presentation defines a prescription of the format and style of the view.
• stakeholder is a list of stakeholders whose concerns are to be addressed by
the view.
15. SysML for Forest Fire Detection System
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 15
16. SysML Viewpoints (notional)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 16
17. Builder’s Intentions
Other significant meanings for Stake-holder
Transparency Portals
Promises, Promises and Terms of Use
Image Via Wikipedia
[]
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 17
18. Stakeholder Contract Models
Electronic Health Record Consent
Genomics Research: Genetics testing and “Precision Medicine”
IT Administration (think “root” access)
Cross-, Inter-organizational (think Big Data)
Populations impacted by AI or data science analytics
Consent withdrawal, expiration, transfer, delegation
Management by exception
Regulated vs. Voluntary
Corporate Merger/Acquisition
Software contracts (e.g., Blockchain contracts)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 18
19. Stakeholder Attributes: A Flyover
Person or Agent
Pointer to value construct
Workflow stage / position (BPML terminology?)
Role as attribute (e.g., role-based controls from RBAC security )
Non-role attributes (e.g., attribute-based controls from ABAC security)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 19
20. Views of Stakeholders
Stakeholders must be integrated into system-aware contexts
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 20
21. Stakeholders in Agile Development
Stakeholders in user stories
Canonical or cross-domain user stories
Domain-specific user stories
Design patterns for user stories
(?) Proxy stakeholder role in test engineering, QA, configuration management
(?) Proxy stakeholder engagement in continuous improvement
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 21
22. Modeling and Simulation of Stakeholders
M&S has relatively mature standards, but not often used in systems design
Simulate traceability, impact of value “breach”
May prove essential for DevOps
Scalability matters to stakeholders (think Healthcare.gov)
Model impact of compromised values (e.g., operationalize risk, forensics, mitigation playbooks)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 22
23. Possible P7000 Implications
Jumping off points for discussion
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 23
24. Next Steps?
Collect use cases, esp. with workflow-, life cycle stage-dependent nuance
E.g., disabled access in smart building design (OpenBIM ontology)
Study connections to various life cycle standards
Identify stakeholder design patterns
Possible subgroup / subtopic affiliations: model-based engineering
Identify useful work in other standards
New concepts?
“Value Defense,” analog of “Network Defense”
“Value Resilience,” analog of “Systems Resilience”
Value Audit, Value Forensics, Value Breach
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 24
25. Stakeholder Mapping Tables
Map Stakeholder to:
Value matrix
Risk matrix
Safety matrix (risk + mitigation measures)
Compliance
Dependency Model
Software Component (UI, portal, communications text, module, interoperability)
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 25
26. Special Problems
Abandoned systems and components
Microservices for stakeholder visibility
Stakeholder Service Orchestration
Problems with stakeholder self-service expectations, workflow, fallback/failover
Point-in-time policy management is hard; automation doesn’t always help
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 26
27. Related Initiatives
Sustainability
Regulatory goals (e.g., CAFÉ standards)
Professional Associations (cites .NE. endorsement)
e.g., Int’l Society for Ethics and Information Technology
Society for Business Ethics
Int’l Society for Environmental Ethics
Society of Corporate Compliance & Ethics
Assistive Technology Industry Association
IQ International (Information and Data Quality)
NGOs
Electronic Freedom Foundation
Transparency International
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 27
28. Multi-discipline: Related Professions
Quality Engineering
Law (Compliance, Audit, Risk)
Project Management
Cybersecurity
Marketing and Social Media (outreach)
Knowledge Management, Education/Training
Software Engineering
Framework architects
Best practices influencers
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 28
29. Some References
See CiteULike http://www.citeulike.org/user/knowlengr/tag/ieee_p7000
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 29
30. Notes
BPMN “OMG® has guided the standardization of BPM throughout the years. In particular, the
consortium adopted the Business Process Model & Notation (BPMN) specification. BPMN acts as
a common language, allowing an organization to interoperate amongst all of its stakeholders.”
SysML Views and Stakeholders
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 30
31. Contacts for Followup
Mark Underwood dark@computer.org | Prof. Ali G. Hassani hessami@vegaglobalsystems.com
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 31