Risk-Based Decision Support in Service Value ...

Risk-Based Decision Support in Service Value Networks Wibke Michalk, Benjamin Blau, Jochen St¨oßer and Christof Weinhardt Institute of Information Systems and Management Universit¨at Karlsruhe (TH) Englerstr. 14, 76131 Karlsruhe, Germany [email protected] Abstract

to cooperatively and dynamically provide business value to customers. Thus, SaaS providers are enabled to offer their services highly flexible and to dynamically combine these services. As recent outages of major service providers like Google2 , Salesforce3 or Amazon Web services4 have shown, the risk of failing to execute or deliver services as agreed is business critical. Hence, a crucial point for a service provider in an SVN is the decision about the optimal (in a sense that will be discussed below) combination and number of contractual agreements with other service providers (suppliers) and consumers that ensures feasibility of service execution as well as profit. This work aims at developing a model for the risk-based selection of contractual partners in SVNs. To this end, the contribution of this work is threefold:

The current trend towards dynamic and highly scalable service provisioning fosters the rise of Software as a Service (SaaS) platforms and so called Compute Clouds. The on-demand provisioning of services gains more and more influence. For offering enriched services that are capable of performing complex tasks, the dynamic composition of such services becomes important. In order to enable the collaboration between different service providers, technical and economic preliminaries have to be made. This work will cover economic considerations from the viewpoint of a service provider. Therefore, the concept of Service Value Networks is presented and an agreement network as underlying legal structure is illustrated. Finally, an approach that enables a service provider to select the risk-minimal combination of contracts is elaborated and discussed.

• We present a comprehensive framework for modeling SVNs, i.e. the entities in such a network and how they collaborate in order to provide a complex business service.

1 Introduction

• Based on this framework and building on work from finance about portfolio selection, we develop a model for the risk-based selection of contractual partners in SVNs.

In recent years, technical and business developments have led to trends such as Software as a Service (SaaS) and the emergence of platforms and markets for Web services in the wider sense. Arguably, the currently most popular example for these trends is Salesforce’s AppExchange platform where customers can choose from a wide range of interoperable services, which are offered by multiple providers . Such platforms ultimately enable the dynamic composition of multiple simpler services to a more complex overall service that can implement sophisticated business logics1 . Consequently, there is a shift away from traditional fixed business processes towards loosely-coupled, self-organized, collaborative networked organizations. So called Service Value Networks (SVNs) aim to provide complex services

• The applicability of this model is illustrated by means of a numerical example. This paper is structured as follows. The application scenario is presented in depth in Section 2. Section 3 introduces a formal model for measuring risk in SVNs. At the core of this paper, Section 4 introduces the risk-based selection of contractual partners and illustrates the model with a 2 http://www.pcworld.com/article/164946/google outage lesson dont get stuck in a cloud.html 3 http://www.thewhir.com/web-hostingnews/010809 Salesforce Outage Draws Cloud Criticism 4 http://www.datacenterknowledge.com/archives/2009/07/19/outagefor-amazon-web-services/

1 http://www.salesforce.com/appexchange/

1

concrete example. Section 5 concludes this work and points to questions for future research.

2 Scenario This section will first give an introduction to SVNs and explain their emergence, components and intent. Afterwards, the contracts that form the basis for SVNs are taken into consideration. Hence, the interaction of contracts motivates the need for a model that allows for the risk-based selection of contractual partners.

2.1

Service Value Networks

The idea of static value chains is gradually giving way to highly agile networked structures that are constantly changing. Companies increasingly tend to engage in networked value creation, which allows each network participant to focus on its core strengths and competencies. Companies in such ecosystem-like environments can leverage know-how and capital assets of partners while at the same time spreading risk and sharing investment cost. Focusing on core competencies does not put constraints on the company or limit its reach. In contrary, by re-aggregating with partners, a network of companies can broaden its range of customer attraction. Especially in complex and highly dynamic industries, forming such open networks, which are oftentimes called business webs or service value networks (SVNs) in the literature (cf. [6],[12] , [13], [11]), is an attractive strategic alternative. Specialized firms coopetitively contribute modules to an overall value proposition under the presence of network externalities. To foster a fundamental understanding of the SVN concept, 1 depicts the main components and their interdependencies in a simplified manner. An SVN consists of a set of service providers (p ∈ P ) that supply a portfolio of service offers (o ∈ O). Each service provider can have multiple service offers, indicated by an ownership relation. Furthermore, the service provider is defined by the set of services (sp ∈ S) he is able to provide and the resource constraints (Lp ) imposed on the provider e.g. by available hardware. The example in Figure 1 shows a service value network with four service offers (o1 , o2 , o3 , o4 ) that are provided by three service providers (p1 , p2 , p3 ). Service offers that are substitutes – which provide roughly similar functionality – are clustered in socalled candidate pools (y ∈ Y ). Service offers that are compatible, this is, they are interoperable regarding their interfaces and input and output capabilities, expose a composition relation. Such a composition exhibits a graph-like structure that is directed and acyclic starting from a source node and ending at a sink node. Each feasible connected set of service offers within this graph is called a path and

represents a possible instantiation of a complex service that consists of functionality from each candidate pool (cf. [3]). According to the example in Figure 1 a complex service can be instantiated either by a composition of o1 and o2 or o1 and o4 or o3 and o4 . The final outcome of a service value network is a complex service, i.e. a sequence of modularized service offers from a set of iteratively arranged candidate pools (cp. Figure 1). While simple services may provide functions such as credit checking and authorization, inventory status checking, or weather reporting, complex services may combine distributed business functionality to provide a whole range of automated processes such as insurance brokering, travel planning, insurance liability services or package tracking [9]. A complex service is composed of multiple primitive services, often requiring interactions between the user and the services [8].

2.2

Service Provisioning

Recalling the SVN presented in Figure 1, service providers provide several service offers that are connected among each other by composition relations and hence form a network-like structure. This enables service providers to provide complex services in a flexible way to customers in service value networks. In order to provide these services, providers conclude contracts on the execution of services and the provision of results among each other. These contracts specify the quality of service (QoS) and are commonly called service level agreements (SLAs). The structure resulting from contracts between service providers in service value networks as depicted in Figure 2 is considered in this work. An agreement network consists of a set of service providers p ∈ P that are linked to each other by SLAs α ∈ A. Each service provider can have multiple agreements, even with the same contractual partner. The number and kind of contracts is only limited by the resource constraints Lp associated with the service provider p. Additionally, a service provider may also act as customer in SLAs. The example in Figure 2 shows an agreement network with six service providers that are connected by seven SLAs in total. Components and roles related to the agreement network are explained in the following sections. Variables used for the specification of service value networks and agreement networks are outlined in Table 1.

2.3

Service Definition and Service Offers

According to [5], a service groups endpoints that implement a common interface. Endpoints specify the address under which a certain communication interface may be reached, where protocol and data format for execution

p1

p2

Caption

p3

p

Service Provider Ownership Relation

o1

o2

o

Service Offer Composition Relation Source Node

Sink Node

o3

o4 Candidate Pool y

Complex Service

yb

ya

Figure 1: Service Value Network Model



Caption






 
 


p p

p 

i

p


 


  





  

p  


 
  

p 

p 

Figure 2: Agreement Network Model

Notation α A Lp o O p P φs s S y Y

Meaning Service Level Agreement set of SLAs resource constraints of service provider p service offer o = s, p set of service Offers service provider set of service providers functional description of a service s service s = (φs ) set of services candidate pool set of candidate pools

Table 1: Variables used in SVNs and agreement networks

steps and exchanged messages are defined. Therefore, the description of a service has to account mainly for the provided functionality. In order to reflect this information, a service may be defined as s ∈ S: (φs ), where φs is a set of functions describing the service by means of its capabilities as stated in [10]. Capabilities comprise a functional description of what the service is able to perform (e.g. that the service can translate into English language) as well as how the service is executed (e.g. the support of different encryption algorithms) [2]. A service enquiring the stock of a certain good (e.g. screws) may be defined as φs = (StockRequest, StockAmount). The capability-based definition of a service was chosen following the Web Service Description Language (as defined in [5]), determining that a Web Service consist of an abstract and a concrete part. The abstract part comprises optional data-type definitions, messages that will be exchanged between Client and Server and an interface definition. The concrete part that constitutes implementation issues like wire-format or the URL the Web Service may be reached won’t be taken into account here. The XML-description of the inventory service according to WSDL may look as follows: ...

2.4

Service Level Agreements

In order to reach an agreement, a service provider places an offer answering a customer’s request. The offer combines information on the service provider p ∈ P and the service s ∈ S. Hence, the offer o is denoted as o ∈ O: S × P . The service execution is driven and monitored according to the agreement concluded with the customer. Following WS-Agreement [1], an SLA is described by its context, service terms and guarantee terms and hence is defined as α ∈ A : (o, θ, Lα , fα (s), µα ), where o is the offer on service s placed by provider p and θ denotes the customer. Lα constitutes the Service Level Objectives represented by attribute-value-pairs Lα = (lα1 = v1 , · · · , lαn = vn ) that have to be met by the contracting partners (similar to KPIs as introduced by [1]). fα (s) denotes the price charged by p for the execution of s and µα determines the penalty agreed upon that has to be paid by service provider p in case of a failure. Assuming service provider p wants to make an agreement on the inventory service as defined in Section 2.3, the service provider answers a consumer’s offer on the execution of the inventory service and agrees on Service Level Objectives (e.g. a maximum throughput of 10 Mbit/s) and a price (e.g. 20$). Hence, the SLA α on the inventory service is defined as: α : (inventory Service, p), customer, Max Throughput = 10, fα (invs erv) = 20) An example SLA in XML-notation is shown below: theta p1 AgreementResponder

Notation fα (s) lα Lα µα θ

Meaning price for service s in SLA α attribute in SLA α set of attributes in α penalties in SLA α customer Table 2: Variables used in SLAs

http://example.com/InventoryService/wsdl max Throughput 10 Price 20

Time 1 2 3 4 5 6 7 8 9

SLA α1 x x x x x x ?

SLA α2 x x x x x x x

SLA α3

?

x x x x ?

% of Failure λt 0 0 0.5 1 0.48 0.89 0.9 0.5 ?

Table 3: Extract of Service Provider’s Failure Monitoring

An important factor for the decision on the optimal SLA set is the exact specification of the SLA and the respective KPIs and prices. Attribute instantiations, prices and penalties are taken for granted in this work. Hence, a service provider p may choose from a certain set of predefined SLAs which one(s) to conclude. These predefined SLAs may differ in single attribute values or even the provided service. Furthermore, a service provider is able to conclude more than one SLA per predefined type. In order to find the optimal combination of contracts to be concluded by p, a measure of efficiency is introduced. Participants in service value networks are selfish and try to maximize their profit. Furthermore, participants are assumed to be risk-averse. Hence, the optimal SLA portfolio will be reached by choosing the risk-minimal set of contracts while taking side constraints into account. These side constraints are resource constraints such as maximum available storage as well as budget constraints describing a minimum payoff the provider wants to achieve. Therefore, the following questions arise: 1. What is risk for a service provider in a service value network? 2. What factors influence risk? 3. How can dependencies between service level agreements be reflected?

Table 2 summarizes the variables used in the SLA context.

The following sections are going to answer these questions. Finally, this work will propose a formal risk-minimizing optimization model taking the questions into account.

3 Measuring Risk

3.1

A service provider p in an agreement network is able to conclude multiple agreements that may differ in aspects such as contract partner, role, provided service, attribute instantiation, etc. Hence, the decision problem a service provider is confronted with may be formulated as follows: • What is the optimal combination of SLAs to be concluded for service provider p?

Prerequisites

A service provider p that participates in an agreement network G concludes contracts that describe the quality level of the service to be executed. Facing the challenge of new SLAs to be made a service provider p is aware of the inherent risk of failing to execute the service in the agreed way. For instance, Google, Salesfoce or Amazon Web services would want to know a way to estimate the risk of outages for future SLAs to be concluded. The evaluation of this

risk of failure is crucial for p as outages or failures will result in penalties that p has to pay. Hence, service providers’ risk measure in service value networks has to account not only for the probability of failure but as well for the penalties that will result from a failure. A concept that is used for calculating risk of security portfolios originating from finance research takes the expected revenue as well as its volatility (the return’s variance) into account. Using the variance of return as a measure of risk implies that more fluctuating securities are valued more insecure. Analogously, risk will be calculated in service value networks. Here, the variance of failure will be the measure of risk indicating that a more fluctuating failurevalue induces more insecurity and that higher oscillation results in disproportionately higher precariousness. The concept of semi-variance introduced by [7] modifies the variance by only taking into account those variations of the mean that actually create risk. For security portfolios, only returns below the mean return are considered, indicating that only returns below the expectations induce risk. Regarding providers in service value networks, only probabilities of risk higher than the mean are allowed for. The following section will give an example of the calculation of risk for a given SLA combination.

3.2

Risk in Service Value Networks

. Therefore, the expected penalties for the SLA combination α1 , α2 amount to: ¯ γ ∗ µγ = E(µγ ) = λ P

Let SE (γ) = {

t

1.9 ∗ 4 = 1.9 4 + 2

qt ∗ ((λt ∗ µγ − E(µγ )) ) |Xγ (λt ) =

1 ∧ Xγ c (λt ) = 0} denote the semi-variance of failure, where γ = α1 , α2 . As mentioned above, the semi-variance according to [7] takes into account those deviations from E(µγ ) really imposing risk on the service provider p. Therefore, let (λt ∗ µγ − E(µγ ))+ = ½ 0 (λt ∗ µγ − E(µγ ))

, (λt ∗ µγ − E(µγ )) ≤ 0 , else.

Based on the expected penalties that have been calculated in the example, the semi-variance may be computed as follows: SE (α1 , α2 )

+ 2

+ 2

= 12 ((0 · 4 − 1.9) ) + 41 ((0.9 · 4 − 1.9) ) + 2

+ 41 ((1 · 4 − 1.9) ) 2

2

2

= 12 (0) + 41 (1.7) + 41 (2.1)

= 0.7225 + 1.1025 = 1.825

After having given a definition of risk for a service provider in an SVN, two open issues as stated in Section 3 remain: the factors influencing risk and a way to reflect dependencies existing between SLAs or rather the co-execution of services as agreed in SLAs. The factors influencing failures and hence risk may be identified by performing a service outage analysis according to ITIL as presented in [4]. Causes for outages or failures are assumed to be either technical failures as well as software failures and overload. Technical failures include hardware failures such as broken LAN cables or hard-disk failures and will be taken into account here as well as software failures and overload that concerns load-specific failures occurring due to number and kind of executed services α∈A to this, the expected penalties for an SLA combination γ reand hence depending on the SLA-combination γ that was ¯ γ µγ . Assume service provider p wants sults in E(µγ ) = λ chosen. These factors are considered as risk in the risk meato calculate the expected penalties for γ = α1 , α2 based on sure at hand. the monitored data shown in Table 3. As a first step, p will A service provider p having to decide on the SLA comreduce the table to those entries affecting the combination bination γ to conclude knows about the existence of de¯ γ andµγ are α1 , α2 - i.e. lines 1, 2, 4 and 7. Afterwards, λ pendencies among KPIs agreed on. Dependencies may excalculated as follows: ist SLA-internally as well as across SLAs. An example for an internal dependency may be found between the atP λ 0 + 0 + 0.9 + 1 t tributes throughput and response time: the higher the agreed ¯γ = { λ |Xγ (λt ) = 1∧Xγ c (λt ) = 0} = #{λt } 4 throughput in MBit/s, the lower the response time, as the data transport will be completed faster. Cross-SLA deX pendencies constitute the possibility of failure propagation µγ = µα Xα = 2 · 1 + 2 · 1 + 3 · 0 along the path in an SVN: if one provider violates the agreed α∈A In order to measure the risk of failure a service provider monitors his performance by means of percentage of failure depending on the SLA combination agreed upon and stores this private data (cf. Table 3). Based on these recordings, the mean probability of failure reflecting the respective P SLA configuration may be calculated as follows: ¯ λγ = { #{λλtt} |Xγ (λt ) = 1 ∧ Xγ c (λt ) = 0}, where γ denotes a certain SLA combination, lambdat describes the relative failure for an SLA combination γ in timeslot t. In order to incorporate the consequences of a failure, the mean ¯ γ is multiplied by the penalties that probability of failure λ P µα Xα . Due result from the SLA combination γ: µγ =

completion time, the completion time of the subsequent service will be affected as well. As these dependencies are very complex to monitor and to detect, the model at hand will not formulate dependencies explicitly. In contrast, it is assumed that a higher resource utilization and more dependencies among attributes and SLAs lead to higher percentages of failure. Hence, dependencies are incorporated implicitly by means of semi-variances that directly reflect the SLA combination, attribute instantiation and hence the correlation among attributes in the respective combination. The risk-minimizing optimization model emerging by consideration of the above concepts will be presented in the following section.

3.3

Notation γ Γ λ¯γ λt µgamma π(Xγ ) qt SE t Xγ , Xα

Meaning possible solution Set of possible solutions, Γ = P mean failure for γ relative failure in timeslot t penalty for γ expected profit of γ incidence rate semi-variance, risk timestep decision variable

Table 4: Variables used for risk minimization

½

Optimization Model

, where Xγ =

A service provider p about to decide which combination γ of SLAs to conclude faces constraints he has to consider besides minimizing the risk. On the one hand, a provider has scarce resources such as disk space or maximum bandwidth. On the other, a provider is selfish and wants to gain profit from the execution of services for customers. Service Level Objects to be allowed for in the SLA combination γ may not violate the service provider’s resource constraints Lp . Hence, for each resource, one equation is formulated as follows: X Lα · Xα ≤ Lp , α∈A

Where Xα defines a decision variable implying whether SLA α belongs to the risk-minimal SLA combination and hence is allocated. Xα is defined as ½ 1 if α is allocated Xα = 0 else The expected profit from an SLA combination γ is calculated by taking into account the charged price(s) fα (s), the internal costs c(s) incurring on the service provider as well as the expected penalties and hence are included in the decision model as follows: X π(Xγ ) = (fα (s) − c(s)) · Xγ − E(µγ ). α∈A

Consequently, the following risk-minimizing optimization problem emerges argminγinΓ SE (Xγ ) subject to ~g (l) ≤ 0

(1)

Xα ∈ {0, 1}

(2)

with

Xα 0

if α ∈ γ and else   g1 (γ)  g2 (γ)   g(γ) =   ···  gm (γ)  g1 (γ) ≤ 0  g2 (γ) ≤ 0      ··· gm−1 (γ) ≤ 0 

constituting the resource constraints gi (γ) =

P α∈γ

Lα ·Xα −

Lp and gm (γ) denoting the expected payoff. Variables used in the context of risk minimization are summed up in Table 4.

4 Agreement Selection In order to visualize how a service provider p makes his choice for a certain SLA combination γ, the decision process is exemplified. Assume, p = (s1 , s2 , maxT hroughput = 15, Πp = 2) is the service provider having internal costs for service execution of c(s1 ) = 2, c(s2 ) = 3. p is able to conclude three types of SLAs (α1 , α2 , α3 ): • α1 ∈ A : (p1 , s1 , θ1 , T put = 5, fα (s) = 4, µα = 2) • α2 ∈ A : (p1 , s2 , θ2 , T put = 10, fα (s) = 5, µα = 2) • α3 ∈ A : (p1 , s1 , θ3 , T put = 6, fα (s) = 4, µα = 3) Additionally, the mean failure based on the extract of the service provider’s monitoring, as shown in Table 3, for every possible combination l is depicted in Table 5. As a first step, the resource constraints are controlled for each SLA combination γ. Due to the maximum possible throughput of 15 Mbit/s, γ = (α2 , α3 )(with a sum of 16

SLA comb. α1 α2 α3 α1 , α2 α1 , α3 α2 , α3 α1 , α2 , α3 none

Mean failure 0.12 0.25 0.15 0.475 0.29 0.49 0.89 0

Table 5: Mean failures depending on γ

SLA comb. α1 α2 α3 α1 , α2 α1 , α3

Expected Profit 1.76 1.5 1.7 2.1 2.55

Table 6: Expected Profits

Mbit/s) and γ = (α1 , α2 , α3 )(21 Mbit/s) are eliminated as these combinations violateLp = 15M bit/s. Next, the expected profit depending P on the SLA combination is calcu(fα (s) − c(s))·Xγ −E(µγ ). Calculated as π(Xγ ) = α∈A

lating the expected payoff for γ = (α1 , α2 = for instance, is achieved through the following computation πα1 ,α2

= 4 + 5 − (2 + 3) − 0.475 · (2 + 2) = 9 − 5 − 1.9 = 2.1

Analogously, the expected profits are computed for the remaining SLA combinations and depicted in Table 6. According to the expected profits shown in Table 6, the only two SLA combinations meeting the requirements of a profit πγ ≥ 2are γ = (α1 , α2 ) and γ = (α1 , α3 ). Finally, the risk for each of the two remaining SLA combinations is calculated as presented in Section 3.2 and the γ incurring the lower risk is chosen. As shown in Section 3.2, the risk for γ = (α1 , α2 ) amounts to 1.825. Analogously to the risk calculation in Section 3.2, the value for γ = α1 , α3 is computed, assuming the penalties as declared above (µα2 = 2, µα3 = 3). The monitoring for (γ = (α1 , α3 )) is depicted in Table 7, supposing, the monitoring started earlier than the one shown in Table 3. Hence, the expected penalty amounts to E(µγ ) =

0.5 + 0.08 ∗ µγ = 0.29 ∗ µγ = 0.29 ∗ 5 = 1.45 2

Time ... 8 9

SLA α1 x x ?

SLA α3 x x ?

% of Failure λt 0.08 0.5 ?

Table 7: Failure for γ = (α1 , α3 )

and hence, the risk is calculated as follows SE (Xα1 , Xα3 )

= 21 ((0.5 · 5 − 1.45)+ )2 + 21 ((0.08 · 5 − 1.45)+ )2 = 12 ((2.5 − 1.45)+ )2 = 0.55125

As SE (α1 , α3 ) < SE (α1 , α2 ), the SLA combination γ = (α1 , α3 ) is chosen.

5 Conclusion and Outlook In this paper, we introduced a concept of highly agile network structures of service providers that offer services and hence jointly generate value in Service Value Networks. This framework was presented in order to enable the mapping of increasingly emerging dynamic cooperations of service providers to in a formal representation. Additionlly, we proposed the underlying legal structure that is needed in order to manage the cooperation of service providers and the quality and kind of service execution by means of SLAs. Agreement networks represent the legal basis of Service Value Networks and hence reflect legal and economic bindings between service providers. Based on this framework, the risk that a service provider is exposed to in Service Value Networks was defined. Furthermore, a methodology for calculating a provider’s risk in an SVN was proposed. This methodology enables a service provider, who considers to participate in the provision of a complex service, to evaluate the risk of doing so. Additionally, the transferability of a risk measure stemming from finance research and usually being applied for security portfolio riskmeasurement according to [7] into the research area of service provision was shown. An optimization program was formulated in order to enable a service provider to choose the risk-minimal SLA combination γ from a given set of SLA types to conclude. For illustration purposes, an example was given that visualized the selection of agreements in a Service Value Network. The proposed risk-measure enables a service provider in a heterogenous, dynamic environment, such as SVNs, to select the exact SLA combination γ that will impose the lowest risk on him while considering resource constraints and profit requirements. Despite these positive properties, the risk measure exhibits few remarkable drawbacks. First, the choice of the risk-minimizing SLA combination γ only allows for a threshold value for expected profit. It does not

reflect provider’s preferences on risk and profit by means of a tradeoff. Furthermore, the computation of a solution including every possible combination of SLAs to be concluded is highly computational complex and hence offers possibilities of optimization. As a next step, the proposed risk measure will be evaluated against different benchmarks in order to review its performance. Therefore, a system, where dependencies between SLA attributes are expressed explicitly will be set up. Thereby, a theoretical optimal solution incorporating explicit dependencies may be found and compared to the “black box” solution at hand. The degree of deviation will give an indication on the quality of the risk measure presented in this work. Furthermore, the return resulting from risk-based selection will be compared to profit-oriented selection of SLAs that doesn’t consider risk at all. Finally, different risk measures will be compared to each other by means of resulting profit, risk-optimal solution but as well concerning computational issues such as complexity and time elapsing during the calculation of the optimal solution. Besides the above mentioned ways of benchmarking, the decision problem will be extended to a case, when more than one SLA per type may be concluded, that is to say, the decision variable Xα will be converted from a binary to an integer variable. In order to account for a choice based on a trade-off between expected profit and risk, utility functions incorporating mean and variance will be introduced. Hence, a service provider is able specify his preferences on risk and profit. Additionally, two other decision problems will be addressed. As a first approach, the provider will be enabled to optimize a given SLA portfolio by means of altering Service Level Objectives in order to achieve risk-minimization or a better resource consumption. Second, a different point of view will be highlighted. A consumer will be offered a risk-based selection of service providers based on past events.

References [1] Alain, Karl, A. Dan, K. Keahey, H. Ludwig, T. Nakata, J. Pruyne, J. Rofrano, S. Tuecke, and M. Xu. Web services agreement specification (ws-agreement), 2007. [2] S. Arroyo, C. Bussler, J. Kopecky, R. Lara, A. Polleres, and M. Zaremba. Web service capabilities and constraints in wsmo. Technical report, 2004. [3] B. Blau, J. Kraemer, T. Conte, and C. van Dinther. Service value networks. In Proceedings of the 11th IEEE Conference on Commerce and Enterprise Computing, 7 2009. [4] J. V. Bon. Release and Control for IT Service Management, Based on ITIL: A Practitioner Guide. Van Haren Publishing, 2007.

[5] E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana. Web services description language (wsdl) version 1.1. [6] H. Iii. Spider versus spider. The McKinsey Quarterly, (1):5, 1996. [7] H. Markowitz. Portfolio Selection: Efficient Diversification of Investments. Wiley, 1991. [8] S. A. McIlraith, T. C. Son, and H. Zeng. Semantic web services. IEEE Intelligent Systems, page 53, 2001. [9] M. P. Papazoglou and J. Dubray. A survey of web service technologies. Technical report, 2004. [10] S. Speiser, B. Blau, S. Lamparter, and S. Tai. Formation of service value networks for decentralized service provisioning. In 6th International Conference on Service Oriented Computing, 2008. [11] F. Steiner. Formation and Early Growth of Business Webs: Modular Product Systems in Network Markets. PhysicaVerlag Heidelberg, 2004. [12] D. Tapscott, A. Lowy, and D. Ticoll. Digital Capital: Harnessing the Power of Business Webs. Harvard Business School Press, 2000. [13] A. Zerdick, A. Picot, K. Schrape, A. Artope, K. Goldhammer, U. T. Lange, E. Vierkant, L. Escobar, and R. Silvertone. E-economics. Strategies for the Digital Marketplace. Springer, 2000.