ATAM Evaluation in Practice — A Complete Walkthrough with Linked.Archi¶
This article walks through a complete ATAM (Architecture Tradeoff Analysis Method) evaluation using the full Linked.Archi ecosystem. It demonstrates how the core ontology, three extensions, ISO standards, and two frameworks compose into a single coherent evaluation — from governance trigger through utility tree construction to risk identification and decision recording.
This is the most cross-cutting scenario in Linked.Archi, touching:
- Core —
arch:Stakeholder,arch:Model,arch:Viewpoint,arch:QualityAttribute - Decisions extension —
ad:Decision,ad:QualityAttributeRequirement(QAS),ad:Force,ad:Option - Processes extension —
ap:ArchitectureProcess(governance workflow) - Reference Architecture extension —
refa:Pattern,refa:Tactic - ATAM framework —
atam:ATAMEvaluation,atam:UtilityTree,atam:TradeoffPoint,atam:ArchitecturalRisk - ISO 25010 — quality attribute definitions
- ISO 42020 — architecture governance process alignment
- TOGAF — ADM Phase G (Implementation Governance) alignment
The Scenario¶
A financial services company is modernizing its payment processing platform. The solution architect has proposed a microservices architecture with an API gateway, event-driven processing, and a distributed data layer. Before implementation begins, the Architecture Review Board requires a formal ATAM evaluation to identify risks and tradeoffs.
Step 1 — The Governance Process Triggers the Evaluation¶
The ATAM evaluation is part of the organization's architecture governance process, aligned with ISO 42020 Architecture Evaluation and TOGAF ADM Phase G.
@prefix ap: <https://meta.linked.archi/arch-processes#> .
@prefix atam: <https://meta.linked.archi/atam/onto#> .
@prefix arch: <https://meta.linked.archi/core#> .
@prefix skos: <http://www.w3.org/2004/02/skos/core#> .
@prefix ex: <https://model.example.com/payment-atam#> .
# The governance process
ex:ArchEvaluationProcess a ap:ArchitectureProcess ;
skos:prefLabel "Architecture Evaluation Process"@en ;
skos:definition "Formal evaluation of proposed architectures before implementation."@en ;
ap:hasActivity ex:PrepareEvaluation, ex:ConductATAM, ex:RecordFindings ;
rdfs:seeAlso <https://meta.linked.archi/iso42020#ArchitectureEvaluation> .
# Roles
ex:ChiefArchitect a ap:ProcessRole ;
skos:prefLabel "Chief Architect"@en ;
ap:responsibleFor ex:ArchEvaluationProcess .
ex:SolutionArchitect a ap:ProcessRole ;
skos:prefLabel "Solution Architect — Payments"@en .
ex:SecurityArchitect a ap:ProcessRole ;
skos:prefLabel "Security Architect"@en .
ex:ProductOwner a arch:Stakeholder ;
skos:prefLabel "Product Owner — Payments"@en .
ex:OperationsLead a arch:Stakeholder ;
skos:prefLabel "Operations Lead"@en .
# Activities
ex:PrepareEvaluation a ap:ProcessActivity ;
skos:prefLabel "Prepare ATAM Evaluation"@en ;
ap:activityOfProcess ex:ArchEvaluationProcess ;
ap:performedBy ex:ChiefArchitect ;
ap:precedes ex:ConductATAM .
ex:ConductATAM a ap:ProcessActivity ;
skos:prefLabel "Conduct ATAM Evaluation"@en ;
ap:activityOfProcess ex:ArchEvaluationProcess ;
ap:follows ex:PrepareEvaluation ;
ap:precedes ex:RecordFindings .
ex:RecordFindings a ap:ProcessActivity ;
skos:prefLabel "Record Findings and Decisions"@en ;
ap:activityOfProcess ex:ArchEvaluationProcess ;
ap:follows ex:ConductATAM .
# Milestone — implementation cannot proceed without evaluation
ex:EvaluationGate a ap:ProcessMilestone ;
skos:prefLabel "Architecture Evaluation Gate"@en ;
ap:milestoneOfProcess ex:ArchEvaluationProcess ;
ap:approvedBy ex:ChiefArchitect .
Step 2 — Present the Architecture (ATAM Steps 1-3)¶
The solution architect presents the proposed architecture. In Linked.Archi, this is an arch:Model with ArchiMate elements.
@prefix am: <https://meta.linked.archi/archimate3/onto#> .
# The architecture under evaluation
ex:PaymentPlatformModel a arch:Model ;
skos:prefLabel "Payment Platform Target Architecture"@en .
# Key architectural elements
ex:APIGateway a am:ApplicationComponent ;
skos:prefLabel "API Gateway"@en ;
arch:partOfModel ex:PaymentPlatformModel .
ex:PaymentService a am:ApplicationComponent ;
skos:prefLabel "Payment Processing Service"@en ;
arch:partOfModel ex:PaymentPlatformModel .
ex:EventBus a am:ApplicationComponent ;
skos:prefLabel "Event Bus (Kafka)"@en ;
arch:partOfModel ex:PaymentPlatformModel .
ex:PaymentDB a am:ApplicationComponent ;
skos:prefLabel "Payment Database"@en ;
arch:partOfModel ex:PaymentPlatformModel .
ex:FraudDetection a am:ApplicationComponent ;
skos:prefLabel "Fraud Detection Service"@en ;
arch:partOfModel ex:PaymentPlatformModel .
Step 3 — Identify Architectural Approaches (ATAM Step 4)¶
The team identifies the patterns and tactics used in the proposed architecture. These come from the reference architecture extension.
@prefix refa: <https://meta.linked.archi/ref-arch#> .
@prefix iso25010: <https://meta.linked.archi/iso25010#> .
# Patterns applied
ex:EventDrivenPattern a refa:IntegrationPattern ;
skos:prefLabel "Event-Driven Architecture"@en ;
refa:appliedTactic ex:AsyncMessagingTactic, ex:EventSourcingTactic .
ex:APIGatewayPattern a refa:IntegrationPattern ;
skos:prefLabel "API Gateway"@en ;
refa:appliedTactic ex:RateLimitingTactic, ex:CircuitBreakerTactic .
# Tactics and their quality attribute trade-offs
ex:CircuitBreakerTactic a refa:Tactic ;
skos:prefLabel "Circuit Breaker"@en ;
refa:addressedQA iso25010:Availability, iso25010:FaultTolerance ;
refa:impactedQA iso25010:TimeBehaviour .
ex:AsyncMessagingTactic a refa:Tactic ;
skos:prefLabel "Asynchronous Messaging"@en ;
refa:addressedQA iso25010:Availability, iso25010:Capacity ;
refa:impactedQA iso25010:TimeBehaviour .
ex:EventSourcingTactic a refa:Tactic ;
skos:prefLabel "Event Sourcing"@en ;
refa:addressedQA iso25010:Recoverability ;
refa:impactedQA iso25010:Capacity, iso25010:Analysability .
Step 4 — Build the Utility Tree (ATAM Step 5)¶
The stakeholders collaboratively build a utility tree — a hierarchical decomposition of quality attributes into prioritized scenarios. Each leaf is a ad:QualityAttributeRequirement with the full QAS structure from Bass, Clements, Kazman.
@prefix atam: <https://meta.linked.archi/atam/onto#> .
@prefix ad: <https://meta.linked.archi/arch-decision#> .
# The utility tree
ex:PaymentUtilityTree a atam:UtilityTree ;
skos:prefLabel "Payment Platform Utility Tree"@en ;
atam:hasQABranch ex:AvailabilityBranch, ex:PerformanceBranch,
ex:SecurityBranch, ex:ModifiabilityBranch .
## ─── Availability Branch ────────────────────────────────────
ex:AvailabilityBranch a atam:QualityAttributeBranch ;
skos:prefLabel "Availability"@en ;
atam:branchQualityAttribute iso25010:Availability ;
atam:hasScenario ex:QAS-Failover, ex:QAS-PeakLoad .
ex:QAS-Failover a ad:QualityAttributeRequirement ;
skos:prefLabel "Payment gateway failover"@en ;
ad:onQualityAttribute iso25010:Availability ;
ad:qasSourceOfStimulus ex:PaymentGatewayProvider ;
ad:qasStimulus "Primary payment gateway becomes unreachable"@en ;
ad:qasEnvironment "Normal operation, peak transaction volume"@en ;
ad:qasArtifact ex:PaymentService ;
ad:qasResponse "System fails over to secondary gateway within 5 seconds"@en ;
ad:qasResponseMeasure "Zero lost transactions, < 5s failover time"@en ;
atam:scenarioPriority "(H,M)" .
ex:QAS-PeakLoad a ad:QualityAttributeRequirement ;
skos:prefLabel "Black Friday peak load"@en ;
ad:onQualityAttribute iso25010:Availability ;
ad:qasStimulus "10x normal transaction volume during Black Friday"@en ;
ad:qasEnvironment "All regions active, normal infrastructure"@en ;
ad:qasArtifact ex:PaymentPlatformModel ;
ad:qasResponse "System processes all transactions without degradation"@en ;
ad:qasResponseMeasure "99.99% uptime, zero order loss"@en ;
atam:scenarioPriority "(H,H)" .
## ─── Performance Branch ─────────────────────────────────────
ex:PerformanceBranch a atam:QualityAttributeBranch ;
skos:prefLabel "Performance"@en ;
atam:branchQualityAttribute iso25010:PerformanceEfficiency ;
atam:hasScenario ex:QAS-Latency, ex:QAS-Throughput .
ex:QAS-Latency a ad:QualityAttributeRequirement ;
skos:prefLabel "Payment confirmation latency"@en ;
ad:onQualityAttribute iso25010:TimeBehaviour ;
ad:qasStimulus "Customer submits a payment"@en ;
ad:qasResponse "Payment confirmed to customer"@en ;
ad:qasResponseMeasure "p99 < 2 seconds end-to-end"@en ;
atam:scenarioPriority "(H,M)" .
ex:QAS-Throughput a ad:QualityAttributeRequirement ;
skos:prefLabel "Transaction throughput"@en ;
ad:onQualityAttribute iso25010:Capacity ;
ad:qasStimulus "Sustained high transaction volume"@en ;
ad:qasResponse "System processes transactions at required rate"@en ;
ad:qasResponseMeasure "> 10,000 transactions per second"@en ;
atam:scenarioPriority "(M,H)" .
## ─── Security Branch ────────────────────────────────────────
ex:SecurityBranch a atam:QualityAttributeBranch ;
skos:prefLabel "Security"@en ;
atam:branchQualityAttribute iso25010:Security ;
atam:hasScenario ex:QAS-DataProtection, ex:QAS-AuthBypass .
ex:QAS-DataProtection a ad:QualityAttributeRequirement ;
skos:prefLabel "Payment data protection (PCI-DSS)"@en ;
ad:onQualityAttribute iso25010:Confidentiality ;
ad:qasStimulus "Attacker gains access to database server"@en ;
ad:qasResponse "Payment card data is encrypted at rest and in transit"@en ;
ad:qasResponseMeasure "PCI-DSS Level 1 compliance"@en ;
atam:scenarioPriority "(H,L)" .
## ─── Modifiability Branch ───────────────────────────────────
ex:ModifiabilityBranch a atam:QualityAttributeBranch ;
skos:prefLabel "Modifiability"@en ;
atam:branchQualityAttribute iso25010:Maintainability ;
atam:hasScenario ex:QAS-NewProvider .
ex:QAS-NewProvider a ad:QualityAttributeRequirement ;
skos:prefLabel "Add new payment provider"@en ;
ad:onQualityAttribute iso25010:Modifiability ;
ad:qasStimulus "Business requires integration with a new payment provider"@en ;
ad:qasResponse "New provider integrated without modifying existing services"@en ;
ad:qasResponseMeasure "< 2 weeks development effort, zero downtime"@en ;
atam:scenarioPriority "(M,L)" .
Step 5 — Analyze Approaches Against Scenarios (ATAM Steps 6-8)¶
This is where ATAM's unique value emerges. The team analyzes each high-priority scenario against the architectural approaches and identifies sensitivity points, tradeoff points, and risks.
## ─── Sensitivity Points ─────────────────────────────────────
ex:SP-KafkaPartitions a atam:SensitivityPoint ;
skos:prefLabel "Kafka partition count"@en ;
skos:definition "Number of Kafka partitions directly determines maximum parallelism and throughput."@en ;
atam:sensitiveToQA iso25010:Capacity ;
atam:affectsElement ex:EventBus ;
atam:identifiedInScenario ex:QAS-Throughput .
ex:SP-ConnectionPool a atam:SensitivityPoint ;
skos:prefLabel "Database connection pool size"@en ;
skos:definition "Pool size determines concurrent query capacity. Too small causes queuing; too large exhausts DB connections."@en ;
atam:sensitiveToQA iso25010:TimeBehaviour ;
atam:affectsElement ex:PaymentDB ;
atam:identifiedInScenario ex:QAS-Latency .
## ─── Tradeoff Points ────────────────────────────────────────
ex:TP-Encryption a atam:TradeoffPoint ;
skos:prefLabel "Encryption at rest for payment data"@en ;
skos:definition "Enabling encryption satisfies PCI-DSS but adds ~15% query latency."@en ;
atam:sensitiveToQA iso25010:Confidentiality, iso25010:TimeBehaviour ;
atam:affectsElement ex:PaymentDB ;
atam:identifiedInScenario ex:QAS-DataProtection, ex:QAS-Latency .
ex:TP-EventSourcing a atam:TradeoffPoint ;
skos:prefLabel "Event sourcing for payment transactions"@en ;
skos:definition "Event sourcing improves recoverability and audit trail but increases storage costs and query complexity."@en ;
atam:sensitiveToQA iso25010:Recoverability, iso25010:Capacity, iso25010:Analysability ;
atam:affectsElement ex:EventBus, ex:PaymentDB ;
atam:identifiedInScenario ex:QAS-Failover, ex:QAS-Throughput .
## ─── Risks ──────────────────────────────────────────────────
ex:Risk-SingleDB a atam:ArchitecturalRisk ;
skos:prefLabel "Single database instance — no automatic failover"@en ;
skos:definition "The proposed architecture has a single PostgreSQL instance. If it fails, all payment processing stops."@en ;
atam:riskForQA iso25010:Availability ;
atam:affectsElement ex:PaymentDB ;
atam:identifiedInScenario ex:QAS-Failover .
ex:Risk-EventOrdering a atam:ArchitecturalRisk ;
skos:prefLabel "Event ordering not guaranteed across partitions"@en ;
skos:definition "Kafka guarantees ordering within a partition but not across partitions. Payment events for the same customer may be processed out of order."@en ;
atam:riskForQA iso25010:FunctionalCorrectness ;
atam:riskInApproach ex:EventDrivenPattern ;
atam:affectsElement ex:EventBus ;
atam:identifiedInScenario ex:QAS-PeakLoad .
ex:Risk-FraudLatency a atam:ArchitecturalRisk ;
skos:prefLabel "Fraud detection adds unpredictable latency"@en ;
skos:definition "Synchronous fraud check before payment confirmation adds 200-800ms depending on model complexity."@en ;
atam:riskForQA iso25010:TimeBehaviour ;
atam:affectsElement ex:FraudDetection ;
atam:identifiedInScenario ex:QAS-Latency .
## ─── Non-Risks ──────────────────────────────────────────────
ex:NR-CircuitBreaker a atam:NonRisk ;
skos:prefLabel "Circuit breaker on gateway calls — confirmed safe"@en ;
skos:definition "Analysis confirms that the circuit breaker pattern on payment gateway calls will prevent cascading failures. Failover time is within the 5-second requirement."@en ;
atam:identifiedInScenario ex:QAS-Failover .
ex:NR-NewProvider a atam:NonRisk ;
skos:prefLabel "Plugin architecture for payment providers — confirmed modifiable"@en ;
skos:definition "The adapter pattern used for payment providers allows new integrations without modifying existing code. Estimated effort is 5-8 days."@en ;
atam:identifiedInScenario ex:QAS-NewProvider .
## ─── Risk Theme ─────────────────────────────────────────────
ex:RT-DataTierResilience a atam:RiskTheme ;
skos:prefLabel "Insufficient resilience in the data tier"@en ;
skos:definition "Multiple scenarios reveal that the data layer (database + event bus) is the primary source of architectural risk. Single points of failure, ordering issues, and storage growth all concentrate in this area."@en ;
atam:themeIncludesRisk ex:Risk-SingleDB, ex:Risk-EventOrdering .
Step 6 — Record the Decision (ATAM Step 9)¶
The evaluation findings feed into architecture decisions. The risk theme drives a decision to address the data tier resilience gap.
@prefix ad: <https://meta.linked.archi/arch-decision#> .
# The decision driven by the ATAM evaluation
ex:ADR-PaymentDataResilience a ad:Decision ;
skos:prefLabel "ADR-067: Address data tier resilience risks"@en ;
ad:hasIssue ex:DataTierResilienceIssue ;
ad:hasSelectedOption ex:ReadReplicaOption ;
ad:hasAlternative ex:MultiMasterOption ;
ad:influencedByForce ex:QAS-Failover, ex:QAS-PeakLoad ;
ad:relatedConcept ex:PaymentDB, ex:EventBus ;
ad:justification """ATAM evaluation identified insufficient data tier resilience as a
risk theme (RT-DataTierResilience). Read replicas with automatic failover
address the single-DB risk while staying within budget. Multi-master was
rejected due to conflict resolution complexity."""@en .
ex:DataTierResilienceIssue a ad:Issue ;
skos:prefLabel "Data tier has multiple single points of failure"@en ;
ad:problemStatement "ATAM evaluation revealed Risk-SingleDB and Risk-EventOrdering."@en ;
ad:hasDecision ex:ADR-PaymentDataResilience .
# The evaluation output links back to the process
ex:ArchEvaluationProcess ap:output ex:ADR-PaymentDataResilience .
Step 7 — The Complete ATAM Evaluation Record¶
The ATAMEvaluation individual ties everything together — the architecture evaluated, the utility tree, and all findings.
ex:PaymentATAM-2026Q1 a atam:ATAMEvaluation ;
skos:prefLabel "Payment Platform ATAM Evaluation — Q1 2026"@en ;
atam:evaluatesArchitecture ex:PaymentPlatformModel ;
atam:hasUtilityTree ex:PaymentUtilityTree ;
# Findings
atam:identifiedSensitivityPoint ex:SP-KafkaPartitions, ex:SP-ConnectionPool ;
atam:identifiedTradeoffPoint ex:TP-Encryption, ex:TP-EventSourcing ;
atam:identifiedRisk ex:Risk-SingleDB, ex:Risk-EventOrdering, ex:Risk-FraudLatency ;
atam:identifiedNonRisk ex:NR-CircuitBreaker, ex:NR-NewProvider ;
atam:identifiedRiskTheme ex:RT-DataTierResilience .
Querying the Evaluation¶
With everything in the knowledge graph, you can answer questions that span the entire evaluation:
Which quality attributes have the most risks?¶
PREFIX atam: <https://meta.linked.archi/atam/onto#>
PREFIX iso25010: <https://meta.linked.archi/iso25010#>
SELECT ?qa ?qaLabel (COUNT(?risk) AS ?riskCount) WHERE {
?risk a atam:ArchitecturalRisk ;
atam:riskForQA ?qa .
?qa skos:prefLabel ?qaLabel .
}
GROUP BY ?qa ?qaLabel
ORDER BY DESC(?riskCount)
Which elements are involved in tradeoffs?¶
PREFIX atam: <https://meta.linked.archi/atam/onto#>
SELECT ?element ?elementLabel ?tp ?tpLabel ?qa1 ?qa2 WHERE {
?tp a atam:TradeoffPoint ;
skos:prefLabel ?tpLabel ;
atam:affectsElement ?element ;
atam:sensitiveToQA ?qa1, ?qa2 .
?element skos:prefLabel ?elementLabel .
?qa1 skos:prefLabel ?qa1Label .
?qa2 skos:prefLabel ?qa2Label .
FILTER(?qa1 != ?qa2)
}
Trace from risk theme → risks → scenarios → quality attributes¶
PREFIX atam: <https://meta.linked.archi/atam/onto#>
PREFIX ad: <https://meta.linked.archi/arch-decision#>
SELECT ?theme ?themeLabel ?risk ?riskLabel ?scenario ?scenarioLabel ?qa ?qaLabel WHERE {
?theme a atam:RiskTheme ;
skos:prefLabel ?themeLabel ;
atam:themeIncludesRisk ?risk .
?risk skos:prefLabel ?riskLabel ;
atam:identifiedInScenario ?scenario ;
atam:riskForQA ?qa .
?scenario skos:prefLabel ?scenarioLabel .
?qa skos:prefLabel ?qaLabel .
}
Full traceability: process → evaluation → risk → decision¶
PREFIX ap: <https://meta.linked.archi/arch-processes#>
PREFIX atam: <https://meta.linked.archi/atam/onto#>
PREFIX ad: <https://meta.linked.archi/arch-decision#>
SELECT ?process ?evaluation ?risk ?decision WHERE {
?process a ap:ArchitectureProcess ;
ap:output ?decision .
?evaluation a atam:ATAMEvaluation ;
atam:identifiedRisk ?risk .
?risk atam:riskInDecision ?decision .
OPTIONAL { ?decision skos:prefLabel ?decisionLabel }
}
The Full Composition¶
This evaluation used 8 Linked.Archi modules working together:
┌─────────────────────────────────────────────────────────────────┐
│ Governance Layer │
│ ap:ArchitectureProcess ──→ triggers evaluation │
│ rdfs:seeAlso iso42020:ArchitectureEvaluation │
├─────────────────────────────────────────────────────────────────┤
│ Evaluation Layer (ATAM) │
│ atam:ATAMEvaluation │
│ ├── atam:UtilityTree → atam:QualityAttributeBranch │
│ │ └── ad:QualityAttributeRequirement (QAS) │
│ │ └── ad:onQualityAttribute → iso25010:* │
│ ├── atam:SensitivityPoint → arch:Element │
│ ├── atam:TradeoffPoint → arch:QualityAttribute (multiple) │
│ ├── atam:ArchitecturalRisk → refa:Pattern, refa:Tactic │
│ └── atam:RiskTheme → atam:ArchitecturalRisk (pattern) │
├─────────────────────────────────────────────────────────────────┤
│ Architecture Layer │
│ arch:Model (ArchiMate elements) │
│ refa:Pattern, refa:Tactic (architectural approaches) │
├─────────────────────────────────────────────────────────────────┤
│ Decision Layer │
│ ad:Decision ← driven by ATAM findings │
│ ad:Issue ← identified by risk themes │
│ ap:output ← produced by governance process │
└─────────────────────────────────────────────────────────────────┘
References¶
- Kazman, R., Klein, M., Clements, P. (2000). ATAM: Method for Architecture Evaluation. CMU/SEI-2000-TR-004.
- Bass, L., Clements, P., Kazman, R. (2021). Software Architecture in Practice (4th ed.). Addison-Wesley.
- SEI ATAM Collection
- Frameworks Guide — ATAM
- Extensions Guide — Decisions
- Extensions Guide — Processes
- Extensions Guide — Reference Architecture
- Standards Alignment — ISO 25010