A Transformation Approach for Security Enhanced Business Processes

C. Wolter, A. Schaad, and C. Meinel (Germany)


Software Architecture, Visualization, Model-Driven, Secu rity, Human Computer Interaction


The Business Process Modeling Notation (BPMN) has become the defacto standard for describing processes in an accessible graphical notation. The eXtensible Access Control Markup Language (XACML) and WS-Security are both OASIS standards used to specify and enforce plat form independent access control and security policies suit able for service-oriented architectures. In this document we propose a transformation approach based on a secu rity modeling framework for business process management to support access control and security policies for business processes. To deploy and enforce such security policies in an enterprise environment, a model-driven transformation between security annotated process models and a security specification language is used. We argue that specific types of organisational control and compliance policies may be expressed in a graphical fashion at the business process modeling level. These can then be transformed into cor responding access control and security policies for busi ness process-driven information systems based on service oriented architectures. This approach acts as an enabler for better collaboration between security and business pro cess domain experts to define consistent and valid secu rity policies that can be easily communicated. We discuss the benefits of our modeling approach and outline how our framework can support security and compliance in business processes.

Important Links:

Go Back