News Feed
Forgot your password?
New user?
WP3 Securely Adaptable Business Processes
TAS3_D3p1_v2p0.pdf
TAS3 Design of a semantic underpinned, secure & adaptable process management platform Accepted by European Commission in June 2009. Executive Summary: TAS³ has the goal to provide a next generation trust & security architecture that: • is ready to meet the requirements of complex and highly versatile business processes, • enables the dynamic user-centric management of policies, and • ensures end-to-end secure transmission of personal information and user-controlled attributes between heterogeneous context-dependent and continuously changing systems. The topic of work package three is the support of adaptive, secure business processes in the TAS3 architecture. This document describes the conceptual design and basic components of the system architecture for business processes support developed during the first period of the project in WP3. In the following versions of this deliverable the ongoing research results will be added and the report continued. The TAS3 architecture is based on executing business processes with web service calls included. Therefore, we first provide the concepts for business process modelling and execution in a service-oriented environment and an open source software system with state of the art technology. Using an example process of the employability application area, detailed requirements are analysed and discussed for the core topics of WP3, i.e. secure processes, secure adaptation of processes, and semantics of business processes, and the architecture. Following the requirements analysis, the conceptual design provides as substantial part mechanisms and concepts for secure, privacy-preserving business processes. Further, it comprises concepts for security-guided altering and adapting the schemas and content of running process instances, e.g., selecting in a specific (security-related and process-specific) context different services with respect to their security properties or quality properties. Modelling business processes allows handling security specifications at the business level as well. This information will be used to transform to security specifications on a policy and executable level. In order to support the modelling of the security specifications and the adaptability of processes, semantics for specifying the security context of processes will underpin the business process management. Chapter 6 gives a conclusion. As additional material the appendix contains the current version of an example process from the employability scenario. We already used it as a basis for exemplifying our concepts and will further use it for validating the research results.
TAS3_D03p2_Open_Source Software_And_Documentation V1p0.pdf
TAS3 D3.2 Accepted by European Commission in March 2010. Executive Summary: In TAS3, any communication is subject to specified policies. Compliance is checked for every request and every reply, both at the service requester and at the service provider side. Business process management provides a flexible approach for defining and running applications in service oriented architectures with web services as basic building blocks. A business process orchestrates web service calls, human interactions via web service interfaces and reactions of external events providing a separate specification of the flow. The security aspect in business processes relates to policy enforcement points which will intercept any web service call to or from the business process and enforce any applicable policy. These policies are specific to business processes in that way that they can refer to properties of the process model or the process instance in question. Such properties may be the execution status of the process instance (such as activities waiting for execution, values of internal variables or the execution history), the security context of the process instance, the roles and resources assigned to the process, or the description of the process model, e.g., its privacy policy. Further on, activities in processes can explicitly cause modifications of their security context, e.g., assign users to a process role. These modifications need to adhere to policies as well otherwise users could illegally enhance their privileges. Therefore, we develop business-process-specific security components, which will both support the generic policy enforcement infrastructure by providing attributes necessary to evaluate policies and evaluate and enforce the process-specific policies. Deliverable D3.1 describes the iterative conceptual design of those components. This report describes the implementation of components described in Deliverable D3.1. The implementation follows the iteration steps of the conceptual design with time shift. So the reported implementation mostly focus on the status of the conceptual design half a year before. But there also exist interrelationships between implementation and conceptual design, so that implementation influences partly the conceptual design and on the other hand the ongoing conceptual design and possible changes affect the implementation task. The current status of the implementation contains first versions of components of all categories of tasks which we identified to establish security for business processes in the TAS3 context: • Capturing and storing security-relevant information about instances of business processes. • Runtime enforcement of security policies by inspecting incoming and outgoing messages. • Management of configuration changes in other parts of the TAS3 infrastructure. • Creation of security configuration based on process models.
