TAS3_D3p1_v2p0.pdf

TAS3 Design of a semantic underpinned, secure & adaptable process management platform Accepted by European Commission in June 2009. Executive Summary: TAS³ has the goal to provide a next generation trust & security architecture that: • is ready to meet the requirements of complex and highly versatile business processes, • enables the dynamic user-centric management of policies, and • ensures end-to-end secure transmission of personal information and user-controlled attributes between heterogeneous context-dependent and continuously changing systems. The topic of work package three is the support of adaptive, secure business processes in the TAS3 architecture. This document describes the conceptual design and basic components of the system architecture for business processes support developed during the first period of the project in WP3. In the following versions of this deliverable the ongoing research results will be added and the report continued. The TAS3 architecture is based on executing business processes with web service calls included. Therefore, we first provide the concepts for business process modelling and execution in a service-oriented environment and an open source software system with state of the art technology. Using an example process of the employability application area, detailed requirements are analysed and discussed for the core topics of WP3, i.e. secure processes, secure adaptation of processes, and semantics of business processes, and the architecture. Following the requirements analysis, the conceptual design provides as substantial part mechanisms and concepts for secure, privacy-preserving business processes. Further, it comprises concepts for security-guided altering and adapting the schemas and content of running process instances, e.g., selecting in a specific (security-related and process-specific) context different services with respect to their security properties or quality properties. Modelling business processes allows handling security specifications at the business level as well. This information will be used to transform to security specifications on a policy and executable level. In order to support the modelling of the security specifications and the adaptability of processes, semantics for specifying the security context of processes will underpin the business process management. Chapter 6 gives a conclusion. As additional material the appendix contains the current version of an example process from the employability scenario. We already used it as a basis for exemplifying our concepts and will further use it for validating the research results.

TAS3_D3p1_v2p0.pdf — PDF document, 3146Kb