Analysis of security‐relevant semantics of BPEL in cross‐domain defined business processes
Abstract
Purpose
Aims to identify security‐relevant semantics of business processes being defined by WS‐BPEL (Web Services Business Process Execution Language, BPEL for short) scripts, in particular, when such scripts defining collaborative business processes on top of web services are deployed across security domain boundaries.
Design/methodology/approach
Analysing potential of BPEL to define behaviour of business processes violating restrictions implied by security policies.
Findings
Semantic patterns being combinations of particular BPEL features and web services with specific access restrictions implied by security policies are defined and their implications for analysis of BPEL scripts during compliance assessment of cross‐domain defined business processes are identified.
Research limitations/implications
The results of the research part of which is reported here have been applied in a research prototype to BPEL scripts of limited size and comparatively simple business logic. Real‐world examples of BPEL scripts with respect to size and complexity should be examined for further approving suitability of the algorithms used.
Originality/value
The results can be used to specify security policies in terms of security‐critical semantics of BPEL scripts in order to facilitate compliance assessment. In conjunction with other results of this research, this will help to overcome security issues arising from cross‐domain definition of business processes by enabling automatic compliance assessment prior to execution.
Keywords
Citation
Fischer, K.P., Bleimann, U., Fuhrmann, W. and Furnell, S.M. (2007), "Analysis of security‐relevant semantics of BPEL in cross‐domain defined business processes", Information Management & Computer Security, Vol. 15 No. 2, pp. 116-127. https://doi.org/10.1108/09685220710748010
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited