Security Policy Enforcement in BPEL-Defined Collaborative Business Processes

This paper presents an approach to security policy enforcement with collaborative business processes defined using BPEL and deployed across enterprise domain boundaries for execution. The assessment of compliance with security policies at the location where a BPEL script is to be executed is facilitated by re-formulating the security policies with respect to the potential of violation inherent in BPEL The results of an analysis of the security-relevant semantics of BPEL-defined business processes conducted for this purpose indicate the paramount role of information flow analysis in business processes. Based on these results, the paper proposes an XML-based schema for specifying security policies for cross-organisational business processes that allows for automatic checking of BPEL scripts for compliance to these security policies. The paper also introduces a prototype implementation of an automatic compliance check that approves the feasibility of the method for practical application in security policy enforcement.