Integrating Privacy Policies into Business Processes

Michele Chinosi, Alberto Trombetta

Abstract

The increased interest around business processes management and modeling techniques has brought many organizations to make significant investments in business process modeling projects. One of the most recent proposal for a new business process modeling technique is the Business Process Modeling Notation (BPMN). Often, the modeled business processes involve sensible information whose disclosure is usually regulated by privacy policies. As such, the interaction between business processes and privacy policies is a critical issue worth to be investigated. Towards this end, we introduce a data model for BPMN and a corresponding XML-based representation (called BPeX) which we use to check whether a BPeX-represented business process is compliant with a P3P privacy policy. Our checking procedures are very efficient and require standard XML technology, such as XPath.

References

  1. WfMC: Workflow Management Coalition - Terminology & Glossary. On WfMC website (1999) WFMC-TC-1011. http://www.wfmc.org/standards/docs.htm.
  2. White, S.A.: Business Process Modeling Notation - OMG Final Adopted Specification. On BPMN website (2006) http://www.bpmn.org.
  3. Cranor, L., Dobbs, B., Hogben, G., Marchiori, M., Schunter, M., et al.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification (2006) http://www.w3.org/TR/P3P11/.
  4. Andrews, T., Curbera, F., Dholakia, H., Goland, Y., Klein, J., Leymann, F., Liu, K., Roller, D., et al.: Business Process Execution Language for Web Services - Version 1.1. IBM website (2003) http://www-128.ibm.com/developerworks/library/specification/ws-bpel/.
  5. WfMC: Process Definition Interface - XML Process Definition Language. WfMC website (2005) WFMC-TC-1025. http://www.wfmc.org/standards/docs.htm.
  6. Swenson, K.: The BPMN-XPDL-BPEL value chain. In blog “Go Flow” (2006) http://kswenson.wordpress.com/2006/05/26/bpmn-xpdl-and-bpel/.
  7. Recker, J., Mendling, J.: On the Translation between BPMN and BPEL: Conceptual Mismatch between Process Modeling Languages. In: Proceedings 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortiums, Latour, Thibaud and Petit, Michael, Eds. (2006) 521-532
  8. Ouyang, C., van der Aalst, W.M., Dumas, M., Hofstede, A.H.M.t.: From Business Process Models to Process-oriented Software Systems: The BPMN to BPEL Way. Technical Report BPM-06-27, BPM Center (2006) http://www.bpmcenter.org.
  9. Ouyang, C., van der Aalst, W.M., Dumas, M., Hofstede, A.H.M.t.: Translating BPMN to BPEL. Technical Report BPM-06-02, BPM Center (2006) http://www.bpmcenter.org.
  10. Mendling, J., Neumann, G., Nüttgens, M.: A Comparison of XML Interchange Formats for Business Process Modelling. In Feltz, F., Oberweis, A., Otjacques, B., eds.: EMISA. Volume 56 of LNI., GI (2004) 129-140
  11. Mendling, J., de Laborda, C.P., Zdun, U.: Towards an Integrated BPM Schema: Control Flow Heterogeneity of PNML and BPEL4WS. In Althoff, K.D., Dengel, A., Bergmann, R., Nick, M., Roth-Berghofer, T., eds.: Wissensmanagement (LNCS Volume). Volume 3782 of Lecture Notes in Computer Science., Springer (2005) 570-579
  12. Mendling, J., de Laborda, C.P., Zdun, U.: Towards Semantic Integration of XML-based Business Process Models. In Althoff, K.D., Dengel, A., Bergmann, R., Nick, M., RothBerghofer, T., eds.: Wissensmanagement, DFKI, Kaiserslautern (2005) 513-517
  13. Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: CSFW, IEEE Computer Society (2002) 271-281
  14. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based Preference Language for P3P. In: 12th International World Wide Web Conference. (2003)
  15. Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WSBPEL. icws 0 (2006) 275-284
  16. Li, Y.H., Paik, H.Y., Benatallah, B., Benbernou, S.: Formal Consistency Verification between BPEL process and Privacy Policy. In: Privacy Security Trust 2006 (PST 2006), McGraw Hill (2006) 212-223
  17. Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: WETICE, IEEE Computer Society (2004) 81-86
  18. BPeX Project Site: http://bpex.sourceforge.net (2005)
Download


Paper Citation


in Harvard Style

Chinosi M. and Trombetta A. (2008). Integrating Privacy Policies into Business Processes . In Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008) ISBN 978-989-8111-44-9, pages 13-25. DOI: 10.5220/0001743900130025


in Bibtex Style

@conference{wosis08,
author={Michele Chinosi and Alberto Trombetta},
title={Integrating Privacy Policies into Business Processes},
booktitle={Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)},
year={2008},
pages={13-25},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001743900130025},
isbn={978-989-8111-44-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)
TI - Integrating Privacy Policies into Business Processes
SN - 978-989-8111-44-9
AU - Chinosi M.
AU - Trombetta A.
PY - 2008
SP - 13
EP - 25
DO - 10.5220/0001743900130025