A Petri Net Based Approach for Modelling and
Analyzing Interorganizational Workflows with Dynamic
Structure
Oana Otilia Prisecaru
Faculty of Computer Science, ”Al. I. Cuza” University
Gen. Berthlot St, No 16, 740083 Iasi, Romania
Abstract. Interorganizational workflows represent a special type of workflows
that involve more than one organization. In this paper, an interorganizational
workflow will be modelled using a special class of nested Petri nets, dynamic
interorganizational workflow nets (DIWF-nets). DIWF-nets can model interor-
ganizational workflows in which some of the local workflows can be removed,
during the execution of the workflow, due to exceptional situations. Our approach
permits a clear distinction between the component workflows and the communi-
cation structure. The paper defines a notion of behavioural correctness (sound-
ness) and proves this property is decidable for DIWF-nets.
1 Introduction
A workflow is an operational description of a business process that takes place inside
one organization. Due to the rise of virtual organizations, electronic commerce and
international companies, many existent business processes involve more than one or-
ganization. These workflows are referred to as interorganizational workflows. There
have been developed several specification languages for interorganizational workflows,
based on XML and Web services: WSFL, BPEL, BPEL4Chor, XLANG, WSCDL, etc
[6]. These languages lack formal semantics and analytical power. In order to solve
these problems, several formalisms have been proposed for specifying interorganiza-
tional workflows: Communicating Finite Automata, Category theory, Process algebra
and Petri nets. Petri nets represent a well-known formal method, successfully used as
a modelling technique for workflows see [1], due to their graphical representation,
their formal semantics and expressiveness. Petri nets have also been used for modelling
interorganizational workflows [2, 4,3,8,5]. In the existing approaches, there is not a
clear distinction between the component workflows and the communication structure,
which makes the models difficult to understand and work with. Also, the structure of the
interorganizational workflow is considered to be static (i.e. the number of component
workflows involved is fixed), but this does not always happen in real situations.
This paper presents a new approach on the modelling of interorganizational work-
flows, based on nested Petri nets. Nested Petri nets [10] are a special class of the
Petri net model, in which tokens may be Petri nets (object-nets). The paper deals with
Otilia Prisecaru O. (2009).
A Petri Net Based Approach for Modelling and Analyzing Interorganizational Workflows with Dynamic Structure.
In Proceedings of the 7th International Workshop on Modelling, Simulation, Verification and Validation of Enterprise Information Systems, pages 23-32
DOI: 10.5220/0002200700230032
Copyright
c
SciTePress
loosely coupled interorganizational workflows: the component workflows behave in-
dependently, but need to interact in order to accomplish a global business goal. The
interaction is made through asynchronous or synchronous communication. Dynamic in-
terorganizational workflow nets (DIWF-nets) are introduced as a special case of nested
Petri nets, in which every local workflow is modelled as a distinct object-net. For the
modelling of a local workflow we use extended workflow nets, a version of the workflow
nets introduced in [1]. The communication mechanisms between the local workflows
are also described using an object-net. Thus, our approach offers a modular view over
the components of an interorganizational workflow. In our model the structure of the in-
terorganizational workflow can change during its execution, as the local workflows can
be dynamically removed at certain points. The paper introduces a notion of behavioural
correctness for DIWF-nets, soundness, and proves this property is decidable.
In what follows we will give the basic terminology and notation concerning work-
flow nets, a Petri net formalism which has been used for the modelling of workflows
[1]. We assume the reader is familiar with the Petri net terminology and notation details
can be found in [12].
A workflow net (WF-net) is a Petri net with two special places: a source place, i,
and a sink place, o. In a WF-net, all places and transitions should be on a path from i to
o. The two conditions are expressed formally as follows:
A Petri net PN=(P,T,F) is a WF-net iff: (1) PN has a source place i and a sink place
o such that
i = and o
= . (2) If we add a new transition t
to PN such that
t
= {o} and t
= {i}, then the resulted Petri net is strongly connected.
A marking of a WF-net is a multiset m : P IN (where IN denotes the set of
natural numbers). We write m = 1
p
1
+2
p
2
for a markingm with m(p
1
) = 1, m(p
2
) =
2 and m(p) = 0, p P {p
1
, p
2
}. The marking 1
i represents the initial marking of
the net, and it is also denoted by i. The marking 1
o, represents the end of the workflow
process (and the final marking of the net, denoted by o).
The rest of the paper is organized as follows: Section 2 presents an introductory
example of a DIWF-net, Section 3 introduces DIWF-nets, Section 4 defines and studies
the soundness property for DIWF-nets, Section 5 presents some of the related work and
Section 6 presents the concluding remarks.
2 Dynamic Interorganizational Workflow Nets: An Introductory
Example
In this section we present an example of a DIWF-net, modelling an interorganizational
workflow which consists of two workflows. The workflows are modelled by two ex-
tended workflow nets, W F
1
and W F
2
(see Fig. 1(a)). These nets are WF-nets, extended
with special transitions: exit in W F
1
terminates abnormally the workflow execution. t
1
and t
2
empty the sink places of the two WF-nets.
The two workflows interact as follows: task t
1
in W F
1
must fire before t
4
in W F
2
(i.e. there is an asynchronous communication between the two workflows) and task t
2
in W F
1
and t
5
in W F
2
must fire synchronously (i.e. there is a synchronous communi-
cation between the local workflows, through these transitions).
The asynchronous communication is described using a partial order on tasks: AC =
25
l1
l3
t1
t2
t1’
p1
f
f
f
o1
i1
o2
p2
t4
i2
l2l1
p_ac1
terminate
t4_c
t2’
t1_c
e
e
WF2’
exit
WF1’
O
I
SN
remove
p
q
y
x
C
l2
t3
l3
t5
t6
t7
p3
L(y,l)
l
t1
t2
t1’
p1
f
l
o1
i1
l2l1
p_ac1
terminate
t4_ct1_c
e
O
I
SN
remove
p
q
y
x
C
t3
L(y,l)
l
l
WF1’
l
(a)
(b)
Fig.1. An example of a DIWF-net: (a) in its initial marking and (b) in a final marking.
{(t
1
, t
4
)}. The synchronous communication is specified using the set of synchronous
communication elements: SC = {{t
2
, t
5
}}. The DIWF-net is a nested Petri net which
consists of a system net, SN and of three object-nets, W F
1
, W F
2
and C. The ini-
tial marking of the DIWF-net is depicted in Fig.1(a). The object-net C describes the
asynchronous communication between the local workflows. The set of places is P
C
=
{p
ac
1
}, where ac
1
= (t
1
, t
4
). The transitions in T
C
correspond to the transitions in-
volved in AC: T
C
= {t
1
c
, t
4
c
}. The initial marking of C is 0.Some of the transitions
of the DIWF-net are labelled (using a partial function, Λ). The transitions involved
in AC and their corresponding transitions from C will be assigned the same labels:
Λ(t
1
) = Λ(t
1
c
) = l
1
and Λ(t
4
) = Λ(t
4
c
) = l
2
. The transitions which appear in SC
will be assigned the same label: Λ(t
2
) = Λ(t
5
) = l
3
. We write a marking of a DIWF-net
as a vector M = (M(I), M(p), M(q), M (O)).In DIWF-nets, there are several firing
rules: an unlabelled transition from an object-net can fire if the transition is enabled in
the object-net (an object-autonomous step). Also, if all the transitions with the same
label, from object-nets residing in the same place of SN, are enabled in those object-
nets, then they should fire synchronously (a horizontal synchronization step). Finally, a
labelled transition enabled in SN should fire simultaneously with the transitions from
the object-nets ”involved” in this firing, which have a complementary label (this is a
vertical synchronization step).
In the example in Fig. 1(a), t
1
is enabled in (W F
1
, i
1
) and t
4
and t
5
are enabled
in (W F
2
, i
2
). But t
4
should fire at the same time with t
4
c
in the object-net C. Since
t
4
c
is not enabled in (C , 0), t
4
cannot fire yet. Thus, t
1
always fires before t
4
, as
specified by AC. Also, t
5
should fire at the same time with t
2
from W F
1
. Since t
1
is enabled in (W F
1
, i
1
) and t
1
c
is enabled in (C, 0), then the horizontal synchro-
26
nization step denoted by (; t
1
, t
1
c
) is enabled in marking M
0
. The resulting mark-
ing is denoted as a tuple: M
1
= (2, {(W F
1
, m1
1
), (W F
2
, i
2
), (C, mc
1
)}, 0, 0). If
we bind the variable y to the net-token (W F
1
, m1
1
) from p, the transition remove
from SN is enabled in M
1
with this binding (i.e. the firing of this transition can re-
move the net-token (W F
1
, m1
1
) from place p). remove from SN should fire syn-
chronously with exit from W F
1
(which is labelled by e). The simultaneous firing
of exit and remove is a vertical synchronization step, denoted by (remove; exit).
If this step fires, then the first workflow is removed. The resulted marking is M
2
=
(1, {(W F
2
, i
2
), (C, mc
1
)}, {(W F
1
, m1
1
)}, 0), and all the transitions in W F
1
in q are
labelled by l. If we consider the firing of the sequence of steps (t
4
, t
4
c
), (t
6
), it results
the marking M
4
= (1, {(W F
2
, o
2
), (C, 0)}, {(W F
1
, m1
1
)}, 0). The vertical synchro-
nization step (terminate; t
2
) is enabled in M
4
(if we bind x to (W F
2
, o
2
)). The re-
sulting marking is M
5
= (0, {(C, 0)}, {(W F
1
, m1
1
)}, 1) (Fig. 1(b)). The transitions in
W F
1
are all re-labelled with a label l, which prevents them from firing.
3 Definition of Dynamic Interorganizational Workflow Nets
In what follows, we will assume there are n local workflows which behave indepen-
dently, but need to interact at certain points using asynchronous communication (which
corresponds to the exchange of messages) and synchronous communication (which
forces the local workflows to execute specific tasks at the same time). We will con-
sider the situation in which a local workflow can interrupt its normal execution at a
certain point, due to the occurrence of an error. At this point, the workflow will be
removed from the interorganizational workflow. We will assume that at least one work-
flow, whose executions is critical, cannot interrupt abnormally its execution.
In order to model a workflow which can terminate abnormally its execution, we de-
fine extended workflow nets (extended WF-nets), an extension of the WF-nets defined in
[1]. These Petri nets are WF-nets which can be extended with two transitions: one of the
transitions empties the sink place of the workflow, while the other transition interrupts
the normal execution of the workflow (this transition is optional).
Definition 1. Let W F = (P, T, F ) be a WF-net. The extended WF-net is W F
=
(P, T
, F
), where:
- T
= T {t
} T
e
, T
e
{exit} such that, if exit T
then
exit6= .
- F
= F {(o, t
)} F
e
, where F
e
P × {exit} (F
e
= , if exit6∈ T
)
W F is called the underlying net of W F
.
Dynamic interorganizationalworkflow nets (DIWF-nets) are defined as nested nets with
a particular structure, extended with two sets (AC and SC), used for describing the
communication between the local workflows, and a special labelling system. We also
use a special expression, L(y, l), for labelling an arc of SN .
Definition 2. A dynamic interorganizational workflow net DIWF is a nested Petri net:
DIW F = (V ar, Lab, (W F
1
, i
1
), . . . , (W F
n
, i
n
), AC, SC, (C, 0), SN, Λ ) such that:
1. V ar = {x, y} is a set of variables.
2. Lab = Lab
AC
Lab
SC
{e, e, f, f } is a set of labels.
27
3. (W F
1
, i
1
), . . . , (W F
n
, i
n
) are extended WF-nets, with the corresponding initial markings
i
1
, i
2
, . . . , i
n
.
4. AC is the asynchronous communication relation: AC T
×T
, where T
=
k∈{1,...,n}
T
k
,
T
k
is the set of transitions from the underlying WF-net of W F
k
. If (t, t
) AC, t T
i
, t
T
j
, then i 6= j.
5. SC is the set of synchronous communication elements: SC P (T
) and:
- u, v SC : u v = .
- if t T
i
, t
T
j
, t, t
u, u SC, then i 6= j.
6. C = (P
C
, T
C
, F
C
) is the communication object:
- P
C
= {p
ac
|ac AC}.
- T
C
= {t
c
|∃t T
: (t
, t) AC (t, t
) AC}.
- F
C
= {(p
ac
, t) P
C
× T
|ac = (t
, t) AC} {(t, p
ac
) T
× P
C
|ac = (t, t
)
AC}
7. SN = (N, W, M
0
) is the system net of DIWF, such that:
- N = (P
N
, T
N
, F
N
) is a high level Petri net: P
N
= {I, p, q, O}, where O is a place
such that O
= and I is a place such that
I = ; T
N
= {terminate, remove};
F
N
= {(I, terminate), (p, terminate),
(terminate, O), (p, remove), (remove, q), (I, remove )}.
- W is the arc labelling function: W ((p, terminate)) = x, W ((p, remove)) = y,
W ((remove, q)) = L(y, l) and W (a) = 1 for the rest of the arcs.
- M
0
is the initial marking of the net: M
0
(I) = n, M
0
(p) = {(W F
1
, i
1
), . . . ,
(W F
n
, i
n
), (C , 0)}, M
0
(q) = 0 and M
0
(O) = 0
. - Λ is a partial labelling function such that:
- u SC, t, t
u, Λ(t) = Λ(t
) = l, l Lab
SC
.
- if t T
such that (t, t
) AC or (t
, t) AC, then there exists t
c
T
C
: Λ(t
c
) =
Λ(t) = l, l Lab
AC
.
- Λ(t
i
) = f, i {1, . . . n} and Λ(terminate) = f.
- Λ(remove) = e and, if exit
i
T
i
, then Λ(exit
i
) = e (i {1, . . . n}).
- t, t
T
i
(i {1, . . . , n}) : Λ(t) 6= Λ(t
).
In a DIWF-net there are n object-nets (extended WF-nets) representing the local work-
flows. We denote by t
i
the transition which empties the output place o
i
in an extended
WF-net W F
i
. V ar is the set of variables in the net. Variables x and y will take as
value an object-net in a certain marking. Lab is a set of labels: the labels in Lab
AC
are
used for the elements of AC and the labels from Lab
SC
are used for the elements of
SC. Lab
AC
and Lab
SC
are not necessary disjoint. The label f is used for labelling the
transition t
i
from W F
i
, i {1, . . . , n}. AC represents the asynchronous communi-
cation relation: if (t, t
) AC, then, the transition t must execute before the transition
t
. SC represents the set of synchronous communication elements: if u SC, then,
all the transitions from u have to execute at the same time. C is an object-net which
describes the asynchronous communication: if ac = (t, t
) AC, then there is a corre-
sponding place p
ac
in P
C
. For every transition t T
involved in an element of AC,
there is a transition t
c
T
C
. Also, if ac = (t, t
) AC, then there exist two arcs
(t
c
, p
ac
), (p
ac
, t
c
) F
C
. In DIWF-nets, the expressions on arcs can be either variables
(x or y), the constant 1 or the function L(y, l). Λ is a partial function which labels tran-
sitions of the DIWF-net. If u SC, then all the transitions from u have the same label
l Lab
SC
. For every transition t involvedin an asynchronous communication element,
there is a transition t
c
in the object-net C and Λ(t) = Λ(t
c
) = l, l Lab
AC
.
We denote by A
net
the net tokens of the DIWF-net: A
net
= {(EN, m) / m is
28
a marking of EN, EN {W F
1
, . . . , W F
n
, C}}. L is a function such that L :
A
net
× Lab
v
A
net
, which relabels all the transitions of (EN, m) A
net
with
l Lab
v
.
A marking M of a DIWF-net is a function such that: M (I) IN, M (O) IN and
M(p), M (q) A
net
. We write M as a vector M = (M(I), M(p), M(q), M (O)).
If t T
SN
, we denote by V ar(t) the set of variables which appear in the expres-
sions from the arcs adjacent to t. A binding (of a transition t T
SN
) is a function
b : V ar(t) A
net
. We have that b(L(y, l)) = L(b(y), l).
In a DIWF-net, a transition t from SN is enabled in a marking M w.r.t. a binding
b iff: (1) W (p, t)(b) M (p) (where W (p, t)(b) is the arc expression of the arc (p, t)
evaluated in binding b) and (2) 1 M (I).
There are several types of steps, defining the behaviour of nested Petri nets see [10].
In the case of DIWF-nets, there are two vertical synchronization steps:
-If transition terminate is enabled in a marking M w.r.t. a binding b and the transi-
tion t
i
is enabled in the object-net b(x) = (W F
i
, m
i
), (W F
i
, m
i
) M (p), then the
simultaneous firing of terminate and t
i
is a vertical synchronization step, denoted by
(termi nate[b]; t
i
). The firing of (terminate[b]; t
i
) removes the object-net (W F
i
, m
i
)
from p and an atomic token from I and adds one atomic token to place O.
-If transition remove is enabled in a marking M w.r.t. a binding b and the transition exit
i
(Λ(exit
i
) = e) is enabled in the object-net b(y) = (W F
i
, m
i
), (W F
i
, m
i
) M (p),
then the simultaneous firing of remove and exit
i
is a vertical synchronization step. The
firing of (remove[b]; exit
i
) removes the net-token (W F
i
, m
i
) from p and adds the net-
token b (L(W F
i
, m
i
), l) = (W F
i
, m
i
) to the place q, where W F
i
is obtained from
W F
i
by labelling all the transitions with the label l. We also write W F
i
instead of
W F
i
(W F
i
only appears in place q).
The definition of the horizontal synchronization step is different from the one in
[10], allowing the synchronization of arbitrarily many transitions from several object-
nets. This change does not affect the general properties of nested nets:
Let M be a marking of DIW F and {α
1
, α
2
, . . . , α
k
} the set of net-tokens from
p (k n + 1). Assume t
1
, . . . t
s
T
is the set of all the transitions with the same
label l 6= e, f, Λ(t
1
) = Λ(t
2
) = . . . = Λ(t
s
) = l, such that: every transition t
j
(j {1, . . . , s}) is enabled in a net-token α
k
j
= (EN
j
, m
j
) M (p) and m
j
[t
j
im
j
.
The synchronous firing of t
1
, . . . , t
s
is called an horizontal synchronization step. The
resulting marking, M
, is obtained from M by replacing the set {α
1
, α
2
, . . . , α
k
} from
place p with {α
1
, α
2
, . . . , α
k
}, where α
k
j
= (EN
j
, m
j
), j {1, . . . , s} and α
i
=
α
i
, i {1, . . . , k} \ { k
1
, . . . k
s
}. We write: M [; t
1
, . . . , t
s
iM
.
4 The Soundness Property for Dynamic Interorganizational
Workflow Nets
In this section we will introduce a notion of soundness for DIWF-nets. In order to
prove the decidability of soundness we will use some results regarding well-structured
transitions systems [7].
A quasi ordering is any reflexive and transitive relation . We let x < y denote
x y 6≤ x. A partial ordering is an asymmetric quasi-ordering. A well-quasi-ordering
29
is any quasi-ordering (oversome set X) such that, for anyinfinite sequence x
0
, x
1
, . . .
in X, there exists indexes i < j such that x
i
x
j
.
A transition system (TS) is a structure T S = hS, →i such that S is a set of states
and →⊆ S × S is a transition relation. If s S, Succ
(s) = { s
S|s
s
}.
A well-structured transition system is a transition system W ST S = hS, , ≤i such
that: ≤⊆ S × S is a well-quasi-ordering and is (upward) compatible with , i.e. for
all s
1
, t
1
, s
2
S with s
1
t
1
and s
1
s
2
, there exists a sequence t
1
t
2
such that
s
2
t
2
. W ST S has strict compatibility iff for all s
1
< t
1
and s
1
s
2
, there exists a
sequence t
1
t
2
with s
2
< t
2
.
A WSTS is bounded from s if Succ
(s) is finite. It was proven in [7] that bound-
ness is decidable for WSTS’s with strict compatibility.
A notion of soundness was defined for WF-nets, expressing the minimal conditions
a correct workflow should satisfy [1]: a workflow must always be able to terminate
((m)((i[∗im) = (m[∗io))), the worklfow must terminate correctly (m)((i[∗im)
m o) = (m = o)), and there do not exist dead tasks (t T )(m, m
)(i[∗im[tim
).
It was proven see [1] that the soundness property is decidable for WF-nets.
Definition 3. Let W F
be an extended workflow net and W F its underlying WF-net.
W F
is sound if: (1) W F is sound and (2) if exit T
, then transition exit is not dead.
In an interorganizationalworkflow, although the local workflows are sound, we can have
synchronization errors and deadlocks. A correct interorganizational workflow should
satisfy the following conditions: every local workflow should be sound; for any reach-
able marking M in DIW F , even if some local workflows have been removed, there is
an execution sequence from M such that the remaining workflows will still be able to
terminate correctly their execution. We will aslo require that the component workflows
should not be allowed to send an infinite number of messages to the other workflows
and that the DIW F should be quasi-live (i.e. every step can fire in a certain reachable
marking).
If M is a marking in a DIWF-net, a final marking corresponding to M is a marking
(0, {(C, m)}, M(q), k) (k = |M (p)| 1, n = M
0
(I)). In such a marking, k is the
number of workflows which terminated correctly their execution. All the atomic tokens
have been removed from I (by firing remove and termi nate). We denote the set of
final markings corresponding to M by M
f
(M). Y will denote the set of steps in a
DIWF-net.[M i denotes the set of markings reachable from M.
We can define formally the notion of soundness for a DIWF-net as follows:
Definition 4. A DIWF-net DIW F is sound if and only if:
1. (W F
j
, i
j
) is a sound extended workflow net, j {1, . . . , n}.
2. DIW F is quasi-live: (Y Y) (M [M
0
i : M [Y i).
3. For every marking M reachable from the initial marking M
0
, there exists a firing
sequence leading from M to a final marking M
f
:
(M)((M
0
[∗iM) = (M[∗iM
f
, M
f
M
f
(M)).
4. The communication net is bounded: M [M
0
i, (C, m) M (p), then n N :
m(p
ac
) n, p
ac
P
C
.
30
A partial order on the markings of nested Petri nets was defined in [10]. In the case of
DIWF-nets we have that M
1
M
2
if and only if M
1
(I) M
2
(I), M
1
(O) M
2
(O)
and there exists an embedding J
p
: M
1
(s) M
2
(s) (s {p, q}), such that for any
α
k
M
1
(p) (k n + 1), J
p
(α
k
) = α
k
such that: either α
k
= α
k
or α
k
= (EN, m)
and α
k
= (EN, m
) (EN {W F
1
, . . . , W F
n
, C}) and m m
.
One can notice that in a DIWF-net, for any reachable marking M [M
0
i, it holds:
(1) M
0
(I) + 1 = |M (q)| + M(O) + |M(p)| and (2) M(I) + 1 = |M (p)|. Using these
observations, the following lemma can be easily proven (we omit the proof here):
Lemma 1. Let DIW F be a DIWF-net and the extended WF-nets W F
j
are sound, for
all j {1, . . . , n}. Assume M
1
, M
2
[M
0
i such that M
2
M
1
. Then: (1) M
1
(I) =
M
2
(I), |M
1
(q)| = |M
2
(q)|, M
1
(O) = M
2
(O) and (2) for every (W F
j
, m
j
) M
1
(s),
(W F
j
, m
j
) M
2
(s) (s {p, q}) and m
j
m
j
. If M
2
[M
1
i, then m
> m.
A DIWF-net is bounded if [M
0
i is finite. We will prove that, in the case that all the
component WF-nets are sound, boundness is decidable for DIWF-nets.
Theorem 1. Let DIW F be a DIWF-net such that all the component extended WF-
nets are sound. Then, W ST S = h[M
0
i, [i, i is a well-structured transition system
with strict compatibility.
Proof. Assume M
1
, M
2
[M
0
i, M
2
M
1
. If Y Y such that M
1
[Y iM
1
, we will
prove that M
2
[Y iM
2
and M
2
M
1
.
If Y is an object-autonomous step, an horizontal synchronization step or Y =
(remove; exit
j
), the proof uses the fact that the order on the markings of an or-
dinary Petri net is strictly monotonic.
If Y = (terminate , t
j
) is enabled in M
1
. t
j
is enabled in a net-token (W F
j
, m
j
)
M
1
(p). We will show that m
j
= m
j
. Because M
1
M
2
, for every (W F
i
, m
i
)
M
1
(r) and (W F
i
, m
i
) M
2
(r) (r {p, q} ), m
i
m
i
. Also, m
m. At least
one of these inequalities is strict. We also have M
1
(I) = M
2
(I), |M
1
(q)| = |M
2
(q)|,
M
1
(O) = M
2
(O). In M
2
(p), there is a net-token (W F
j
, m
j
) such that m
j
m
j
.
Hence, t
j
is also enabled in (W F
j
, m
j
), and the step Y is enabled in M
2
. Because
M
1
, M
2
[M
0
i, then m
j
, m
j
are reachable markings in W F
j
. Because t
j
is enabled
in m
j
and m
j
, then m
j
(o
j
) 1 and m
j
(o
j
) 1. But W F
j
is sound, hence the
only reachable marking which contains a token in the place o
j
is the final marking,
o
j
. So, m
j
= m
j
= o
j
. Because M
1
M
2
, either there exists at least a net token
(W F
s
, m
s
) M
1
(r) such that (W F
s
, m
s
) M
2
(r) (r { p, q}) and m
s
> m
s
(with s 6= j), or m > m
. M
1
[Y iM
1
and M
1
and M
1
differ only in the marking of
p and O: M
1
(p) = M
1
(p) \ {(W F
j
, m
j
)}, M
1
(O) = M
1
(O) + 1 . M
2
[Y iM
2
and
M
2
and M
2
differ only in the marking of p and O: M
2
(p) = M
2
(p) \ {(W F
j
, m
j
)},
M
2
(O) = M
2
(O) + 1. Because there exists s 6= j such that m
s
> m
s
, or m > m
, it
results that M
2
M
1
.
Consequence 1 Boundness is decidable for DIWF-nets, if all the component WF-nets
are sound.
Theorem 2. Assume DIW F is a DIWF-net, such that all the component extended WF-
nets are sound. Then, DIW F is bounded if and only if n N such that M [M
0
i,
(C, m) M (p), p
ac
P
C
: m(p
ac
) n.
31
Proof. () If DIW F is bounded, then the places of any object-net are bounded, in
any reachable marking of DIW F . () If we assume that DIW F is unbounded, using
lemma 1 (2), we can obtain an infinite number of reachable markings for C. Hence,
there is a place of C with an infinite number of tokens. Contradiction.
Theorem 3. Soundness is decidable for DIWF-nets.
Proof. The condition (1) in the definition of soundness is decidable, because soundness
is decidable for extended WF-nets and the number of extended WF-nets is finite. Con-
dition (2) is decidable, because the coverabilityproblem is decidable in nested Petri nets
[9] and the quasi-liveness is equivalent to the coverability problem. If we assume that
all the extended WF-nets are sound, the boundness problem is decidable. If DIW F is
unbounded, it results that the last condition in the definition of soundness does not hold
and thus the DIWF-net is not sound. If DIW F is bounded, the last condition in the def-
inition of soundness holds. It also results that [M
0
i is finite and the reachability problem
is decidable. Thus, the third condition in the definition of soundness is also decidable:
given a reachable marking M , we can decide whether a marking M
f
M
f
(M) is
reachable from M (M
f
is a finite set if DIW F is bounded).
5 Related Work
BPEL4Chor is a choreography language based on BPEL which allows the specification
of interorganizational workflows. [8] proposes a translation from BPEL4Chor to Open
Workflow Nets, in order to allowthe verification of BPEL4Chor. This approach does not
take into consideration the situation in which the component workflows are dynamically
removed. In IOWF-nets defined in [2], the component workflows are all represented
into the same ”flat” Petri net and the structure of the interorganizational workflow is
fixed. [3] proposes a method of designing correct interorganizational workflows in a
top-down way: first a contract is used to specify the way the workflows interact. Then
the private component workflows are build such that each workflow accords with the
contract and the overall interorganizationalworkflow terminates properly. A similar ap-
proach is used in [4], where a shared public workflow-net is used for the specification
of the communication structure. A notion of projection inheritance is used for the pri-
vate workflows, instead of the notion of accordance from [3]. The approaches in [4,
3] ensure the privacy of the workflows and offer a modular view over the interorganiza-
tional workflow, but they work with a fixed number of component workflows and they
do not offer a model for executing the interorganizational workflow. The approach in
[5] uses nets in nets for modelling workflows and interorganizational workflows focus-
ing on the concept of mobility and on the notion of inheritance. This approach does not
define a notion of behavioural correctness for interorganizational workflows. In [11],
we proposed IWF-nets for modelling interorganizational workflows in a modular way.
In this paper we extended that approach, which only considered a fixed structure of the
interorganizational workflow.
32
6 Conclusions
In this paper we introduced a new approach on the modelling of interorganizational
workflows, based on nested Petri nets. Our approach offers a modular view on the in-
terorganizational workflow, because the local workflows and the communication struc-
ture are distinct elements in DIWF-nets; steps in DIWF- nets can easily express the
synchronous and the asynchronous communication; our approach permits the mod-
elling of a situation which can often occur in practice: some local workflows can be
dynamically removed from the interorganizational workflow during its execution. A
notion of soundness was introduced for DIWF-nets and we proved this property is de-
cidable for DIWF-nets. Future work aims to extend DIWF-nets in order to allow the
dynamic creation of workflows and also to define and study the soundness property for
this extension.
References
1. W. M. P. van der Aalst. The Application of Petri nets to Workflow Management. The journal
of Circuits, Systems and Computers, 8(1): pp. 21- 66, Eindhoven University of Technology,
The Netherlands, 1998.
2. W.M.P. van der Aalst. Loosely coupled interorganizational workflows: Modeling and ana-
lyzing workflows crossing organizational boundaries. Information and Management, vol.37,
no.2, pp.6775, 2000.
3. W. M. P. van der Aalst, N. Lohmann, P. Massuthe, C. Stahl, and K. Wolf. From Public Views
to Private Views – Correctness-by-Design for Services. In Proc. of WS-FM 2007, Brisbane,
Australia, September 28-29, 2007,vol. 4937 of LNCS, pp. 139-153, 2008. Springer-Verlag.
4. W.M.P. van der Aalst and M. Weske. The P2P approach to Interorganizational Workflows
Proc. of CAiSE’01, vol. 2068 of LNCS, pp. 140156. Springer-Verlag, Berlin, 2001.
5. W.M.P. van der Aalst, D. Moldt, R. Valk and F. Wienberg. Enacting Interorganizational
Workflows Using Nets in Nets. In Proc. of Workflow Management ’99, pp. 117-136, 1999.
6. G. Kramler , W. Retschitzegger. Specification of Interorganizational Workflows - A Com-
parison of Approaches. Institute of Software Technology and Interactive Systems, Business
Informatics Group, Vienna University of Technology, 2002. Technical Report, 08/02.
7. A. Finkel and Ph. Schnoebelen. Well-Structured Transition Systems Everywhere!. Theoretical
Computer Science 256(1-2), pp. 63-92, 2001.
8. N. Lohmann, O. Kopp, F. Leymann, and W. Reisig. Analyzing BPEL4Chor: Verification and
Participant Synthesis. Proc. of WS-FM 2007 Brisbane, Australia, September 28-29, 2007,
vol. 4937 of LNCS, pp. 46-60, 2008. Springer-Verlag.
9. I.A. Lomazova: Nested Petri nets: modeling and analysis of distributed systems with object
structure. Nauchny Mir, Moscow, 2004 (in Russian).
10. I.A. Lomazova. Nested Petri Nets - a Formalism for Specification and Verification of Multi -
Agent Distributed Systems. Fundamenta Informaticae 43 pp. 195-214, 2000.
11. O. Prisecaru and T.Jucan. Interorganizational Workflow Nets: a Petri Net Based Approach for
Modelling and Analyzing Interorganizational Workflows. In: Proc. of EOMAS-2008, Mont-
pellier, France, June 16-15, 2008, CEUR Workshop Proceedings, ISSN 1613-0073.
12. W. Reisig. Petri Nets. An Introduction. In EATCSMonographs on Theoretical Computer
Science, Springer-Verlag, 1985.
33