Security-relevant semantic patterns of BPEL in cross-organisational business processes
University of Plymouth
Computing, Health and Science
Computer and Information Science, Centre for Security Research
This paper presents results of the analysis of security-relevant semantics of business processes being defined by WS-BPEL (Web Services Business Process Execution Language, BPEL for short) scripts. In particular, security issues arising when such scripts defining cross-organisational business processes on top of Web services are deployed across security domain boundaries, give rise to this investigation. The analysis of security-relevant semantics of this scripting language will help to overcome these security issues making further exploitation of BPEL as a standard for defining cross-organisational business processes more acceptable. Semantic patterns being combinations of particular language features and Web services with specific access restrictions implied by security policies are defined and analysed for this purpose. Applications of the results of this analysis to distributed definition and execution of BPEL-defined business processes may be found in a previous paper of the authors.