Design and Implementation of Information Flow-sensitive Business Processes

Information flow control consists of planning the interactions of services in order to satisfy different security restrictions concerning the propagation of information in a composition. This paper examines the questions of what the information flow is and how it can be modeled and controlled in service-oriented business processes. We present the design and implementation of a decentralized workflow management solution for the control of information flow. Our contribution targets orchestration-based compositions where centralized workflow descriptions are used to derive distributed and cooperating process fragments. The derived process fragments are deployed on composed services and they enable them to establish P2P interconnections with each other. The deriving operation is governed by the underlying dependencies of composed services and the computation of information flow policies. We present a framework for the modeling and computation of information flow and centralized specifications in order to derive cooperating process fragments. Furthermore, we present a reference architecture for service implementation. The former can be applied to a variety of composition specifications such as WS-BPEL while the latter provides an inexpensive and reasonable support for decentralized workflow management.

[1]  Gerhard Weikum,et al.  The MENTOR workbench for enterprise-wide workflow management , 1997, SIGMOD '97.

[2]  Wil M. P. van der Aalst,et al.  Analysis of Web Services Composition Languages: The Case of BPEL4WS , 2003, ER.

[3]  Claude Godart,et al.  Centralized versus Decentralized Conversation-based Orchestrations , 2007, The 9th IEEE International Conference on E-Commerce Technology and The 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC-EEE 2007).

[4]  Luciano Baresi,et al.  Workflow Partitioning in Mobile Information Systems , 2004, MOBIS.

[5]  Heiko Mantel,et al.  Information Flow Control and Applications - Bridging a Gap , 2001, FME.

[6]  Elisa Bertino,et al.  Access control enforcement for conversation-based web services , 2006, WWW '06.

[7]  Qiming Chen,et al.  Inter-enterprise collaborative business process management , 2001, Proceedings 17th International Conference on Data Engineering.

[8]  Claude Godart,et al.  Enhancing Secured Service Interoperability with Decentralized Orchestration , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[9]  Claude Godart,et al.  Towards decentralized service orchestrations , 2007, SAC '07.

[10]  Christoph Bussler,et al.  On Structured Workflow Modelling , 2000, CAiSE.

[11]  Sunil Chandra,et al.  Orchestrating composite Web services under data flow constraints , 2005, IEEE International Conference on Web Services (ICWS'05).

[12]  Raman Kazhamiakin,et al.  Choreography Conformance Analysis: Asynchronous Communications and Information Alignment , 2006, WS-FM.

[13]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[14]  Sunil Chandra,et al.  Decentralized orchestration of composite web services , 2004, WWW Alt. '04.

[15]  W.M.P. van der Aalst,et al.  Interorganizational workflows: An approach based on message sequence charts and petri nets , 1999 .

[16]  Oliver Kopp,et al.  Maintaining Data Dependencies across BPEL Process Fragments , 2008, Int. J. Cooperative Inf. Syst..

[17]  Vijayalakshmi Atluri,et al.  A Chinese wall security model for decentralized workflow systems , 2001, CCS '01.

[18]  Shiyong Lu,et al.  Formal Modeling and Analysis of Scientific Workflows Using Hierarchical State Machines , 2007, Third IEEE International Conference on e-Science and Grid Computing (e-Science 2007).

[19]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[20]  Jorge S. Cardoso,et al.  Process control-flow complexity metric: An empirical validation , 2006, 2006 IEEE International Conference on Services Computing (SCC'06).

[21]  Athman Bouguettaya,et al.  Evaluating Rater Credibility for Reputation Assessment of Web Services , 2007, WISE.

[22]  Andreas Wombacher Decentralized Consistency Checking in Cross-organizationalWorkflows , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[23]  Gerhard Weikum,et al.  A Formal Foundation for Distributed Workflow Execution Based on State Charts , 1997, ICDT.

[24]  Heiko Schuldt,et al.  Peer-to-Peer Process Execution with Osiris , 2003, ICSOC.

[25]  Claude Godart,et al.  Information Flow Control with Decentralized Service Compositions , 2007, IEEE International Conference on Web Services (ICWS 2007).