Chapter

Web Information Systems Engineering - WISE 2008

Volume 5175 of the series Lecture Notes in Computer Science pp 381-395

BPEL4RBAC: An Authorisation Specification for WS-BPEL

  • Xin WangAffiliated withSchool of Computer Science and Mathematics, Victoria University
  • , Yanchun ZhangAffiliated withSchool of Computer Science and Mathematics, Victoria University
  • , Hao ShiAffiliated withSchool of Computer Science and Mathematics, Victoria University
  • , Jian YangAffiliated withDepartment of Computing, Macquarie University

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Business process management is designed to make business activities and trade easier and more cost effective. The increasing business integration and legal requirements raise the need for secure business processes. However, the openness and distribution nature of inter-organisational business processes may result in more security breaches. As a widely accepted standard, WS-BPEL does not support for business process security protection even if the participating organisations already have working security policies. To address this problem, we have developed an authorisation specification BPEL4RBAC for WS-BPEL. Through BPEL4RBAC access control model, with an extension for WS-BPEL, called BPEL4RBAC policy language, the secure WS-BPEL is then achievable. The former introduces the access control capability into business process environment while the latter is used to represent the authorisation information in WS-BPEL.