D3.2 Open Source software and documentation

December 2009 version (v1.0) of deliverable D3.2 (Open Source software and documentation implementing the design) is open to public comments, feedback and review !

All feedback welcome ! 

You could download it and publish comment from here:

http://www.tas3.eu/project/publications/download/wp3-securely-adaptable-business-processes/TAS3_D03p2_Open_Source_Software_And_Documentation_V1p0.pdf/view

(you need to login first to put a comment)

---

Executive Summary

In TAS3, any communication is subject to specified policies. Compliance is checked for every request and every reply, both at the service requester and at the service provider side.
Business process management provides a flexible approach for defining and running applications in service oriented architectures with web services as basic building blocks. A business process orchestrates web service calls, human interactions via web service interfaces and reactions of external events providing a separate specification of the flow. The security aspect in business processes relates to policy enforcement points which will intercept any web service call to or from the business process and enforce any applicable policy. These policies are specific to business processes in that way that they can refer to properties of the process model or the process instance in question. Such properties may be the execution status of the process instance (such as activities waiting for execution, values of internal variables or the execution history), the security context of the process instance, the roles and resources assigned to the process, or the description of the process model, e.g., its privacy policy.
Further on, activities in processes can explicitly cause modifications of their security context, e.g., assign users to a process role. These modifications need to adhere to policies as well otherwise users could illegally enhance their privileges. Therefore, we develop business-process-specific security components, which will both support the generic policy enforcement infrastructure by providing attributes necessary to evaluate policies and evaluate and enforce the process-specific policies. Deliverable D3.1 describes the iterative conceptual design of those components.
This report describes the implementation of components described in Deliverable D3.1. The implementation follows the iteration steps of the conceptual design with time shift. So the reported implementation mostly focus on the status of the conceptual design half a year before. But there also exist interrelationships between implementation and conceptual design, so that implementation influences partly the conceptual design and on the other hand the ongoing conceptual design and possible changes affect the implementation task.
The current status of the implementation contains first versions of components of all categories of tasks which we identified to establish security for business processes in the TAS3 context:
• Capturing and storing security-relevant information about instances of business processes.
• Runtime enforcement of security policies by inspecting incoming and outgoing messages.
• Management of configuration changes in other parts of the TAS3 infrastructure.
• Creation of security configuration based on process models.