{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:00:36Z","timestamp":1754157636430,"version":"3.41.2"},"reference-count":18,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2007,5,1]],"date-time":"2007-05-01T00:00:00Z","timestamp":1177977600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007,5,1]]},"abstract":"Purpose<\/jats:title>Aims to identify security\u2010relevant semantics of business processes being defined by WS\u2010BPEL (Web Services Business Process Execution Language, BPEL for short) scripts, in particular, when such scripts defining collaborative business processes on top of web services are deployed across security domain boundaries.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>Analysing potential of BPEL to define behaviour of business processes violating restrictions implied by security policies.<\/jats:p><\/jats:sec>Findings<\/jats:title>Semantic patterns being combinations of particular BPEL features and web services with specific access restrictions implied by security policies are defined and their implications for analysis of BPEL scripts during compliance assessment of cross\u2010domain defined business processes are identified.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>The results of the research part of which is reported here have been applied in a research prototype to BPEL scripts of limited size and comparatively simple business logic. Real\u2010world examples of BPEL scripts with respect to size and complexity should be examined for further approving suitability of the algorithms used.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>The results can be used to specify security policies in terms of security\u2010critical semantics of BPEL scripts in order to facilitate compliance assessment. In conjunction with other results of this research, this will help to overcome security issues arising from cross\u2010domain definition of business processes by enabling automatic compliance assessment prior to execution.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220710748010","type":"journal-article","created":{"date-parts":[[2007,6,19]],"date-time":"2007-06-19T11:08:23Z","timestamp":1182251303000},"page":"116-127","source":"Crossref","is-referenced-by-count":0,"title":["Analysis of security\u2010relevant semantics of BPEL in cross\u2010domain defined business processes"],"prefix":"10.1108","volume":"15","author":[{"given":"K.P.","family":"Fischer","sequence":"first","affiliation":[]},{"given":"U.","family":"Bleimann","sequence":"additional","affiliation":[]},{"given":"W.","family":"Fuhrmann","sequence":"additional","affiliation":[]},{"given":"S.M.","family":"Furnell","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022020320260263300_b1","doi-asserted-by":"crossref","unstructured":"Abendroth, J. and Jensen, C.D. (2003), \u201cPartial outsourcing: a new paradigm for access control\u201d, Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT'03, pp. 134\u201041.","DOI":"10.1145\/775412.775429"},{"key":"key2022020320260263300_b2","unstructured":"Arkin, A., Bloch, B., Curbera, F., Goland, Y., Kartha, N., Liu, C.K., Thatte, S. and Yendluri, P. (Eds) (2004), \u201cWeb Services Business Process Execution Language Version 2.0\u201d, OASIS, available at: www.oasis\u2010open.org\/committees\/download.php\/10347\/wsbpel\u2010specification\u2010draft\u2010120204.htm (accessed 22 November 2005)."},{"key":"key2022020320260263300_b3","unstructured":"Berardi, D., De Rosa, F., De Santis, L. and Mecella, M. (2003), \u201cFinite state automata as conceptual model for e\u2010services\u201d, Proceedings of the 7th World Conference on Integrated Design and Process Technology, IDPT\u20102003."},{"key":"key2022020320260263300_b4","unstructured":"Berglund, A. Boag, S. Chamberlin, D. Fern\u00e1ndez, M.F. Kay, M. Robie, J. and Sim\u00e9on, J. (Eds) (2005), \u201cXML Path Language (XPath) 2.0\u201d, paper presented at World Wide Web Consortium, available at: www.w3.org\/TR\/xpath20 (accessed 27 November 2006)."},{"key":"key2022020320260263300_b5","unstructured":"Chinnici, R. Moreau, J.J. Ryman, A. and Weerawarana, S. (Eds) (2006), \u201cWeb Services Description Language (WSDL) 2.0 Part 1: Core Language\u201d, paper presented at World Wide Web Consortium, available at: www.w3.org\/TR\/wsdl20 (accessed 27 November)."},{"key":"key2022020320260263300_b6","doi-asserted-by":"crossref","unstructured":"Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J. and Moody, K. (2004), \u201cUsing trust and risk in role\u2010based access control policies\u201d, Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, SACMAT'04, pp. 156\u201062.","DOI":"10.1145\/990036.990062"},{"key":"key2022020320260263300_b7","unstructured":"Dobson, J. (1994), \u201cMessages, communications, information security and value\u201d, Proceedings of the 1994 Workshop on New Security Paradigms, pp. 10\u201019."},{"key":"key2022020320260263300_b8","doi-asserted-by":"crossref","unstructured":"Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R. and Chandramouli, R. (2001), \u201cProposed NIST standard for role\u2010based access control\u201d, ACM Transactions on Information and System Security (TISSEC), Vol. 4 No. 3, pp. 224\u201074.","DOI":"10.1145\/501978.501980"},{"key":"key2022020320260263300_b9","unstructured":"Fischer, K.P., Bleimann, U., Fuhrmann, W. and Furnell, S.M. (2005), \u201cA security infrastructure for cross\u2010domain deployment of script\u2010based business processes in SOC environments\u201d, Proceedings of the 5th International Network Conference, INC'2005, pp. 207\u201016."},{"key":"key2022020320260263300_b10","doi-asserted-by":"crossref","unstructured":"Fischer, K.P., Bleimann, U., Fuhrmann, W. and Furnell, S.M. (2007), \u201cSecurity policy enforcement in BPEL\u2010defined collaborative business processes\u201d, Proceedings of the 1st International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), to appear as IEEE Electronic Publication.","DOI":"10.1109\/ICDEW.2007.4401056"},{"key":"key2022020320260263300_b11","doi-asserted-by":"crossref","unstructured":"Koshutanski, H. and Massacci, F. (2003), \u201cAn access control framework for business processes for web services\u201d, Proceedings of the 2003 ACM Workshop on XML Security, pp. 15\u201024.","DOI":"10.1145\/968559.968562"},{"key":"key2022020320260263300_b12","unstructured":"Leymann, F. and Roller, D. (2004), \u201cModelling business process with BPEL4WS\u201d, Proceedings of the 1st Workshop on XML Interchange Formats for Business Process Management (XML4BPM'2004), pp. 7\u201024."},{"key":"key2022020320260263300_b13","doi-asserted-by":"crossref","unstructured":"Mayer, P. and L\u00fcbke, D. (2006), \u201cTowards a BPEL unit testing framework\u201d, Proceedings of 2006 Workshop on Testing, Analysis, and Verification of Web Services and Applications, pp. 33\u201042.","DOI":"10.1145\/1145718.1145723"},{"key":"key2022020320260263300_b14","doi-asserted-by":"crossref","unstructured":"Mendling, J., Strembeck, M., Stermsek, G. and Neumann, G. (2004), \u201cAn approach to extract RBAC models from BPEL4WS processes\u201d, Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WET ICE 2004), pp. 81\u20106.","DOI":"10.1109\/ENABL.2004.9"},{"key":"key2022020320260263300_b15","doi-asserted-by":"crossref","unstructured":"Peng, L. and Chen, Z. (2004), \u201cAn access control model for web services in business process\u201d, Proceedings of IEEE\/WIC\/ACM International Conference on Web Intelligence (WI'04), pp. 292\u20108.","DOI":"10.1109\/WI.2004.10081"},{"key":"key2022020320260263300_b16","unstructured":"Tuecke, S., Czajkowski, K., Foster, I., Frey, J., Graham, S., Kesselman, C., Maquire, T., Sandholm, T., Snelling, D. and Vanderbilt, P. (2003), \u201cOpen grid services infrastructure (OGSI) Version 1.0\u201d, Global Grid Forum, available at: www.ggf.org\/documents\/GWD\u2010R\/GFD\u2010R.015.pdf (accessed 16 November 2006)."},{"key":"key2022020320260263300_b17","doi-asserted-by":"crossref","unstructured":"Wang, H., Huang, J.Z., Qu, Y. and Xie, J. (2004), \u201cWeb services: problems and future directions\u201d, Journal of Web Semantics, Vol. 1 No. 3, pp. 309\u201020.","DOI":"10.1016\/j.websem.2004.02.001"},{"key":"key2022020320260263300_b18","unstructured":"Wohed, P., van der Aalst, W., Dumas, M. and ter Hofstede, A. (2002), \u201cPattern\u2010based analysis of BPEL4WS\u201d, Technical Report, FIT\u2010TR\u20102002\u201004, Queensland University of Technology, Brisbane, available at: http:\/\/is.tm.tue.nl\/research\/patterns\/download\/qut_bpel_rep.pdf (accessed 27 November 2006)."}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220710748010","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220710748010\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220710748010\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:01Z","timestamp":1753402141000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/15\/2\/116-127\/187173"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,5,1]]},"references-count":18,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2007,5,1]]}},"alternative-id":["10.1108\/09685220710748010"],"URL":"https:\/\/doi.org\/10.1108\/09685220710748010","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2007,5,1]]}}}