Skip to Content

Possible requirements for privacy-enabled business process management

In a SOA context, enterprises can use workflow technologies to orchestrate available business processes and their corresponding services and apply business rules or policies to control how they can be used and who can use them. This approach becomes a bit more complex when a set of business
processes includes services that derive outside the company’s domain and therefore can be difficult to align with existing rules/policies. In the privacy and security domain, languages, such as XACML and P3P, are used to define what actions can be performed on resources, by whom, for what purpose and in what context. For example, in a business-to-business context, when an ins urance provider service is consumed by a potential partner, it may have a policy that states that only an accounts manager can read a specific quote for sales purposes and may not disclose it to other third parties or permit a bank clerk to view this information.

In this blog we propose an approach for dealing with the inclusion of internal and/or external services in a business process that contains data handling policies.


Privacy on the internet or in information systems usually refers to data that is of a personal or sensitive nature. This information can be used to identify
somebody (personal identifiable information) and may be used in a manner that was not intended. With the onslaught of tougher laws and regulations, businesses and more to the point, system administrators, are being asked to put in place mechanisms that can enable a compliant environment and ensure that information is being handled correctly.


It can be a difficult task to translate the idea of privacy into technology, let alone develop privacy preserving mechanisms. Furthermore, there may be issues over the use of personal information for genuine business interests on the one hand and the right of the individual to maintain control over how their personal data is used on the other hand.This trade-off has lead to an increase in both corporate self-regulation and government intervention in the form of data protection and privacy laws. One way for an organization to deal with privacy concerns is to control its processes and the flow of information. Business
Process Management is a systematic way to achieve this goal although its use is mainly to create business value and operational efficiency for competitive

Service Oriented Architectures (SOA) are commonly used as a way to design business processes and loosely coupled services (a set of related business functions) can be dynamically composed or orchestrated to meet the needs of the designer and end-users. Although traditional workflows rarely leave the boundaries of the enterprise for security, privacy, sharing ability, firewalls reasons there has been a definite move towards collaborative workflows. With the existing SOA and BPM approach combined with greater collaboration and tougher regulations on how data is consumed, process designers need to be able to track how data flows and ensure that the business processes are compliant.


When designing a process an administrator can apply access control by assigning roles to activities ensuring that only those who are authorized to perform a given task can do so. We approach extends this principle by allowing the process designer to include not only role assignment but also to express how the web service and the data contained within should be consumed and how long it can be used for.

Furthermore the nature of web services permits their use in different contexts and environments, therefore the data handling or service consumption policies
should always stay with the web service so that the initial requirements are respected. In order to do this a policy structure is needed that is capable of describing the aforementioned conditions and permit a means to evaluate whether a web service is consumable thereby making the business process compliant.

The following are functional requirements for a BPM engine that will assist a process designer in being compliant both with internal and external web services used in a process: 

A.    Policy language


In order to express policies on a web service in a business process, the workflow engine should use a language that has a well-defined structure. An example of this can be seen in  XACML which is an industry standard. This language uses the structure of Subject, Action and Resource (plus optional conditions or rules that may have to be satisfied) and provides a processing model that renders a decision on whether a resource should be accessed or not.



B.    Policy viewer

To facilitate the writing of policies, the BPM application should allow the designer the ability to define policies and to assign them to activities in the business process. Therefore a policy viewer should be integrated into the BPM suite that links with an identity management engine and allows for the mapping of roles or recipients from web services to the roles specified in the identity management engine, if not done so already.


C.    Sticky policies


Furthermore, there should be a means to import policies that belong to internal and external web services, into the viewer. We propose a way to include the policies in the web service description language file and then to populate the properties of the viewer.  In this way we are ensuring that downstream usage of web services respects the original intention of use specified in the services’ policies.


D.    Policy Checker


Once the binding of a web service to a task or activity is completed and the policies have been attached, there should be a means to check if there are policy conflicts between services.  For example, when it is stated that a web service should not be consumed for marketing purposes and the subsequent
activity/web service in the process permits this, then there is a conflict of purpose or, in other terms, a violation of the web services policy. 

E.    Web Service Update

By including a validity period for a web service’s policy, the process designer can be reminded that the service’s policy is out-of-date and he needs to reload/ reimport the WSDL file. This feature ensures that the service consumer has the most current policy and therefore remains compliant.

We will update this blog with further work in this area. It was supported in part by the EU PrimeLife project, within the Seventh Framework Programme (FP7/2007-2013) and in collaboration with my colleague .

Be the first to leave a comment
You must be Logged on to comment or reply to a post.