Inter-organizational negotiation of web-services

The web service technology allows organizations to interact through business processes. \ud However, organizations involved in cooperative business processes have different interests \ud and points of view. A negotiation allows them to discuss their interests and requirements in \ud order to reach an acceptable agreement. We propose an integrated web service negotiation \ud process that takes into account human interaction and the use of different negotiation \ud protocols. It focuses on the application of feature modelling to describe the negotiated \ud services. Our contributions include: (i) the definition of a negotiation process; (ii) the \ud definition of a conceptual model to support the negotiation of web services; (iii) reuse of \ud artefacts generated throughout the negotiation process; (iv) coverage of critical elements in \ud the negotiation of electronic contracts, such as role, properties of electronic services and \ud contract models; and (v) exploration of the process in different application scenario

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects’ requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study. \ua9 2020, The Author(s)

Service identification for business process management.

Over the years Service Oriented Architecture (SOA) has gained momentum and is becoming the standard for providing systematic business solutions. Likewise, the requirements for identifying business services are fast changing and a solution to the service identification problem needs a robust approach. It is known that this task of identifying candidate services is the first and the most important step in developing service-oriented business systems. The recent approaches of identifying candidate services have some shortcomings (defined data type size, unrepeatable approach, inapplicable to all enterprise information system and unadaptable to business factor change). Some approaches focus on fixed cases or certain types of organizations (single or collaborating organizations) neglecting the enterprise systems which are either (open or closed) single or collaborating enterprise information system, which makes some past approaches not applicable to some real-life business cases. This thesis focuses on solving the headline issues and introduces a new approach for service identification applicable to different organization’s business processes. The thesis also proposes a new step-by-step algorithm and methodology that identify business services derived from data-set from any given business case