Ontology-based standards development: Application of OntoStanD to ebXML business process specification schema

Business-to-Business (B2B) interoperations are an important part of today's global economy. Business process standards are developed to provide a common understanding of the information shared between trading partners. These standards, however, mainly capture the syntax of the transactions and not their semantics. This paper proposes the use of ontologies as the basis for standards development and presents an ontology for the ebXML Business Process Specification Schema (ebBP) with the aim of empowering the capture and sharing of semantics embedded within B2B processes as well as enabling knowledge deduction and reasoning over the shared knowledge. The paper utilises the Ontology-based Standards Development methodology (OntoStanD) as a methodological approach for designing ontological models of standards. This research demonstrates how Semantic Web technologies can be utilised as a basis for standards development and representation in order to improve standards-based interoperability between trading partners

SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad

An Ontology for Internal and External Business Processes

In this paper we introduce our multi metamodel process ontology (m3po), which is based on various existing reference models and languages from the workflow and choreography domain. This ontology allows the extraction of arbitrary choreography interface descriptions from arbitrary internal workflow models. We also report on an initial validation: we translate an IBM Websphere MQ Workflow model into the m3po ontology and then extract an Abstract BPEL model from the ontology

An Ontology for Internal and External Business Processes ∗ ABSTRACT

In this paper we introduce our multi metamodel process ontology (m3po), which is based on various existing reference models and languages from the workflow and choreography domain. This ontology allows the extraction of arbitrary choreography interface descriptions from arbitrary internal workflow models. We also report on an initial validation: we translate an IBM Websphere MQ Workflow model into the m3po ontology and then extract an Abstract BPEL model from the ontology. Categories and Subject Descriptors: H.4.1 [Informatio