The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

Operations and Tool Support for Public View Transformations of Business Processes

This paper shows operations on models to derive Collaborative Business Processes models on a conceptual level that satisfy the requirements of information hiding and furthermore to use these reduced models for a configuration of executing information systems

The Internet-of-Things Meets Business Process Management: Mutual Benefits and Challenges

The Internet of Things (IoT) refers to a network of connected devices collecting and exchanging data over the Internet. These things can be artificial or natural, and interact as autonomous agents forming a complex system. In turn, Business Process Management (BPM) was established to analyze, discover, design, implement, execute, monitor and evolve collaborative business processes within and across organizations. While the IoT and BPM have been regarded as separate topics in research and practice, we strongly believe that the management of IoT applications will strongly benefit from BPM concepts, methods and technologies on the one hand; on the other one, the IoT poses challenges that will require enhancements and extensions of the current state-of-the-art in the BPM field. In this paper, we question to what extent these two paradigms can be combined and we discuss the emerging challenges

Designing secure business processes for blockchains with SecBPMN2BC

Collaborative business processes can be seen as smart contracts, as they are oftentimes adopted to express agreements among different organizations. Indeed, they provide mechanisms to formalize the obligations of each involved party. For instance, collaborative business processes can specify when a certain task should be executed, under which conditions a service should be offered to the other participants, and how physical objects and information should be manipulated. In this setting, to prevent misuse of smart contracts and services and information provided, it is paramount to guarantee by design that security requirements are fulfilled. With the rise in popularity of blockchains, several approaches exploiting the trusted smart contract execution environment offered by this technology to enforce collaborative business processes have been proposed. Yet, the complexity of business processes, security requirements, and blockchain applications calls for an engineering approach that guides the design of secure business processes. Such an approach should both take advantage of the possibilities offered by blockchain technology to enforce some security requirements (e.g., non-repudiation), and take into account the limitations blockchain poses for other security requirements (e.g., confidentiality). However, we are not aware of any existing work that aims at addressing such issues following a similar approach. In this article, we propose SecBPMN2BC: a model-driven approach to designing business processes with security requirements that are meant to be deployed on blockchains. SecBPMN2BC consists of: (i) an extension of BPMN 2.0 that allows designing secure smart contracts; (ii) a set of algorithms and their implementation that check incompatible security requirements and help the design of smart contracts; (iii) a workflow that guides the application of the method. The method has been validated with a survey conducted on security and BPMN experts

A comparative assessment of collaborative business process verification approaches.

Industry 4.0 is a key strategic trend of the economy. Virtual factories are key building blocks for Industry 4.0 where product design processes, manufacturing processes and general collaborative business processes across factories and enterprises are integrated. In the context of EU H2020 FIRST (vF Interoperation suppoRting buSiness innovaTion) project, end users of vFs are not experts in business process modelling to guarantee correct collaborative business processes for realizing execution. To enable automatic execution of business processes, verification is an important step at the business process design stage to avoid errors at runtime. Research in business process model verification has yielded a plethora of approaches in form of languages and tools that are based on Petri nets family and temporal logic. However, no report specifically targets and presents a comparative assessment of these approaches based on criteria as one we propose. In this paper we present an assessment of the most common verification approaches based on their expressibility, flexibility, suitability and complexity. We also look at how big data impacts the business process verification approach in a data-rich world

Koostööäriprotsesside läbiviimine plokiahelal: süsteem

Tänapäeval peavad organisatsioonid tegema omavahel koostööd, et kasutada ära üksteise täiendavaid võimekusi ning seeläbi pakkuda oma klientidele parimaid tooteid ja teenuseid. Selleks peavad organisatsioonid juhtima äriprotsesse, mis ületavad nende organisatsioonilisi piire. Selliseid protsesse nimetatakse koostööäriprotsessideks. Üks peamisi takistusi koostööäriprotsesside elluviimisel on osapooltevahelise usalduse puudumine. Plokiahel loob detsentraliseeritud pearaamatu, mida ei saa võltsida ning mis toetab nutikate lepingute täitmist. Nii on võimalik teha koostööd ebausaldusväärsete osapoolte vahel ilma kesksele asutusele tuginemata. Paraku on aga äriprotsesside läbiviimine selliseid madala taseme plokiahela elemente kasutades tülikas, veaohtlik ja erioskusi nõudev. Seevastu juba väljakujunenud äriprotsesside juhtimissüsteemid (Business Process Management System – BPMS) pakuvad käepäraseid abstraheeringuid protsessidele orienteeritud rakenduste kiireks arendamiseks. Käesolev doktoritöö käsitleb koostööäriprotsesside automatiseeritud läbiviimist plokiahela tehnoloogiat kasutades, kombineerides traditsioonliste BPMS- ide arendusvõimalused plokiahelast tuleneva suurendatud usaldusega. Samuti käsitleb antud doktoritöö küsimust, kuidas pakkuda tuge olukordades, milles uued osapooled võivad jooksvalt protsessiga liituda, mistõttu on vajalik tagada paindlikkus äriprotsessi marsruutimisloogika muutmise osas. Doktoritöö uurib tarkvaraarhitektuurilisi lähenemisviise ja modelleerimise kontseptsioone, pakkudes välja disainipõhimõtteid ja nõudeid, mida rakendatakse uudsel plokiahela baasil loodud äriprotsessi juhtimissüsteemil CATERPILLAR. CATERPILLAR-i süsteem toetab kahte lähenemist plokiahelal põhinevate protsesside rakendamiseks, läbiviimiseks ja seireks: kompileeritud ja tõlgendatatud. Samuti toetab see kahte kontrollitud paindlikkuse mehhanismi, mille abil saavad protsessis osalejad ühiselt otsustada, kuidas protsessi selle täitmise ajal uuendada ning anda ja eemaldada osaliste juurdepääsuõigusi.Nowadays, organizations are pressed to collaborate in order to take advantage of their complementary capabilities and to provide best-of-breed products and services to their customers. To do so, organizations need to manage business processes that span beyond their organizational boundaries. Such processes are called collaborative business processes. One of the main roadblocks to implementing collaborative business processes is the lack of trust between the participants. Blockchain provides a decentralized ledger that cannot be tamper with, that supports the execution of programs called smart contracts. These features allow executing collaborative processes between untrusted parties and without relying on a central authority. However, implementing collaborative business processes in blockchain can be cumbersome, error-prone and requires specialized skills. In contrast, established Business Process Management Systems (BPMSs) provide convenient abstractions for rapid development of process-oriented applications. This thesis addresses the problem of automating the execution of collaborative business processes on top of blockchain technology in a way that takes advantage of the trust-enhancing capabilities of this technology while offering the development convenience of traditional BPMSs. The thesis also addresses the question of how to support scenarios in which new parties may be onboarded at runtime, and in which parties need to have the flexibility to change the default routing logic of the business process. We explore architectural approaches and modelling concepts, formulating design principles and requirements that are implemented in a novel blockchain-based BPMS named CATERPILLAR. The CATERPILLAR system supports two methods to implement, execute and monitor blockchain-based processes: compiled and interpreted. It also supports two mechanisms for controlled flexibility; i.e., participants can collectively decide on updating the process during its execution as well as granting and revoking access to parties.https://www.ester.ee/record=b536494