面向跨企业多方协同应用的Web服务安全模型

现有的Web服务安全工具仅提供单个服务的安全策略配置功能,忽略了业务流程层面的安全需求。为此,提出一种面向跨企业多方协同应用的Web服务安全模型,将Web服务安全建模、部署与监控过程,融合到企业业务流程管理过程中。在此基础上构造基于Secure-WSCDL的建模工具、转换工具和监控工具,实现SOA架构下业务模型与安全建模在软件工程生命周期中的同步。通过简化的国际贸易进出口流程实例,验证了该模型与相应工具的有效性。     

Integrating constraints to support legally flexible business processes

Flexible collaboration is a notable attribute of Web 2.0, which is often in the form of multiple users participating different activities that together complete a whole business process. In such an environment, business processes may be dynamically customized or adjusted, as well as the participants may be selected or attend uncertainly. So how to ensure the legitimacy of a business process for both security and business is increasingly critical. In this paper, we investigate this problem and introduce a novel method to support legally flexible business processes. The proposed Constraint-based Business Process Management Model incorporates constraints into the standard activities composing a business process, where the security constraints place restrictions on participants performing the activities and business constraints restrict the dependencies between multiple activities. By the assembly operations, business processes can be dynamically generated and adjusted with activities, that are obliged to the specified constraints. Several algorithms are presented to verify the consistency of constraints and the soundness of the generated business processes, as well as to perform the execution planning to guarantee the correct execution of a business process on the precondition of satisfying all constraints. We present an illustrative example and implement a prototype for the proposed model that is an application of property rights exchange for supporting legal business processes.     

Semantic business process integration based on ontology alignment

Innovation and agility should be provided to businesses by efficient collaboration (i.e., communication and sharing) between them. However, semantic heterogeneity between business processes is a serious problem for automatically supporting cooperation processes (e.g., knowledge sharing and querying-based interactions) between businesses. In order to overcome this problem, we propose a novel framework based on aligning business ontologies for integrating heterogeneous business processes. We can consider two types of alignment processes; (i) manual alignment for building a whole business process ontology in a business process management (BPM) system and (ii) automated alignment between business processes of different BPM systems. Thereby, the optimal integration between two business processes has to be discovered to maximize the summation of a set of partial similarities between semantic components consisting of the business processes. In particular, the semantic component are extracted from semantic annotations of business processes. For evaluating the proposed system, we have conducted experimentations by using 22 business process management systems, which are organized as six business alliances. We have assumed that business processes in a same BPM system should be built with a common ontologies. The proposed alignment method has shown about 71.3% of precision (65.4% of recall). In addition, we found out that alignment results are dependent on some characteristics of ontologies (e.g., depth and number of classes).     

业务过程协同中数据恢复策略建模及分析

业务过程协同允许组织之间彼此进行通信,交互和协作以完成特定的业务目标。为了确保实施的正确性和一致性,需要对业务过程协同进行建模和分析,但现有的工作鲜有关注于从架构的视角和数据的层次来对其进行讨论。为此,首先提出了一种“代理端 盟主端”业务过程协同架构;其次,通过对该协同架构进行分析,提出了一种业务过程协同的数据恢复通用模型;最后,基于该通用模型,提出了数据恢复策略模型,以此为基础提出了五种数据恢复策略并采用随机Petri网对其进行建模与仿真。实验结果表明,采用最短队列随机恢复策略能够使得业务过程协同应用在协同中确保高的系统吞吐量、快的响应时间及低的拒绝率。     

Derivation of trust federation for collaborative business processes

Service Oriented Architecture (SOA) is considered to be an important enabler of Internet of Services. By adopting SOA in development, business services can be offered, mediated, and traded as web services, so as to support agile and dynamic business collaborations on the Internet. Business collaboration is often implemented as cross-enterprise processes and involves more than one business entity which agrees to join the collaboration. To enable trustworthy and secure provision of services and service composition across enterprise boundaries, trust between business participants must be established, that is, user identities and access rights must be federated, to support business functions defined in the business processes. This paper proposes an approach which derives trust federation from formally described business process models, such as BPMN and WS-CDL processes, to automate security configuration of business collaborations. The result of the derivation is trust policies which identify trust relationships between business participants and can be enforced in enterprises’ service runtimes with support of a policy deployment infrastructure.     

协同业务过程与需求的建模及一致性验证

自底向上建模方法中的业务过程由不同组织开发,无法在设计阶段就预见其潜在的所有交互可能.因此,在实际协作中,建立协同业务过程可能与参与组织期望的系统功能和特性不一致.为此,提出一种协同业务过程与需求的建模及一致性验证方法.首先,引入并发操作符,提供一种通过组合参与组织的业务过程构建协同业务过程方法;然后,扩展目标模型,提出需求依赖图来建模参与组织的需求;最后,基于模型检测技术提出协同业务过程与需求一致性检测方法.重点解决了将协同业务过程转换为表达能力相同FSP进程规约和参与组织需求转换为LTL公式这两个问题.通过对典型的协同业务过程集阐述提出方法的有效性,并对方法分析效率进行评价,结果表明：相对已有工作,提出方法能够更加有效地用于协同业务过程与需求的一致性分析.     

知识管理机制与业务流程的集成研究

知识管理与业务流程具有内在相关性,这种相关性要求将知识管理机制与业务流程有机结合起来.为此,首先分析了业务流程实施对知识管理提出的要求,指出知识管理机制在业务流程中的知识利用方面应提供知识支持和协作支持,在知识创新方面则应提供知识创新支持和知识分类支持.然后在此基础上提出了一种知识管理机制与业务流程的集成方法,并详细说明了其在信息系统层面上的实现方式.     

Extending the reach of business processes

A business process is a systematic set of activities by which an enterprise conducts its affairs. Various technologies-including pagers, cell phones, pocket PCs, instant messaging (IM), and the short message service (SMS)-have emerged that people can use to communicate even when they are on the move or far away. Many such devices support synchronous communication as well as proactively "pushing" messages to users. However, these devices have no mechanism to control or structure the information that users are exchanging, and they arc not integrated with business processes based on workplaces. To address these problems, we have designed and implemented PerCollab, a middleware system that facilitates structured collaboration between various communication devices for business processes and pushes tasks to users.     

Virtual worlds as knowledge management platform – a practice‐perspective

Virtual worlds, as electronic environments where individuals can interact in a realistic manner in form of avatars, are increasingly used by gamers, consumers and employees. Therefore, they provide opportunities for reinventing business processes. Especially, effective knowledge management (KM) requires the use of appropriate information and communication technology (ICT) as well as social interaction. Emerging virtual worlds enable new ways to support knowledge and knowing processes because these virtual environments consider social aspects that are necessary for knowledge creating and knowledge sharing processes. Thus, collaboration in virtual worlds resembles real‐life activities. In this paper, we shed light on the use of Second Life (SL) as a KM platform in a real‐life setting. To explore the potential and current usage of virtual worlds for knowledge and knowing activities, we conducted a qualitative study at IBM. We interviewed IBM employees belonging to a special workgroup called ‘Web 2.0/virtual worlds’ in order to gain experience in generating and exchanging knowledge by virtually collaborating and interacting. Our results show that virtual worlds – if they are able to overcome problems like platform stability, user interface or security issues – bear the potential to serve as a KM platform. They facilitate global and simultaneous interaction, create a common context for collaboration, combine different tools for communication and enhance knowledge and knowing processes.     

Aligning Collaborative Business Processes—An Organization-Oriented Perspective

Business collaboration encompasses the coordination of information flows among organizations as well as the composition of their business processes toward mutual benefits. While integrating business processes of different organizations seamlessly, it brings great challenges to keep participating organizations as autonomous entities. To address this issue, we propose a new perspective on modeling collaborative business processes with a novel concept called relative workflow (RWF). With its visibility control mechanism, the RWF model defines what a participating organization can perceive in collaboration and thereby allows each organization to customize its own collaboration process and behaviors. In this paper, we present a formal definition of RWFs and related algorithms for generating RWFs. A prototype is implemented on the Web service platform for the proof-of-concept purpose.     

Bridging the Gap between Legal and Technical Contracts

Two or more parties typically establish a business relationship using a contract, but a large gap still exists between the provisions of contracts produced by lawyers and the details of computer security and performance addressed by technologists. Some contractual clauses address legal issues that technology can manage as well - the TrustCoM framework offers a paradigm for automating these clauses as technical operations. If a business relationship forms across a service-oriented architecture, the parties involved often manage their collaboration as a virtual organization (VO). In TrustCoM, agreements are the key means of steering VO collaborations and mitigating the risks inherent in integrating processes and resources across organizational boundaries.     

Integrating carrier selection with supplier selection decisions to improve supply chain security

Supply chain security is a major concern for logistics managers who have responsibility for inbound and outbound shipments to and from both domestic and international locations. We propose here that logistics decisions concerning security in the supply chain will be made more effectively when made in concert with decisions in related supply chain processes, especially supplier and carrier selection. Indeed, managers may minimize cost, transit time, and security risk by integrating decision processes internally, as well as with their carrier's and supplier's operations. Thus, we account for both intra‐firm collaboration between logistics and purchasing managers, as well as inter‐firm collaboration among buyers, suppliers, and carriers in a supply chain. In this paper, we propose a decision process that features a set of security rules and a multi‐objective optimization model to accomplish this aim. We then provide an illustration to demonstrate the potential usefulness of these concepts in practice.     

CorPN: managing instance correspondence in collaborative business processes

Driven by the booming global business, organisations are required to align their business processes into an inter-connected network. The sophisticated nature of collaboration results in dynamic and complex interactions and correlations between participating business processes. This inevitably poses challenges to business process management in terms of recognising the instance correspondence and analysing the interaction behaviours of collaborative business processes. Nevertheless, this issue has received very limited attention from inter-organisational workflow research. In this paper, a novel correspondence Petri net model called CorPN is developed to specify instance correspondence with extensions to classical WF-Nets. In addition, a method is established to analyse the behavioural properties of CorPN nets for the purpose of process verification and examination.     

Security-aware Business Process as a Service by hiding provenance

We adress in this paper the security issues that arise when outsourcing business processes in the BPaaS (Business Process as a Service). In particular when sharing and reusing process fragments coming from different organizations for faster and easier development of process-based applications (PBA). The goal is twofold, to preserve the process fragment provenance, i.e., the companies's business activities which provide the reused fragments in order to avoid the competition, and to guarantee the end-to-end availability of PBA to fragment's consumers. We formally define the problem, and offer an efficient anonymization-based protocol. Experiments have been conducted to show the effectiveness of the proposed solution.     

Interactive selection of Web services under multiple objectives

The manual composition of efficient combinations of Web services becomes almost impossible as the number of services increases dramatically. When determining an appropriate set of services, managers must take into consideration given business processes, business strategy and multiple Quality of Service (QoS) objectives while ensuring the cost-efficient usage of limited resources. Because the agility with which new business requirements are adapted has a major influence on business success and poor investment decisions may thus entail corporate failure, decision makers are experiencing growing pressure to prove the value of IT investments—but they often lack appropriate multicriteria decision support tools. This paper introduces a new decision support approach that more properly addresses these challenges. We implemented this approach into a tool and evaluated the performance of two popular methods (i.e., the Analytic Hierarchy Process and the Weighted Scoring Method) by means of a real-life case study in the social security sector. It turns out that the decision support system assists decision makers in identifying investments that more precisely target their company’s business needs by allowing them to interactively determine and continually optimize service allocation according to the corporate business processes and multiple (strategic) objectives.     

A scenario-based verification technique to assess the compatibility of collaborative business processes

Successful E-Business is based on seamless collaborative business processes. Each partner in the collaboration specifies its own rules and interaction preconditions. The verification of the compatibility of collaborative business processes, based on local and global views, is a complex task, which is critical for the success of the cooperation. The verification of process compatibility should be a key element in the design of new business alliances, which makes this verification essential in inter-organizational business process design. The advent of Web Services and Service Oriented Architectures stresses the need to solve complex business cooperations under the pressure of reduced costs and risks, combined with shorter time to market. At the same time, the message-based paradigm results in large and complex processes which makes the verification process quite hard.First the use of an atomic business activity based interaction paradigm is proposed to reduce the complexity of collaborative process models. Next, formal compatibility criteria for business processes are developed. The key construction is the notion of semantic compatibility, which can be used to assess the compatibility of the publicly exposed behavior (a.k.a. business interfaces) between business partners in joint business processes. The formal nature of this compatibility allows to give a precise indication of the degree of compatibility between cooperating business partners. It enables exhaustive lists of incompatible (i.e. unsupported scenarios) business cooperations, which is more comprehensive and complete than the typical compatible or incompatible answer to this question. Finally, complex multiple party interactions can be examined in terms of the safety of the interaction protocols.     

Secure resource sharing on cross-organization collaboration using a novel trust method

A virtual enterprise (VE) consists of a network of independent, geographically dispersed administrative business domains that collaborate with each other by sharing business processes and resources across enterprises to provide a value-added service to customers. Therefore, the success of a VE relies on full information transparency and appropriate resource sharing, making security and trust among subjects significant issues. Trust evaluation to ensure information security is most complicated in a VE involving cross-organization collaboration. This study presents a virtual enterprise access control (VEAC) model to enable resource sharing for collaborative operations in the VE. A scenario for authentication and authorization in the life cycle of a VE is then described to identify the main activities for controlling access. Also developed herein is a trust evaluation method based on the VEAC model to improve its security while safeguarding sensitive resources to support collaborative activities. The trust evaluation method involves two trust evaluation sub-models, one to evaluate the level of trust between two virtual enterprise roles, and another to measure the level of trust between two projects. The two sub-models support each other to make resource-sharing decisions, and are developed based on the concepts of direct, indirect, and negative trust factors. Finally, an example of measuring the trust between two subjects is demonstrated after introducing the two sub-models. The VEAC-based trust evaluation method enables the following: (1) secure resource sharing across projects and enterprises, (2) collaborative operation among participating workers, (3) increased information transparency and (4) lowered information delay in VEs.     

Taking value-networks to the cloud services: security services, semantics and service level agreements

Cloud services have become an emerging solution for organizations striving to address today’s need for agility, but little research has addressed transitioning multiple, collaborating organizations to what can be referred to as a “value-network cloud.” We know that organizations adopting cloud services to execute business processes must concomitantly reconfigure their security solutions for their integrated intra- and inter-organizational collaborations. We address the question, “What is needed to make it possible for an entire value-network to take secure, collaborative business process executions to the cloud?” Future value-network cloud solutions will require completely new security approaches that will leverage contracted brokering solutions operating as part of the cloud solution. We view value-network cloud security service provisioning as a bundle decision characterized by a mix of communication patterns relevant to intra- and inter-enterprise collaboration. We propose a cloud service broker model—using semantics and SLA based middleware—to serve as a trusted interface between the enterprise, cloud service providers and other organizations collaborating in a value-network. The approach enables IT governance for value-network cloud services. The architectural requirements adapt design principles for infrastructure management tailored from approaches to how business cartels historically conducted secure business dealings.     

Elastic Resource Allocation Algorithms for Collaboration Applications

Cloud technologies can provide elasticity to real-time audio and video (A/V) collaboration applications. However, cloud-based collaboration solutions generally operate on a best-effort basis, with neither delivery nor quality guarantees, and high-quality business focused solutions rely on dedicated infrastructure and hardware-based components. This article describes our 2-year of research in the EMD project, which targets to migrate a hardware-based and business focused A/V collaboration solution to a software-based platform hosted in the cloud, providing higher levels of elasticity and reliability. Our focus during this period was an educational collaboration scenario with teachers and students (locally present in the classroom or remotely following the classes). A model of collaboration streaming (e.g. network topology, codecs, stream, streaming workflow, software components) is defined as base for software deployment and preemptive VM allocation techniques. These heuristics are evaluated using a version of the CloudSim simulator extended to generate and simulate realistic collaboration scenarios, to manage network congestion and to monitor a.o. cost and session delay metrics. Our results show that the algorithms reduce costs when compared to previously designed approaches, having an effectiveness of 99% in meeting A/V collaboration setup deadlines, which is a stringent requirement for this collaboration application.     

Managing collaboration performance to govern virtual organizations

The ability to collaborate with partners will become an essential core competence that is required from companies when they are going to take up future challenges. Growing complexity of products and services, increasing global competition and accelerated business processes will exceed in many cases the capabilities and capacities of single companies. The involvement of other companies can help to overcome these limitations. However, only what is measured can be managed. Consequently it is necessary to assess the effectiveness and efficiency of how partners work together in joint processes for a common goal. In other word: the collaboration performance has to be measured. But traditional Performance Measurement (PM) methodologies and indicators are designed to assess the performance of single companies or static cooperation like in supply chains. Evaluation and management of collaboration performance as a particular performance perspective in cooperation is not covered by existing approaches so far. Therefore there is still a need for an approach that provides an information basis for the management of collaboration when companies work together in in cooperation. In this paper, which is initially based on a paper presented on the ProVE conference in 2007, different perspectives of collaboration performance are identified and structured. The considerations are based on Virtual Organisations VOs, a particular type of cooperation that requires usually intensive collaborative interactions between the partners.