The Integration of Corporate Security Strategies in Collaborative Business Processes

In response to increasing economical constraints, enterprise organization has evolved toward new structures such as networked enterprise, supply chains, virtual enterprise, or collaborative business organizations. This structural organization requires the interoperability of business processes (BPs) and information systems. Dealing with interoperability often leads to the deployment of Service-Oriented Architecture (SOA) based on Enterprise Service Bus (ESB) to design agile collaborative BPs and publish and compose new services. In order to protect each partner's own interests, security strategies must be developed and integrated in the service environment. Unfortunately, traditional security approaches deal with security concerns from a technical perspective (i.e., data transmission or authentication, etc.) and do not support end-to-end security in a distributed environment of business services and collaborative processes. In this paper, we attempt to improve end-to-end security by annotating service descriptions with security objectives used to generate convenient quality of protection (QoP) agreements between partners. Conversely, agreements are processed by a dedicated matching module with respect to security requirements and preferences to select business services, and then, compose their appropriate technical security services.