Modeling Security Requirements in Service Based Business Processes

Non-functional concerns such as security are essential in business process management and in service based realizations of business processes. Many works and efforts addressed these concerns on the service layer by developing a number of XML-based standards such as WS-Security and other WS-* standards. However, there are non-functional properties that are on the business process layer and need therefore to be specified in business process models. We notice nevertheless that current business process modeling languages lack appropriate means for specifying non-functional properties such as security for example. In this paper, we present a model driven approach for the development of service based business processes which supports both functional and non functional concerns. We also introduce the concept of profiles to BPMN in analogy to UML Profiles. Based on that, we present a BPMN profile to specify security properties in business process models and illustrate its usage through an example.