Abstract
In a SOA context, enterprises can use workflow technologies to orchestrate available business processes and their corresponding services and apply business rules or policies to control how they can be used and who can use them. This approach becomes a bit more complex when a set of business processes includes services that derive outside the company’s domain and therefore can be difficult to align with existing rules/policies. In the privacy and security domain, access control and policy languages are used to define what actions can be performed on resources, by whom, for what purpose and in what context. In this paper we propose an approach for dealing with the inclusion of internal and/or external services in a business process that contains data handling policies.
Chapter PDF
Similar content being viewed by others
Keywords
References
Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/
Primelife, European project, http://www.primelife.eu/
WSDL specifications, http://www.w3.org/TR/wsdl
XACML specifications, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#XACML20
Miller, S., Weckert, J.: Privacy, the Workplace and the Internet. Journal of Business Ethics, 255–265 (2000)
Eddy, E.R., Stone, D.L., Stone-Romero, E.F.: The effects of information management policies on reactions to human resource information systems: An integration of privacy and procedural justice perspectives. Personnel Psychology 52(2), 335–358 (1999)
Culnan, M., Smith, H., Bies, R.: Law Privacy and Organizations: The Corporate Obsession to know v. the individual right not to be known. In: Sitkin, S., Bies, R. (eds.) The Legalistic Organization, Thousand Oaks, CA, pp. 199–211 (1994)
Milne, G.R., Gordon, M.E.: Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing 12(2), 206–215 (1993)
Milberg, S.J., Smith, H., Burke, S.J.: Information Privacy: Corporate Management and National Regulation. Organization Science, 35–57 (2000)
Dresner, S.: Data protection roundup. Privacy Laws Bus (U.K.), January, vol. (33), pp. 2–8 (1996)
Noel, J.: BPM and SOA: Better Together. White paper, IBM (2005)
Malinverno, P., Hill, J.B.: SOA and BPM are Better Together. Gartner, 3–11 (2007)
Chen, Q., Hsu, M.: Inter-Enterprise Collaborative Business Process Management. In: International Conference on Data Engineering, pp. 253–260 (2001)
Jafari, M., Safavi-Naini, R., Sheppard, N.P.: Enforcing Purpose of User via workflows. WPES (November 2009)
Chebbi, I., Tata, S.: Workflow abstraction for privacy preservation. In: Weske, M., Hacid, M., Godart, C. (eds.) WISE Workshops 2007. LNCS, vol. 4832, pp. 166–177. Springer, Heidelberg (2007)
Chinosi, M., Trombetta, A.: Integrating Privacy Policies into Business Processes. Journal of Research and Practice in Information Technology 41(2), 155–170 (2009)
Alhaqbani, B., Adams, M., Fidge, C., ter Hofstede, A.H.M.: Privacy-Aware Workflow Management. BPM Center Report BPM-09-06, BPMcenter.org (2009)
Sarbanes Oxley Act of 2002 (2002), http://uscode.house.gov/download/pls/15C98.txt
Information Systems Audit and Control Association (ISACA), CobiT4.1: http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
Ashley, P., Powers, C., Schunter, M.: From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise. In: NSPW 2002: Proceedings of the 2002 Workshop on New Security Paradigms, pp. 43–50. ACM, New York (2002)
Bandhakavi, S., Zhang, C.C., Winslett, M.: Super-sticky and declassifiable release policies for flexible information dissemination control. In: WPES 2006: Proceedings of the 5th ACM Workshop on Privacy in Electronic Society, pp. 51–58. ACM, New York (2006)
EPAL: Enterprise privacy authorisation language, http://www.zurich.ibm.com/pri/projects/epal.html
Prime: Privacy and identity management for europe (prime), https://www.prime-project.eu/primeproducts/
Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. Technical report (2003), http://www.hpl.hp.com/techreports/2003/HPL-2003-49.pdf
Data4BPM(BEDL), http://public.dhe.ibm.com/software/dw/wes/1004_nandi/1004_nandi.pdf
Grandison, T., Bilger, M., Graf, M., Swimmer, M., Schunter, M., Wespi, A., Zunic, N., O’Connor, L.: Elevating the Discussion on Security Management - The Data Centric Paradigm. In: Proceedings of the 2nd IEEE/IFIP International Workshop on Business-driven IT Management, pp. 89–93. IEEE Press, Piscataway (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Short, S., Kaluvuri, S.P. (2011). A Data-Centric Approach for Privacy-Aware Business Process Enablement. In: van Sinderen, M., Johnson, P. (eds) Enterprise Interoperability. IWEI 2011. Lecture Notes in Business Information Processing, vol 76. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19680-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-19680-5_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19679-9
Online ISBN: 978-3-642-19680-5
eBook Packages: Computer ScienceComputer Science (R0)