Adapting Workflows Using Generic Schemas: Application to the Security of Business Processes

Existing approaches to the adaptation of workflows over Web services fall short in two respects. First, they only provide, if ever, limited means for taking into account the execution history of a workflow. Second, they do not support adaptations that require modifications not only at the service composition level but also at the levels of interceptors and service implementations. This is particular problematic for the enforcement of security properties over workflows: enforcing authorization properties, for instance, frequently requires execution contexts to be defined and modifications to be applied at all these abstraction levels of Web services. We present two main contributions in this context. First, we introduce workflow adaptation schemas (WAS), a new notion of generic protocol-based workflow adapters. WAS enable the declarative definition of adaptations involving complex service compositions and implementations. Second, we present two real-world security issues related to the use of OAuth 2.0, a recent and widely used framework for the authorization of resource accesses. As we motivate, these security issues require history-based adaptations over different abstraction levels of services. We then show how to resolve these issues using WAS.