A voucher-based security middleware for secure business process outsourcing

Abstract

Business Process Outsourcing (BPO) enables the delegation of entire business processes to third party providers. Such scenarios involve communication between federated and heterogeneous workflow engines. However, state-of-the-art workflow engines fall short of a distributed authorisation mechanism for this heterogeneous, federated BPO setting. In a cross-organisational context, the security requirements involve (i) delegation and verification of privileges in a confidential manner, (ii) secure asynchronous operations during the long-term workflows even when the users are logged-off, and (iii) controlling access to interfaces of the different workflow engines involved. To address these challenges, we present a voucher-based authorisation architecture and middleware. We extended the WF-Interop [2] middleware with a security module to support this authorisation architecture. We further validated our contributions by prototyping a billing workflow case study on top of the extended WF-Interop middleware and evaluated the performance overhead of the security extensions to the middleware.