and executing business processes in the cloud · we can store and “execute” business processes...
TRANSCRIPT
![Page 1: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/1.jpg)
David Martinho
SECURELY
BUSINESS PROCESSESIN THE CLOUD
#SBP’12 Diogo R. Ferreira
STORINGAND EXECUTING
![Page 2: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/2.jpg)
![Page 3: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/3.jpg)
Service Provider
![Page 4: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/4.jpg)
Service Provider
Service Provider
![Page 5: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/5.jpg)
Service Provider
WE MUST SECURE OUR BUSINESS PROCESSES
![Page 6: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/6.jpg)
WHAT DOES THAT INVOLVE?
REQUIREMENT #1Process instance must be shared among its participants
The “Cloud” is already supported by a client-server architectural pattern
![Page 7: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/7.jpg)
REQUIREMENT #2Service Provider (SP) must never have access to processes
Encrypt the process instance before sending it to the service provider
ThickClient
ThickClient
REQUIREMENT #3Never compromise communication via eavesdropping
?! ?!?
Since the process is already encrypted, no eavesdropping is possible
![Page 8: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/8.jpg)
REQUIREMENT #4SP should not be able to link participants to processes
?RID( )
RID( )
Unauthenticated fetch and store of encrypted business processes
REQUIREMENT #5Always ensure access to authorized participants
SP should version process instances on each storage operation
RID( ) vv-1
![Page 9: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/9.jpg)
REQUIREMENT #5Always ensure access to authorized participants
SP should version process instances on each storage operation
! ?!vv-1
REQUIREMENT #5Always ensure access to authorized participants
SP should version process instances on each storage operation
RID( , v-1) vv-1
![Page 10: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/10.jpg)
REQUIREMENT #5Always ensure access to authorized participants
SP should version process instances on each storage operation
vv-1
SO HOW DO THESE SOLUTIONS COMBINE?
![Page 11: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/11.jpg)
PASSPORTThe end-user secrets
Encrypted with the user’s symmetric key
Hosted in the server
( generated from his password)
RID( )
RID( )
PASSPORTThe end-user secrets
Encrypted with the user’s symmetric key
Hosted in the server
( generated from his password)
RID( )
RID( )
![Page 12: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/12.jpg)
A passport is a 5-tuple
PASSPORTThe end-user secrets
Organization Identity
User Decryption Key (Confidentiality)
User Encryption Key (Integrity)
Process List
Organization Shared Symmetric Key
ORGANIZATION IDENTITYThe organization’s information
Business Process Models
Organizational Members Info(including their public confidentiality and integrity keys)
![Page 13: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/13.jpg)
ORGANIZATION SHAREDSYMMETRIC KEY
RID( )
RID( )
ORGANIZATION SHAREDSYMMETRIC KEY
RID( )
RID( )
![Page 14: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/14.jpg)
RID( )PROCESSSYMMETRIC KEY
RID( )PROCESS
LISTPROCESS
SYMMETRIC KEY
PROCESS LISTUser’s ACL to process instances
...
( ),
( ),
SERVERCLIENT
ENCRYPTEDPROCESS INSTANCE
PROCESS’SYMMETRIC KEY
PROCESSINSTANCE
PROCESS LIST
+
RID( ) RID( )
![Page 15: AND EXECUTING BUSINESS PROCESSES IN THE CLOUD · We can store and “execute” business processes in the “cloud” The solution proposed can be extended to support choreographies](https://reader036.vdocument.in/reader036/viewer/2022071006/5fc3838a6dd6e23a286eefc4/html5/thumbnails/15.jpg)
USER ENC/DEC KEYSend Signed Pull Requests to new participants
PULL-REQ( , ) PULL-REQ( )
ALICE BOB
=PULL REQUEST
RID( )( , )
CONCLUSIONSWe can store and “execute” business processes in the “cloud”
The solution proposed can be extended to support choreographies among organizations, requiring them to:
Have compatible business process models
Use the same architectural solution proposed
We must ensure the architectural solution proposed
Service Provider is completely unaware of the organization’s business processes