Over the past decade, research on business process technologies has focused on the development of collaborative solutions capable of capturing the increasingly dynamic nature of both intra and inter-enterprise workflows. These solutions, which are now starting to be deployed by industry, revolve around service-oriented architectures and event-driven programming paradigms. Globally, they define a new space of "Next Generation Business Applications" which, because of their intrinsic openness and flexibility, also call for new security solutions.
Because they were originally designed to operate within the boundaries of a single enterprise, traditional workflow management systems and associated security solutions could afford to rely on highly centralized architectures. These architectures cannot accommodate the peer-to-peer interactions entailed by emerging inter-enterprise collaboration processes. As enterprises become flatter, revolving around a growing collection of semi-autonomous entities, the traditionally centralized view of intra-enterprise processes is also proving to be less than adequate. This new reality is reflected in the emergence of service-oriented architectures capable of supporting processes with tasks and data separated by enterprise boundaries. Within this new framework, businesses look at their applications and processes as key assets they selectively make accessible to other partners. Such a view is only viable to the extent that the underlying security infrastructure is flexible enough to accommodate the rich sets of policies required by emerging business scenarios. This includes ease of deployment and maintenance.
While basic security protocols for Web Services, such as the WS-* series of proposals, SAML, and XACML are gaining increasing momentum, a number of fundamental security problems still need to be addressed before collaborative business processes can securely be orchestrated (or choreographed). This includes the development of models and mechanisms to enable the specification of high-level security policies as part of business policies, the automatic derivation and setting of security policies, semantically-aware security management, trust establishment between organizations, and addressing the interplay between security management and contract management in a Web Services environment.
This workshop will provide a forum for presenting novel research results in collaborative business processes security. Topics of interest include, but are not limited to:
- Secure business process composition
- Model-driven application security
- Secure business process outsourcing and application hosting
- Semantically-aware security management
- Trust and reputation management
- Adaptive security policy management
- Web services security
- Credential based access control
- Security and trust in mobile collaborative business applications
- Security in event-driven architectures
- Yücel Karabulut, SAP Research, USA
- Norman M. Sadeh, Carnegie Mellon University, USA
- Amgad Fayad, MITRE, USA
- David Basin, ETH Zurich, Switzerland
- Elisa Bertino, Purdue University, USA
- Joachim Biskup, University of Dortmund, Germany
- David Chadwick, University of Kent, UK
- Theo Dimitrakos, British Telecom, UK
- Michael Gertz, University of California at Davis, USA
- Holger Mack, SAP AG, Germany
- Fabio Martinelli, CNR, Italy
- Fabio Massacci, University of Trento, Italy
- Michael McIntosh, IBM, USA
- John C. Mitchell, Stanford University, USA
- Nataraj Nagaratnam, IBM, USA
- Sachar Paulus, SAP AG, Germany
- Jinghai Rao, Carnegie Mellon University, USA
- Markus Schumacher, Fraunhofer-SIT, Germany
- Kent E. Seamons, Brigham Young University, USA
- Sujeet Shenoi, University of Tulsa, USA
- Simon Shiu, Hewlett-Packard Labs, UK
- Jessica Staddon, PARC, USA
- William H. Winsborough, University of Texas at San Antonio, USA
The workshop solicits both original research and position papers. All papers are to be prepared in the 8/5"x11" IEEE camera-ready format.
Formatting instructions and LaTeX macros are available on the IEEE computer society site .
Research papers should not exceed 10 pages. Position papers are expected not to exceed 5 pages. Paper selection will be based on originality, soundness and potential to impact future practice.
A paper submitted to SECOBAP 2007 cannot be under review for any other conference or journal during the time it is being considered for SECOBAP 2007. Both research and position papers are expected to be substantially different from any previously published work. Papers are also expected to include a short (max. 150 word) abstract as well as a set of relevant keywords. All papers should clearly identify the main contact author and include his/her contact details. All papers are to be submitted electronically in printable PDF format (other formats will be rejected) via the submission web page.available at http://www.easychair.org/SECOBAP07/
Workshop proceedings will be published by IEEE in electronic form. In addition, enhanced versions of the best papers will be considered for publication in a special journal issue.