SecBPMN2BC evaluation

Published: 6 May 2022| Version 4 | DOI: 10.17632/fzrbvkn26z.4


This repository contains two datasets. "Survey results" contains the raw and aggregated results of the empirical experiment and the survey completed by the subjects. "Case studies" contains the original diagrams of three case studies, defined using SecBPMN2, and the result diagram created using SecBPMN2BC modelling language. For each case study we provide a small description, the original diagram and the final result. Birth certificate This case study is about the release of a birth certificate by a municipality in a Greek city. The busines process is executed when a citizen applies for the creation of a copy of the birth certificate to the municipality. The municipality examines the request and release to the citizen its birth certificate. We slightly modified the business process by adding security and privity annotations and by correcting some incoherencies. Teleconsultation This case study is about a teleconsultation of a pediatric patient, i.e., an interview of a patient in a remote location. In particular, this is the case of a teleconsultation between an Italian and Spanish hospital. The family of the pediatric patient asks for the availability of the doctor that, if it is available, ask the consent to the pediatric patient. After that the doctor interviews the patient, consults his/her health record and give him a report. In this case we modify the business process adding few privity annotations, and correcting incoherencies. Televisit This case study is about a televisit, i.e., a visit of a pediatric patient by a specialized group, that is external to the patient’s hospital, in a remote location. The process starts with the pediatric patient that ask and sets and appointment. The hospital staff request the consent to the family, interviews the patient and ask for a consultation to an external specialized group. The group checks its availability, visits the patients and send a report to the hospital staff. The hospital staff compiles a final report that send to the pediatric patient. We slighthly modify the process adding privity annotations and security annotation where needed. We solved incoherencies and refined the consent management.


Steps to reproduce

See paper


Politecnico di Milano


Security, Business Process Management, Privacy