A Petri Net based Approach to Modelling Resource

Constrained Interorganizational Workﬂows

Oana Prisecaru

Faculty of Computer Science, ”Al. I. Cuza” University

Gen. Berthlot St, No 16, 740083 Iasi, Romania

Abstract. Interorganizational workﬂows represent a technique that offers com-

panies a solution for managing business processes that involve more than one

organization. In this paper, an interorganizational workﬂow will be modelled

using a special class of nested Petri nets, resource constrained interorganiza-

tional workﬂow nets. This approach will allow the speciﬁcation of the partici-

pating workﬂows and of the communication structure between them, permitting

a clear distinction between these components. In our model, the resources from

one workﬂow can be represented explicitly and shared with other component

workﬂows.

1 Introduction

A workﬂow is the automation of a business process that takes place inside one organi-

zation. A workﬂow is structured into several perspectives, among which we mention:

the process perspective - speciﬁes which tasks need to be executed and in what order;

the resource perspective - speciﬁes the resources in the organization and the existing

roles (resource classes based on organizational or functional aspects). Due to the rise

of virtual organizations, electronic commerce and international companies, many ex-

istent business processes involve more than one organization. These workﬂows , dis-

tributed over a number of different organizations, are referred to as interorganizational

workﬂows. There have been developed several speciﬁcation languages for interorgani-

zational workﬂows, based on XML and Web services: WSFL, BPEL4WS, XLANG,

WSCL, etc ([8]). These languages lack formal semantics and analytical power (they

cannot be used to study behavioural properties of interorganizational workﬂows). In

order to solve these problems, several formalisms have been proposed for specifying

interorganizational workﬂows: Communicating Finite Automata ([6]), Category the-

ory ([7]), Process algebra and Petri nets. Petri nets represent a well-known formal

method, successfully used as a modelling technique for workﬂows (see [1,2]), due to

their graphical representation, their formal semantics and expressiveness. Also, there

are many analysis techniques and tools used for investigating the properties of Petri

nets. Petri nets have also been used for modelling interorganizational workﬂows: in [3],

IOWF-nets are deﬁned for modelling loosely coupled interorganizational workﬂows.

Prisecaru O. (2008).

A Petri Net based Approach to Modelling Resource Constrained Interorganizational Workﬂows.

In Proceedings of the 6th International Workshop on Modelling, Simulation, Veriﬁcation and Validation of Enterprise Information Systems, pages 29-38

DOI: 10.5220/0001736700290038

 SciTePress

[15] describes a XML-based language, called XRL, for the speciﬁcation of interorgani-

zational workﬂows. XRL semantic is expressed in terms of Petri nets. The approach in

[5] uses Documentary Petri Nets, a variant of high-level Petri nets, to model and enact

trade procedures. The P2P approach from [4], based on Petri nets, uses inheritance to

align local workﬂows. A common problem in these approaches is the mixture between

the different components of the interorganizational workﬂow, which makes the model

difﬁcult to understand and analyze. Also, the interoperability between the constituent

workﬂows either is not represented explicitly in the model, or it lacks clarity. These

approaches do not take into consideration the resources involved in the execution of the

local workﬂows.

This paper presents a new approach on the modelling of interorganizational work-

ﬂows, based on nested Petri nets. Nested Petri nets ([10]) are Petri nets in which tokens

may be Petri nets (object-nets). The paper deals with loosely coupled interorganiza-

tional workﬂows:there aren local workﬂow processes which can behaveindependently,

but need to interact at certain points in order to accomplish a global business goal. The

interaction is made through asynchronous or synchronous communication. Resource

constrained interorganizational workﬂow nets (RIWF-nets) are introduced as a special

case of nested Petri nets, in which the process and the resource perspective of the local

workﬂows, as well as the communication mechanisms between all the local workﬂows

are modelled as distinct object-nets. Our model permits the sharing of certain resources

from one organization with other participating workﬂows. This approach offers a clear

distinction between all the local workﬂows and the communication structure, ensuring

a modular view over the interorganizational workﬂow. The paper introduces a notion of

behavioural correctness for RIWF-nets, soundness, and proves this property is decid-

able.

In what follows we will give the basic terminology and notation concerning work-

ﬂow nets. We assume the reader is familiar with the Petri net terminology and notation.

In [1] workﬂow nets (WF-nets) are introduced for modelling the process perspective: a

WF-net speciﬁes the procedure that handles a single case (workﬂow instance) at a time.

A WF-net is a Petri net with two special places: a source place, i, and a sink place,

o. In a WF-net there should not be conditions and tasks that do not contribute to the

processing of the case. The two conditions are expressed formally as follows:

A Petri net PN=(P,T,F) is a WF-net iff: (1) PN has a source place i and a sink place

o such that •i = ∅ and o• = ∅. (2) If we add a new transition t

∗

to PN such that

•t

∗

= {o} and t

∗

• = {i}, then the resulted Petri net is strongly connected.

A marking of a WF-net is a multiset m : P → IN (where IN denotes the set of

natural numbers). We write m = 1

′

for a marking m with m(p

) = 1, m(p

) =

2 and m(p) = 0, ∀p ∈ P − {p

, p

}. The marking 1

′

i represents the initial marking of

the net and it is denoted by i. The marking 1

′

o, represents the end of the procedure that

handles the case ( and the ﬁnal marking of the net, denoted by o ).

The rest of the paper is organized as follows: Section 2 presents an introductory

example of a RIWF-net, Section 3 introduces RIWF-nets, Section 4 deﬁnes and studies

the soundness property for RIWF-nets and Section 5 presents the concluding remarks.

2 An Introductory Example

In what follows we will present an introductory example of an interorganizationalwork-

ﬂow, modelled by a resource constrained interorganizational workﬂow net (a RIWF-

net). Our interorganizational workﬂow consists of two loosely coupled workﬂows. In

the resource perspective of the ﬁrst workﬂow, there are two types of resources, clerks

and economists, which will execute some of the tasks of the workﬂow. In order to en-

sure the ﬂexibility of the system, resources will be assigned different roles, according to

their capabilities (a resource can play different roles at different moments of time). The

possible roles the resources can take are secretary and manager. The tasks of the work-

ﬂow will be executed by appropriate roles (and not directly by resources). This way

of using resources is called role-based allocation. The speciﬁcation for the resource

perspective consists in the set of resource types (RT ), the set of roles (RO) and a func-

tion, res, which describes, for each role, the set of resource types that can be mapped

onto that role. In our example, a secretary role can be performed by a clerk, while a

manager role can be performed by an economist. Resources can be allocated dynam-

ically to certain roles. The speciﬁcation for the resource perspective in our example

is < RT, RO, res >, where RT = {clerks,economists}, RO = {secretary, manager},

res(secretary)={clerks}, res(manager)={economists}. The resource perspective is de-

scribed by the object-net RN

(a Petri net, called resource net) in Fig.1. Every element

from RT and RO is described by a place in RN

. The transitions assign

secretary and

assign manager allow the system to assign resources to certain roles, according to the

function res. The dual transitions, release secretary and release manager are used to

release the resources from roles. In the process perspective, (described by the extended

WF-net W F

′

in Fig.1), task t

needs a role secretary for its execution, while t

needs

a role manager for its execution . t

′

is a special transition which empties the place o

The speciﬁcation for the resource perspective of the second workﬂow is < RT, RO,

res >: RT = {work-rs}, RO = {administrator, supervisor}, res(administrator)=

{workers}, res(supervisor)={workers}. In the process perspective, task t

needs an

administrator role for its execution, while task t

needs a supervisor role.

In the interorganizational workﬂow, the workﬂow processes need to interact at cer-

tain points, according to a certain communication structure. There are two ways of in-

teraction: asynchronous communication and synchronous communication. In our case,

in order to describe the asynchronous communication, we deﬁne a partial order on

tasks: AC = {(t

, t

)} (i.e. task t

in W F

′

must ﬁre before t

in W F

′

). Task t

in W F

′

and task t

in W F

′

must ﬁre synchronously (there is a synchronous com-

munication between the two workﬂows, through these transitions). We deﬁne the set

of synchronous communication elements: SC = {{t

, t

}}. The RIWF-net used for

modelling this interorganizational workﬂow is a nested Petri net which consists of a

system net, SN and of ﬁve object- nets. SN is a Petri net with expressions on arcs,

whose places can contain atomic tokens or net-tokens (object-nets). Thus, in the ini-

tial marking of the net, there is an atomic token in place I and all the object-nets re-

side in place p: (W F

′

, i

), (RN

, r

), r

= 1

′

clerks + 1

′

economists, (W F

′

, i

(RN

, r

), r

= 2

′

workers, (C, 0). Some of the transitions of the RIWF-net are

labelled using a partial function, Λ. The transitions from AC will be assigned asyn-

chronous communication labels: Λ(t

) = l

, Λ(t

) = l

. The transitions from SC will

t1’

l2l1

t1_c

p_ac1

release_secretary

release_co

manager

economists assign_co

assign_secretary secretary

clerks

use_admin

supervisor

use_sup

assign_admin

release_admin

assign_sup

release_sup

workers

end

(x1,x2,x3,x4,x5)

administrator

the first

local workflow

the second

local workflow

use_secretary

communication

object

use_manager

t4_c

t2’

WF1’

WF2’ RN2

RN1

Fig.1. A resource constrained interorganizational workﬂow net in its initial marking.

be assigned the same synchronous communication label: Λ(t

) = Λ(t

) = l

. We also

have Λ(t

′

) = e in W F

′

, Λ(t

′

) = e in W F

′

and Λ(end) = e in SN. The object-net

C describes the asynchronous communication between the local workﬂows. C is ob-

tained from AC as follows: the set of places is P

= {p

}, where ac

= (t

, t

). The

transitions (T

) correspondto the transitions involved in asynchronouscommunication:

= {t

, t

}. Since ac

= (t

, t

) ∈ AC then we will add the arcs (t

, p

) and

, t

). We have: Λ(t

) = Λ(t

) = l

and Λ(t

) = Λ(t

) = l

In nested Petri nets, there are several ﬁring rules ([10]): an unlabelled transition

from an object-net can ﬁre if the transition is enabled in the object-net (this is an object-

autonomous step). Also, if several labelled transitions, with the same label, from some

object-nets are enabled in those object-nets, then they should ﬁre synchronously. The

simultaneous ﬁring of these transitions is called an horizontal synchronization step. A

labelled transition enabled in SN should ﬁre simultaneously with the transitions from

the object-nets which have a complementary label (this is a vertical synchronization

step). In our example, the transition end from SN should ﬁre simultaneously with the

transitions labelled with

e in the object-nets.

In our example, t

in W F

′

, use

secretary in RN

and t

in C should ﬁre at the

same time, because they have the same label, l

. But use

secretary is not enabled in

(i.e. there does not exist a secretary role available yet), so, although t

is enabled

in W F

′

, it cannot ﬁre yet. Transition t

is enabled in (W F

′

, i

). t

can only ﬁre at

the same time with t

in C, but t

is not enabled in C, because t

(and t

) has not

ﬁred yet. This behaviour is consistent with the restrictions speciﬁed in AC: t

will ﬁre

after the ﬁring of t

. The unlabelled transition assign

secretary is enabled in RN

. The

ﬁring of this transition represents an object-autonomous step in RIW F and produces a

token in place secretary. In the resulting marking, the horizontal synchronization step

(; t

, use secretary, t

) can ﬁre and it produces a new marking M

such that place I

contains an atomic token and place p contains the object-nets with their corresponding

new markings: (W F

′

, m1

) (with m1

= 1

′

), (W F

′

, i

), (C, mc

) (with mc

′

), (RN

, r

) (r

= 1

′

economists + 1

′

secretary + 1

′

), (RN

, r

). One

can notice that t

in W F

′

, t

in W F

′

and use

manager in RN

have the same label,

so they can only ﬁre at the same time. Thus, t

and t

ﬁre synchronously, as speciﬁed

by SC and t

ﬁres only if there is a manager role available for its execution. t

does

not need a role for its execution (there does not exist a transition labelled with l

). The vertical synchronization step (end; t

′

, t

′

) can only ﬁre if t

′

is enabled in

W F

′

and t

′

is enabled in W F

′

. The ﬁring of this step removes the atomic token from

I, the object-nets from p and adds an atomic token to place O.

3 Deﬁnition of Resource Constrained Interorganizational

Workﬂow Nets

In this section we ﬁrst present a Petri net model for the resource perspective of a work-

ﬂow, following the approach we used in [13]. A task that needs to be executed for a

speciﬁc case is called a work item. Each work item should be performed by a resource

suited for its execution. In order to facilitate the better allocation of resources to work

items, resources are grouped into roles. Thus, instead of assigning work items directly

to resources, work items will be assigned to certain roles. This pattern of represent-

ing and using resources is called ”role-based allocation” ([9,11, 14]). A role is a group

of resources with similar characteristics. We consider that each resource has a general

type. A resource can have more roles (at different moments in time) and each role can

be performed by several resources of different types ([9]).

In our model, for each role one must specify the set of resource types that can

be mapped onto that role. Based on these rules (which are speciﬁed at design time),

the system will be able to allocate dynamically resources to the appropriate roles.

Thus, a speciﬁcation for the resource perspective consists in the following elements:

a set of resource basic types: RT = {T ype

, . . . , T yp e

}. For each type T ype

, i ∈

{1, 2, . . . , n} there is a number n

of resources of that type; a set of roles, RO =

{Role

, Role

, . . . , Role

}; for each role r ∈ RO, res(r) represents the resource

types which can be assigned to the role (res(r) ⊆ RT ).

A resource net RN = (P

, T

, F

) can be deﬁned as follows:

- P

= P

∪P

ROLE

∪P

′

where P

= RT , P

ROLE

= RO and P

′

= {R

|Role

∈

RO, T ype

∈ res(Rol e

)}.

- T

= {assign

, r elease

|Role

∈ RO, T yp e

∈ res(Rol e

)}.

- F

= {(T ype

, assign

), (assign

, Role

), (assign

, R

), (R

, r elease

(Role

, r elease

), (rele ase

, T ype

)|Role

∈ RO, T yp e

∈ res(Role

)}.

In the resource net, P

corresponds to the set of resource types and P

ROLE

corre-

sponds to the set of roles. For each role Role

and for each resource type T ype

∈

res(Role

) the following elements are added to the net : a place R

, a transition

assign

which moves a resource from T ype

to role Role

; a transition release

which releases the resources of type T ype

, assigned to Role

, when they are not

needed any longer.

In what follows we will deﬁne a model, based on nested Petri nets, for loosely cou-

pled interorganizational workﬂows. We will assume there are n local workﬂows which

behave independently, but need to interact at certain points, according to a communi-

cation structure. There are two types of communication: asynchronous communication

(corresponding to the exchange of messages) and synchronous communication.

We deﬁne, ﬁrst, extended workﬂow nets, an extension of the WF-nets, which will be

used for modelling the local workﬂows from the interorganizational workﬂow.

Deﬁnition 1. Let W F = (P, T, F ) be a WF-net. The extended WF-net is W F

′

(P, T

′

, F

′

), where T

′

= T ∪ {t

′

} and F

′

= F ∪ {(o, t

′

)}.

Resource constrained interorganizational workﬂow nets (RIWF-nets) are deﬁned as

a special class of nested Petri nets.

Deﬁnition 2. A resourceconstrained interorganizational workﬂow net RIWF is a nested

Petri net: RIW F = (V ar, Lab, AC, SC, (C, 0), W F, RN, SN, Λ, Role) such that:

1. V ar is a set of variables.

2. Lab = Lab

∪ Lab

Res

∪ {e,

e} is a set of labels.

3. W F = {(W F

′

, i

), . . . , (W F

′

, i

) } is a set of extended WF-nets.

4. RN = {(RN

, r

), . . . (RN

, r

)} is the set of resource nets.

5. AC is the asynchronous communication relation: AC ⊆ T

◦

× T

◦

, where T

◦

∪

k∈{1,...,n}

, T

is the set of transitions from W F

′

. If (t, t

′

) ∈ AC, t ∈ T

, t

′

∈

, then i 6= j.

6. SC is the set of synchronous communication elements: SC ⊆ P (T

◦

) and: ∀x, y ∈

SC : x ∩ y = ∅. If t ∈ T

, t

′

∈ T

, t, t

′

∈ x, x ∈ SC, then i 6= j.

7. C = (P

, T

, F

) is the communication object:

– P

= {p

|ac ∈ AC}.

– T

= {t

|∃(t

′

, t) ∈ AC ∨ (t, t

′

) ∈ AC}.

– F

= {(p, t) ∈ P

× T

◦

|p = (t

′

, t) ∈ AC} ∪ {(t, p) ∈ T

◦

× P

|p = (t, t

′

) ∈

AC}

8. SN = (N, W, M

) is the system net of RIWF, such that:

- N = (P

, T

, F

) is a high level Petri net: P

= {I, p, O}, T

= {end},

= {(I, end), (p, end), (end, O)}.

- W is the arc labelling function:W (I, end) = 1, W (p, end) = (x

, x

, . . . , x

n+m+1

W (end, O) = 1.

- M

is the initial marking of the net: M

(I) = 1,

(p) = ((W F

′

, i

), . . . , (W F

′

, i

), (RN

, r

), . . . (RN

, r

), (C, 0)) and

(O) = 0.

9. Λ is a partial labelling function such that:

– ∀x ∈ SC, ∀t, t

′

∈ x, Λ(t) = Λ(t

′

) = l, l ∈ Lab

– if t ∈ T

◦

such that (t, t

′

) ∈ AC or (t

′

, t) ∈ AC, then there exists t

∈ T

Λ(t

) = Λ(t) = l, l ∈ Lab

– Λ(t

′

) = e, ∀i ∈ {1, . . . n} and Λ(end) = e.

– ∀t, t

′

∈ T

(i ∈ {1, . . . , n}) : Λ(t) 6= Λ(t

′

10. Role is a partial function which assigns to a labelled transition t (Λ(t) ∈ Lab

Res

)

from W F

′

∈ W F (t 6= t

′

) a role from a resource net RN

∈ RN such that:

if Λ(t) = l and R ole (t) = Role

then there exists a transition t

∗

in RN

with

Λ(t

∗

) = l and (t

∗

, Role

), (Role

, t

∗

) ∈ F

In a RIWF-net there are n extended WF-nets modelling the local workﬂows, m resource

nets and a communication object, C. The set of all the object-nets is denoted by Obj.

V ar is the set of variables in the net, which will take as value an object-net in a certain

marking. La b is a set of labels: the labels in Lab

are used for asynchronous com-

munication elements, the labels from Lab

are used for synchronous communication

elements and the labels from Lab

Res

are used for labelling tasks in resource nets. The

three sets are not necessary disjoint. AC represents the asynchronous communication

relation: if (t, t

′

) ∈ AC, then t must execute before t

′

. SC is the set of synchronous

communication elements: if x ∈ SC, then, all the transitions from x have to execute at

the same time. C is an object-net which describes the asynchronous communication be-

tween the local workﬂows: if ac = (t, t

′

) ∈ AC, then there is a corresponding place p

in P

, two transitions t

, t

′

∈ T

and two arcs (t

, p

), (p

, t

′

) ∈ F

. SN is a Petri

net in which the tokens are either atomic tokens (without inner structure) or net-tokens.

W is a function that assigns to each arc in SN an expression (a tuple of variables or the

constant 1). Λ is a partial function which labels transitions from RIW F . If x ∈ SC,

then all the transitions from x have the same label l ∈ Lab

. For every transition t

involved in an asynchronous communication element, there is a transition t

in C such

that: Λ(t) = Λ(t

) = l, l ∈ Lab

. Role is a partial function which speciﬁes the roles

needed for executing certain tasks. Some tasks do not need roles for their execution. In

our model, a task from a workﬂow can be executed by a role belonging to a different

workﬂow. Also, as the number of resource nets may differ from the number of workﬂow

nets, different workﬂows can share the same resource perspective.

We denote by A

net

the net tokens of the RIWF-net: A

net

= {(EN, m) / m is

a marking of EN , EN ∈ Obj}. Then, a marking of a RIWF-net is a function such

that: M (I) ∈ IN, M (O) ∈ IN and M (p) ∈ A

n+m+1

net

. We write M as a vector M =

(M(I), M (p), M (O)).

A binding (of transition end) is a function b : V ar → A

net

. If expr is an expression,

expr(b) denotes the evaluation of expr in binding b.

Transition end from the system net SN of a RIWF-net is enabled in a marking M

w.r.t. a binding b if and only if: ∀q ∈ •end : W (q, end)(b) = M(q).

There are several types of steps, deﬁning the behaviour of nested Petri nets (see

[10]). In the case of RIWF-nets, we only focus on vertical synchronization, object-

autonomous steps and horizontal synchronization.

There is only one vertical synchronization step in our case: if transition end is en-

abled in a marking M w.r.t. a binding b and every transition t

′

(Λ(t

′

) =

e) is enabled

in the object-net b(x

) = (W F

′

, m

), ∀i ∈ {1, . . . , n}, then the simultaneous ﬁring of

end and t

′

, . . . , t

′

is a vertical synchronization step. The ﬁring of the vertical synchro-

nization step (end; t

′

, . . . , t

′

) in marking M produces the marking M

′

= (0, 0, 1).

An object - autonomous step, in our case, represents the ﬁring of an unlabelled

transition in an object-net from the place p.

A horizontal synchronization step represents the simultaneous ﬁring of the tran-

sitions with the same labels from object-nets: Let M be a marking of RIW F and

α = (α

, α

, . . . , α

m+n+1

) the tuple of net-tokens from p. Assume t

, . . . t

is the set

of all the transitions with the same label l 6=

e, Λ(t

) = Λ(t

) = . . . = Λ(t

) =

l, such that: every transition t

(j ∈ {1, . . . , s}) is enabled in a net-token α

(EN

, m

) ({k

, . . . k

} ⊆ {1, . . . , m + n + 1}, EN

∈ Obj ) and m

′

(by

means of classical Petri nets). The synchronous ﬁring of t

, . . . , t

is called a hori-

zontal synchronization step. The resulting marking, M

′

, is obtained from M by re-

placing the tuple α from place p with the tuple (α

′

, α

′

, . . . , α

′

m+n+1

), where α

′

(EN

, m

′

), ∀j ∈ {1, . . . , s} and α

′

= α

, ∀i ∈ {1, . . . , m + n + 1} \ {k

, . . . k

}. We

write: M[; t

, . . . , t

′

4 The Soundness Property for Resource Constrained

Interorganizational Workﬂow Nets

In this section we will introduce a notion of soundness for RIWF-nets.

A notion of soundness was deﬁned for WF-nets, expressing the minimal conditions

a correct workﬂow should satisfy ([1]): a workﬂow must always be able to complete a

case ((∀m)((i[∗im) =⇒ (m[∗ io))), any case must terminate correctly (∀m)((i[∗im)∧

m ≥ o) =⇒ (m = o)), and every task should contribute to at least one possible

execution of the workﬂow (∀t ∈ T )(∃m, m

′

)(i[∗im[tim

′

It was proven (see [1]) that the soundness property is decidable for WF-nets.

An extended workﬂow net W F

′

is sound if its underlying net,W F , is sound.

In an interorganizational workﬂow, although the local workﬂows are sound, we can

have synchronization errors and interlockings. We will deﬁne a notion of soundness

for interorganizational workﬂows. The ﬁnal state for a RIWF-net is a marking M

, in

which there is only one atomic token in place O: M

= (0, 0, 1). A RIWF-net is sound

if: (1) every extended WF-net W F

′

(i ∈ {1, . . . , n}) is sound and (2) for any reachable

marking of the IWF-net, there is a ﬁring sequence that leads to M

. We can deﬁne

formally the notion of soundness for a RIWF-net as follows:

Deﬁnition 3. A RIWF-net is sound if and only if:

1. (W F

′

, i

) is a sound extended workﬂow net, ∀j ∈ {1, . . . , n}.

2. (∀M)((M

[∗iM) =⇒ (M [∗iM

)).

The second condition from the deﬁnition basically states that the interorganizational

workﬂow is sound if the termination condition still holds for every WF-net, when the

ﬁring of tasks is restricted by the communication structure and the resources involved.

In order to decide whether the soundness property deﬁned is decidable, we introduce

a partial order on the markings of the RIWF - net (see [10]):

Deﬁnition 4. Let RIW F be a RIWF-net, M

and M

markings of RIW F . M

 M

if and only if M

(I) ≤ M

(I), M

(O) ≤ M

(O) and there is an embedding J

(p) → M

(p), such that for α = (α

, . . . , α

n+m+1

) ∈ M

(p) and for J

(α) =

′

= (α

′

, . . . α

′

n+m+1

) we have for i ∈ {1, . . . , n + m + 1} either α

= α

′

= (EN, m) and α

′

= (EN, m

′

) (EN ∈ Obj) and for all the places q of EN:

m(q) ≤ m

′

(q).

Let RIW F be a RIWF-net and M and M

′

two markings of RIW F . The marking

M covers M

′

(w.r.t. the partial ordering ) if M

′

 M.

Given a set of markings Q = {q

, q

, . . . , q

} and an initial marking M , the in-

evitability problem is to decide whether all computations starting from M eventually

visit a marking not covering (w.r.t. the partial ordering ) one of the markings from Q.

It was proven in [10] that the inevitability problem is decidable for nested Petri nets.

Theorem 1. Let RIW F be a RIWF-net and M ∈ [M

i. There is a ﬁring sequence

M[∗iM

if and only if there is a ﬁring sequence M [∗iM

′

and M

′

does not cover (w.r.t.

) the marking (1, 0, 0).

Proof: (=⇒) Assume M[∗iM

in RIW F . Since M

does not cover the marking

(1, 0, 0), we can consider M

′

= M

(⇐=) We assume there exists a ﬁring sequence from marking M to a marking M

′

which does not coverthe marking (1, 0, 0). If M

′

does not cover (1, 0, 0), then M

′

(I) =

0. M

′

is reachable from M

(because M

[∗iM [∗iM

′

). M

′

(I) = 0 if and only if the

vertical synchronization step Y = (end[b]; t

′

, . . . , t

′

) ﬁres in RIW F . The ﬁring of

this step always leads to the marking M

(so, M

′

= M

). This implies there is a ﬁring

sequence such that M[∗iM

Theorem 2. The soundness problem is decidable for RIWF - nets.

Proof: Let RIW F be a RIWF-net. RIW F is sound if and only if: (1) W F

′

are sound,

∀i ∈ {1, . . . , n} and (2) for any reachable marking in RIW F , M ∈ [M

i, there exists

a ﬁring sequence M[∗iM

′

such that M

′

does not cover (w.r.t. ) the marking (1, 0, 0).

The soundness of the extended WF-nets is decidable (because the soundness for WF-net

is decidable) and condition (2) is equivalent to the inevitability problem, if we consider

the marking M and the set of markings Q = {(1, 0, 0)}.

5 Conclusions

The approach we propose in this paper has several advantages: one can have a modu-

lar view on the interorganizational workﬂow; steps in RIWF- nets can easily express

the synchronous and the asynchronous communication; RIWF-nets represent a ﬂexi-

ble model for interorganizational workﬂows, because any component can be modiﬁed

easily, with minimal changes to the other components. A notion of soundness was in-

troduced for RIWF-nets and we proved this property is decidable. Future work aims

at deﬁning a speciﬁcation language based on XML, which will then be translated into

RIWF-nets, in order to check the soundness and other behavioural properties of the in-

terorganizational workﬂow. We intend to develop a tool based on this language and on

RIWF-nets, for executing interorganizational workﬂows. We will also study the case in

which every local workﬂow processes batches of cases, instead of one case in isolation.

References

1. W. M. P. van der Aalst: Veriﬁcation of Workﬂow Nets. P. Azema and G. Balbo, editors, Ap-

plication and Theory of Petri nets 1997, volume 1248 of Lecture Notes in Computer Science,

pp. 407-426, SpringerVerlag, Berlin, 1997.

2. W.M.P. van der Aalst: Three Good Reasons for Using a Petri-net-based Workﬂow Manage-

ment System. Wakayama et al., editors. Information and Process Integration in Enterprises:

Rethinking Documents. Volume 428 of The Kluwer International Series in Engineering and

Computer Science. Boston, Kluwer Academic Publicers, pp.161-182, 1998.

3. W.M.P. van der Aalst. Loosely coupled interorganizational workﬂows: Modeling and ana-

lyzing workﬂows crossing organizational boundaries. Information and Management, vol.37,

no.2, pp.6775, 2000.

4. W.M.P. van der Aalst and M. Weske. The P2P approach to Interorganizational Workﬂows.

In K.R. Dittrich, A. Geppert, and M.C. Norrie, editors, Proceedings of the 13th International

Conference on Advanced Information Systems Engineering (CAiSE’01), volume 2068 of

Lecture Notes in Computer Science, pages 140156. Springer-Verlag, Berlin, 2001.

5. R.W.H. Bons, R.M. Lee, and R.W. Wagenaar. Designing trustworthy interorganizational

trade procedures for open electronic commerce. International Journal of Electronic Com-

merce, 2(3): pp. 6183, 1998.

6. T.L. Casavant, J.G. Kuhl. A Communicating Finite Automata Approach to Modeling Dis-

tributed Computation and its Application to Distributed Decision-Making. IEEE trans. on

computers, May 1990,Vol. 39, No. 5, pp. 628-639.

7. Jiang Guo. Using Category Theory to Model Software Component Dependencies. Proc. of

9th Annual IEEE Intl. Conf. and Workshop on the Engineering of Computer-Based Sys-

tems(ECBS 2002) ,Lund, Sweden, IEEE Computer Society Press, April 08 - 11, 2002, pp.

185-194.

8. G. Kramler , W. Retschitzegger. Speciﬁcation of Interorganizational Workﬂows - A Com-

parison of Approaches. Vienna, Austria: Institute of Software Technology and Interactive

Systems, Business Informatics Group, Vienna University of Technology, 2002. Technical

Report, 08/02.

9. A. Kumar, W.M.P. van der Aalst, H.M.W. Verbeek: Dynamic Work Distribution in Workﬂow

Management Systems: How to balance quality and performance?. Journal of Management

Information Systems, 18(3), pp.157-193, 2002.

10. I.A. Lomazova: Nested Petri Nets - a Formalism for Speciﬁcation and Veriﬁcation of Multi -

Agent Distributed Systems. Fundamenta Informaticae 43 pp. 195-214, 2000.

11. M. zur M¨uhlen. Resource modeling in workﬂow applications. Proceedings of the 1999 Work-

ﬂow Management Conference (November 1999), pp. 137-153, 1999.

12. M. Netjes, W.M.P. van der Aalst, H.A. Reijers. Analysis of resource-constrained processes

with colored petri nets. In K. Jensen, Proceedings of the 6th Workshop and Tutorial on Prac-

tical Use of Coloured Petri nets and the CPN Tools (CPN’05), pp. 251-265, 2005

13. O. Prisecaru: Resource Workﬂow Nets:a Petri Net Formalism for Workﬂow Modelling. In

Proc. of MSVVEIS 2007, pp. 11-21, Portugal, 12-13 June 2007

14. I.T.P. Vanderfeesten, W.M.P. van der Aalst, H.A. Reijers. Modelling a product based work-

ﬂow system in CPN Tools. In K. Jensen, Proceedings of the 6th Workshop and Tutorial on

Practical Use of Coloured Petri Nets and the CPN Tools, pp. 99-118, Aarhus, Denmark:

University of Denmark, 2005.

15. H. M. W. Verbeek, A. Hirnschall, Wil M. P. van der Aalst. XRL/Flower: Supporting Inter-

organizational Workﬂows Using XML/Petri-Net Technology. Proceedings of Web Services,

E-Business, and the Semantic Web, WES 2002, Toronto, Canada, May 2002,pp. 93-108.