
ine the impact of masking BPs on partnering organi-
zations’ policies. ODRL constructs like asset, policy,
and rule are deemed relevant for managing masked
activities, cascading masking impacts to policies, and
checking the consistency of impacted policies.
In Section 2, we discuss existing works and then
define ODRL and a case study. In Section 3, we
present the impact of BP masking on policies and
demonstrate this impact. Finally, in Section 4, we
conclude the paper and present future work.
2 BACKGROUND
This section is about related work on masking and
also briefly presents ODRL and a case study.
2.1 Related Work
In (Chika Eleonu, 2021), Chika Eleonu presents Ag-
gregate Metric Model (AMM) framework to evalu-
ate a corpus of BPs represented in different modeling
approaches. These approaches adopt the principle of
separation of concerns of models, make use of refer-
ence or base model for a family of BP variants, and
promote the reuse of model elements. Although the
author’s framework is not perfectly in-line with BPs
masking, selecting a modeling approach that handles
aggregation and/or abstraction could help “minimize”
the impact of this masking on existing policies.
In (Han et al., 2017), Han et al. advocate for task
abstraction and aggregation as a means for first, ob-
taining customized descriptions of a BP for different
users and second, deriving user interfaces of a BP re-
lated to participating users. In line with Section 1, pri-
vacy, confidentiality, and conflict of interest are some
of the reasons for abstracting and aggregating tasks.
In (Kallel et al., 2021), Kallal et al. examine the
impact of temporal constraint satisfaction on inter-
organizational BPs where these BPs would have been
subject to abstraction and/or aggregation. This impact
meant generating time-constrained views, analyzing
temporal consistency of these views, and addressing
any inconsistency violating temporal constraints.
In (Kammerer et al., 2022), Kammerer et al.
present Process Query Language (PQL) in the context
of Process-Aware Information Systems (PAISs). The
authors note that PAISs have become critical to many
organizations wishing to increase maintainability and
reduce costs of changes by separating process logic
from application code. PQL permits to create, query,
and update process models in a large size process
repositories enabling personalized views over these
models thanks to abstraction and aggregation tech-
niques. Kammerer et al. mention managers who pre-
fer an abstracted BP while process participants prefer
a detailed view of the process parts.
In (Reijers et al., 2009), Reijers et al. address the
high-number concern of process models that organi-
zations end-up managing over time along with how
to disclose them to a mixed audience of stakeholders
such as end-users and auditors. A potential approach
is process-model aggregation that takes advantage of
these models’ common constructs such as tasks and
decision controls. An aggregate model will, on top
of unique constructs, combine both models into one,
where the common constructs are considered only
once. As a result of applying aggregate models, fewer
process will be maintained and updates to common
constructs will only need to be performed once. Run-
ning queries over aggregated process models to ex-
tract common and/or unique constructs is also part of
Reijers et al.’s approach.
Contrasting the originality of our work to those
above, it is clear that none examines the impact of
BPs masking on policies controlling BPs in terms of
who owns and approves initiating them, for whom,
for how much, and for how long, how many must be
initiated in a period of time, what prohibits from initi-
ating them, etc. The works above acknowledge mask-
ing’ benefits to make complex process models easy to
maintain, but little is given about revisiting existing
policies and even developing new ones.
2.2 ODRL
ODRL provides a flexible and interoperable informa-
tion model, vocabulary, and encoding mechanisms to
specify how to control using assets. An asset is an
identifiable resource or a collection of resources such
as data/information, content/media, applications, and
services. ODRL policies refer to what is permitted,
prohibited, and obliged actions that stakeholders can,
cannot, and should exercise over assets, respectively.
2.3 Case Study
Our case study builds upon the work of Kallal et al.
who examined temporal consistency of inter-
organizational BPs (Kallel et al., 2021). When
a customer orders online, the seller Amazon, the
shipper FedEx, and the financial institution BankX
have their respective BPs intertwined/synchronized
exchanging messages according to items ordered,
delivery dates chosen, payment types selected, etc.
Fig. 1 captures this intertwine with emphasis on
activities that partners carry out and may not be
willing to let others know about them. For instance,
ENASE 2025 - 20th International Conference on Evaluation of Novel Approaches to Software Engineering
360