Received April 3, 2021, accepted April 13, 2021, date of publication April 26, 2021, date of current version May 5, 2021.
Digital Object Identifier 10.1109/ACCESS.2021.3075568
Trust Mining: Analyzing Trust in Collaborative
Business Processes
MARCEL MÜLLER 1, NADINE OSTERN2, DENIS KOLJADA 1, KAI GRUNERT1,
MICHAEL ROSEMANN3, AND AXEL KÜPPER1
1Chair for Service-centric Networking, Telekom Innovation Laboratories, Technische Universität Berlin, 10587 Berlin, Germany
2Chair for Digitization and Process Management, Philipps-University Marburg, 35032 Marburg, Germany
3Centre for Future Enterprise, Queensland University of Technology, Brisbane, QLD 4000, Australia
This work was supported in part by the German Research Foundation, and in part by the Open Access Publication Fund of Technische
Universität (TU) Berlin.
ABSTRACT The ongoing digital transformation and internationalization of business processes cause a shift
towards a more collaborative nature of processes. In such collaborations, different organizations execute
separate parts of the process autonomously. This fragmentation leads to uncertainty regarding the correct
execution of activities, the proper workflow, and data in the process flow. If organizations engage in business
together, trust is needed. Therefore, we propose Trust Mining as an analytical approach to better understand
uncertainties and the potential trust issues that arise from them. Trust Mining takes a business process
model as an input and analyzes uncertainties and relationships. In the end, an evaluation regarding the trust
requirements of specific stakeholders is given. Furthermore, we present a prototypical implementation and
illustrate how Trust Mining can be used in trust-aware process (re-)design.
INDEX TERMS Business process management, trust, collaboration.
I. TRUST-AWARE BUSINESS PROCESS MANAGEMENT
In recent years, many business processes have changed
towards a more collaborative nature. Two main drivers of this
trend are the rise of multi-sided platforms and the progressing
internationalization and digitization of business processes.
Large-scale multi-sided platforms enable users who have
never interacted before to share goods and engage in business.
For instance, such platforms enable users to rent cars of others
(BlaBlaCar), share rides (Uber and Lyft), or sublet rooms or
apartments (AirBnB) [1]. The platform acts as a connecting
intermediary between the business partners. This leads to col-
laboration with a larger number of actors involved in different
process instances. The progressing internationalization and
digital transformation of business processes imply a more col-
laborative nature between different actors working towards a
common goal. Examples for this trend reach across different
domains like e-commerce [2], supply chain management [3],
and the Internet of Things [4].
It is characteristic of such collaborative processes that
different organizations execute different parts of a shared
process. Usually, the activities carried out by one of
the collaborators are beyond the control of the other
The associate editor coordinating the review of this manuscript and
approving it for publication was Zhangbing Zhou .
collaborators [5], [6]. This characteristic causes uncertainty
regarding process execution. Whenever there is uncertainty
in a process, there is a need for trust [7]. Trust represents a
positive expectation that certain process parts outside of the
own realm of control are executed as desired. Thus, collabo-
rative business processes are especially trust-intensive. This
trust-intensiveness of collaborations leads to an increasing
academic and professional interest in the design and manage-
ment of trust-aware business processes.
Trust-aware process design [7] is a relatively new sub-field
of business process management. As a foundation to design
and implement trust-aware collaborations, business pro-
cess engineers need to understand in detail uncertainties
(present in different parts of a process) that lead to pro-
cess vulnerabilities (impact thereof) and trust dependencies
(relationships). Therefore, we propose the concept of Trust
Mining as an automated approach to analyze uncertainty,
process relationships, and how uncertainty impacts them.
Based on the trust tolerance profile [8] of different stake-
holders in the process, called trust personas, Trust Mining
produces a reduced set of relevant trust issues. These trust
issues need to be mitigated to increase the trustworthiness
of the process from the perspective of different trust per-
sonas. Thus, Trust Mining aims to answer the following
questions:
65044 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ VOLUME 9, 2021
M. Müller et al.: Trust Mining: Analyzing Trust in Collaborative Business Processes
•Where in a process is uncertainty present? To answer
this question, Trust Mining proposes an approach that
automatically annotates a process model with relevant
uncertainties.
•Which uncertainty-related dependencies does a process
have? Trust Mining’s solution to this is analyzing differ-
ent process-related relationships that take uncertainties
into account.
•How can uncertainties and trust in a process be illus-
trated in a meaningful way to process engineers? For
the illustration of trust and uncertainties, Trust Mining
introduces different metrics that can be presented in
different graphs.
•What are relevant trust problems in a specific process for
different trust personas? To answer this question, Trust
Mining introduces a concept to analyze and filter rele-
vant uncertainties and trust relationships from different
perspectives of the involved actors. As an output, Trust
Mining creates a list of relevant trust issues that can be
mitigated by a process engineer.
The mitigation of trust issues is not a part of Trust Mining.
The aim of this paper is to introduce Trust Mining as a purely
analytical approach that gives actionable insights that can be
used for trust improvements of the process.
Methodologically, this paper follows the design science in
information systems research (DSR) paradigm [9]. In infor-
mation systems, DSR focuses on IT artifacts that aim to
solve particular problems. IT artifacts may be constructs
(vocabulary and symbols), models (abstractions and rep-
resentations), methods (algorithms and practices), or their
instantiations (implemented in prototype systems) [9]. The
problem that Trust Mining aims to solve is analyzing and
measuring trust-related concepts in business process models,
as presented in the four main research questions. Thus, Trust
Mining is a method that consumes a business process model
and configuration parameters as an input and delivers insights
into uncertainties and trust relationships as an output.
This paper follows the phases in DSR as proposed by
Johannesson and Perjons [10]. Every design science research
action starts with explicating the problem. Since we focus
on trust in inter-organizational business processes, Section II
illustrates current research in the relevant fields and empha-
sizes the problem. In the next phase of DSR, a new artifact
is constructed based on requirements. Therefore, Section III
introduces Trust Mining as a novel method. Trust Mining
was created based on the requirements elicited in the related
work section and the beginning of Section III. Currently,
there is no automated approach to conceptualize and analyze
trust issues in business processes based on their process
models. Hence, we present a prototypical implementation
of an automated tool to support the application of the Trust
Mining method. We call this tool Trust Studio and discuss
it in Section IV. Afterward, the artifact gets demonstrated
and evaluated. Therefore, Section Vapplies Trust Mining to
a set of reference process models. We analyze the created
metrics critically and discuss the weaknesses of the concept
in Section VI. We conclude this paper with an outlook on
future work in Section VII.
This paper aims to introduce Trust Mining as a new method
to conceptualize trust in business processes. The evaluation in
this paper provides a limited first assessment of the concept.
We envision this paper to be a foundation for extensive future
research on Trust Mining.
II. BACKGROUND AND RELATED WORK
The notion of trust is a highly informal and abstract concept.
In current trust-related literature, no universal agreement on
the definition of trust exists [11]. Gambetta established one of
the classic definitions of trust that is often used in sociology
and other related research fields that states that trust is a
positive sentiment towards uncertainty that is out of one’s
own control [12]. In the context of different actors from dif-
ferent organizations working together, Mayer et al. describe
trust as the ‘‘willingness of a party to be vulnerable to the
actions of another party based on the expectation that the
other will perform a particular action important to the trustor,
irrespective of the ability to monitor or control that other
party.’’ [13].
To formalize these various notions of trust into a form that
can be handled and analyzed by process engineers, we pro-
pose in the following a model-driven approach for trust using
business process management concepts. We call this novel
approach Trust Mining. The next paragraphs give a short
overview of selected aspects of business process management
relevant to Trust Mining. Business process management is
an active research area; hence this related work section can
only sketch selected parts. For more holistic introductions
to business process management, standard literature can pro-
vide more details [5], [6]. After establishing the high-level
concepts of business process management, we highlight the
basics of collaborative business processes, different perspec-
tives, and trust-aware business process management.
A. GENERAL BUSINESS PROCESS MANAGEMENT
Throughout this paper, we discuss the concept of trust in
the context of collaborative business processes. Business
processes are one of the key artifacts in the research field
of business process management (BPM) [5]. BPM roots in
business administration and computer science. Conceptually,
abusiness process is a set of activities executed jointly to
achieve a specific business goal. BPM ‘‘includes concepts,
methods, and techniques to support the design, adminis-
tration, configuration, enactment, and analysis of business
processes’’ [5].
Formally, a process model is conceptualized as a graph
consisting of nodes and edges. Nodes represent activities,
events, or gateways. Activities are the basic building blocks
that describe units of work in a business process, while events
model states of interest. Start or end events, as well as error
events, are some examples. Gateways express control flow
structures such as splits or joins. Edges between nodes rep-
resent relationships, control flows (within the same organi-
zation), or message flows (between different organizations).
VOLUME 9, 2021 65045
M. Müller et al.: Trust Mining: Analyzing Trust in Collaborative Business Processes
FIGURE 1. Example business process for the delivery of dangerous goods modeled in BPMN.
In addition to these essential process components, process
models allow modeling data flows in processes, such as inputs
or outputs of activities. In collaborative business processes,
different organizations execute separate parts of a shared
process. Organizations are often introduced as separate swim-
lanes in the graph. When a new instance of a process model
is created, resources (e.g., people) are assigned to activities.
There are currently many different languages defined to
model business processes, including Petri nets, YAWL (Yet
Another Workflow Language), workflow nets, or BPMN
(Business Process Model and Notation) [14]. Each of these
languages has its benefits and challenges, but they all share
the same principles of describing a workflow in a formal-
ized way. For better illustration, we employ an example
business process from the supply chain management domain
throughout this paper. While in general, any business process
modeling language can be used for Trust Mining, we utilize
BPMN [15] as a graphical example.1BPMN has a rich set
of components to model inter-organizational collaborations
and notations for data objects. These components are needed
1For simplicity, we define additionally that the process termination ele-
ment terminates all tokens in all lanes instead of only the current lane
as specified in the BPMN standard. Further, throughout this work, we do
not distinguish between pools and intra-organizational lanes in BPMN.
Therefore, pools are the level of abstraction that represents the separation
of subprocesses to different organizations. Further refinement into different
units within an organization is not considered. Hence we interpret pools and
intra-organizational lanes from BPMN as the concept of swimlanes and refer
to them for simplicity as lanes.
for certain aspects of the Trust Mining process, for instance,
the analysis of data dependencies between collaborators.
Figure 1shows a process model of a dangerous goods delivery
process. In the process, a sender wants to send a parcel with
fireworks to a receiver. Therefore, the sender uses the delivery
services of the carrier, who is responsible for parcel trans-
portation. Every instance of the process starts with the sender
preparing the parcel for delivery. During this task, the sender
defines service level agreements (SLAs) for the delivery. For
example, for the delivery of firework rockets, it is crucial to
keep them in an anti-static environment to prevent unintended
launches. Such requirements are documented in the SLA doc-
ument and passed on to the carrier. They represent a guideline
on how to handle the parcel during delivery. The sender hands
the parcel over to the carrier, who then starts to deliver it
to its intended destination. If an incident occurs, for exam-
ple, the carrier acts careless, and the fireworks explode in a
postal service truck, the carrier is obliged to create a report.
In the case of an incident, the process terminates after that.
In case no incident occurs, the carrier arrives at the receiver’s
locations and hands the parcel over to the receiver. There,
the receiver examines the parcel thoroughly to see whether
it has taken damage or exploded on the way. If the receiver
notices an unacceptable condition, the receiver rejects the
parcel. If not, the parcel gets accepted, and the carrier gets
notified. Afterward, the carrier creates an invoice and sends
it to the sender. The process terminates after the sender paid
the invoice.
65046 VOLUME 9, 2021
M. Müller et al.: Trust Mining: Analyzing Trust in Collaborative Business Processes
TABLE 1. Glossary of the different trust-related concepts used throughout this paper.
B. COLLABORATIVE BUSINESS PROCESSES
The idea of inter-organizational business processes was estab-
lished in the early ages of business process management as
a research field [16]. In collaborative business processes,
different actors from different companies (or organizations in
general) engage in a shared process with a common goal. The
common process consists of several (sub-)processes that the
organizations execute autonomously. The application areas of
inter-organizational collaborations are diverse. For example,
in supply chain management, different carriers have to work
together to deliver a parcel from a sender to its intended
receiver [17], [18]. In finance the transfer of assets between
different banks can be seen as a collaborative business
process [19], [20]. Nevertheless, also, in non-corporate sce-
narios, collaborative business processes are omnipresent. For
instance, in emergency response scenarios, different emer-
gency response units (e.g., emergency call centers, hospi-
tals, fire brigade) have to collaborate to reach the location
of an accident as soon as possible and respond to aid
requests [21], [22].
Due to the high relevance of collaborative business pro-
cesses, current BPM literature provides several approaches
to modeling and analyzing such inter-organizational business
processes. BPMN [23] supports inter-organizational work-
flows with the concept of pools (different organizations)
and lanes (different departments within the organizations).
In Petri nets, different extensions to model collaborations
exist. For instance, Zeng et al. [24] propose to extend Petri
nets with notations for resources and messages, coordinate
relations between different organizations, and classify them
into different inter-organizational workflow patterns.
Apart from modeling, BPM also enables analysis of
inter-organizational collaboration. Therefore, process min-
ing [25] is a widely adopted approach to reverse-engineer
business process models from event logs of systems.
Process mining is a popular tool that has been implemented
for many different process modeling languages [26], [27].
C. PERSPECTIVES IN BUSINESS PROCESS MANAGEMENT
Business process models are, by their design, a flexible
approach that inherently has limited semantics. Hence, for
expressing different aspects of business processes, a prac-
tice called x-aware business process management emerged
as the common approach to extend the core BPM method-
ology with other objects or phenomena in a wider orga-
nizational context [28]. Recker argues that ‘‘awareness is
generally defined as a state of consciousness in which we
perceive and recognize the relevance of a certain object. This
means that as individuals, awareness refers to our ability
to sense objects and cognitively react to them.’’ [28]. With
that, different instances of x-aware BPM have been pro-
posed over time, including but not limited to context-aware
BPM [29], risk-aware BPM [30], cost-aware BPM [31],
quality-aware BPM [32], privacy-aware BPM [33]–[35], and
sustainability-aware BPM [36].
Following the practice of the x-aware BPM pattern, this
work proposes to utilize trust-aware business process man-
agement [7] to extend the traditional BPM with awareness
for uncertainty, trust, and related objects. This model-driven
approach is our tool of choice to describe the informal con-
cepts of trust in the context of business processes in a struc-
tured way to apply Trust Mining as an analysis technique.
The following sections give a more detailed overview of
trust-aware BPM and its relation to other x-aware BPM fields.
D. TRUST-AWARE BUSINESS PROCESS MANAGEMENT
Trust is a central aspect of collaborative business processes
in the digital age. Different research fields have examined
trust concerning economic properties [1], [37], [38], from
an information systems perspective [39], [40] and regarding
VOLUME 9, 2021 65047
M. Müller et al.: Trust Mining: Analyzing Trust in Collaborative Business Processes
FIGURE 2. A schematic description of trust related concepts in collaborative business processes. Trust Mining addresses the automatic analysis of
uncertainties and trust issues.
its implications for the architecture of complex software
systems [41], [42]. In general, this paper defines trust accord-
ing to the sociological definition given by Gambetta: ‘‘When
we say we trust someone or that someone is trustworthy,
we implicitly mean that the probability that he will perform
an action that is beneficial or at least not detrimental to us
is high enough for us to consider engaging in some form of
cooperation with him’’ [12]. This definition reflects how trust
relates to expectations and is well-suited in the context of
collaborators in business processes. The notion of probability
(in terms of chance or possibility) in the definition shows
that trust only becomes relevant in a situation when there is
uncertainty present.
A general meta-model for trust-aware business process
design has been introduced by Rosemann [7]. The author
has proposed a four-step method for the trust-aware design
of business processes. The concept was further enhanced
with concepts by Müller et al. [43], [44] that added a more
fine-granular differentiation of uncertainties in the context
of a business process. Figure 2illustrates the concept that
we use throughout this paper. It is based on the mentioned
publications. In a business process, an uncertainty root causes
a specific uncertainty. This uncertainty is always specified
regarding a trust concern and becomes relevant within the
scope of a process component. A process component is every
element in a business process model. For example, in an
international delivery process of a parcel, there are differ-
ent uncertainties present at different process components,
as illustrated in the running example in Figure 1. Within
one activity, an employee has to deliver a parcel in a post
truck to a certain location. There are different uncertainties
of relevance within that process component. For instance,
the employee (uncertainty root) causes uncertainty regarding
integrity (trust concern) of the activity execution (process
component). The integrity trust concern within the scope of
an activity describes that this activity might not be executed
correctly. In the example, this means that there is uncertainty
about whether the employee delivers the parcel to the right
point and does not break it on the way. The meta-model
describes that uncertainty causes process vulnerability.
Vulnerabilities describe the impact and costs that an
uncertainty causes when a specific part of the process does
not perform as desired. The presence of uncertainties and
vulnerabilities implies the need for trust.
In trust-aware process design, the main goal is to perform
actions that build trust. Therefore, it is possible either to
reduce uncertainty of specific process elements, reduce the
vulnerability to the process once an uncertainty manifests,
or to build confidence in the process through external sources.
Reducing uncertainty focuses on an atomic process element.
It aims to reduce the probability that the process element is
not executed as intended. This implies that reducing uncer-
tainty is a proactive approach. In the parcel delivery example,
the carrier can decrease the uncertainty that the employee
might drive the parcel to the wrong place by equipping the
truck with a navigation system. On the other hand, reducing
vulnerability is a reactive approach that aims to mitigate the
impact when a part of the process is not performed as planned.
For example, reducing vulnerability would mean distributing
compensation to a customer when the parcel is delivered to
the wrong location and sending it with express delivery to its
real destination. The last way to build trust in a process is
building confidence in it. Therefore, external sources to the
process are added to decrease the perceived uncertainty. For
example, this can be done by adding a reputation system to
the delivery process in the running example before the sender
decides to use a particular company’s parcel delivery services.
A reputation system that shows that a particular organization
has an average of 4.9/5 stars review from 124 past jobs
indicates to a customer that the organization performed well
in the past. Hence, it increases the perceived confidence in
the process.
Before the existence of the trust-aware process design
paradigm, several different approaches to trust management,
in general, have been proposed. Mohamaddi et al. also lever-
age business process models together with different con-
cepts for trust-aware requirements engineering. In [45], they
introduced a method to identify trust concerns of users of
a software system. The identification is made manually by
consulting the user upfront regarding their trust concerns.
This method can be seen as a top-down approach, starting at
the end-user layer. In [46], they have further described how to
65048 VOLUME 9, 2021
Loading more pages...