Business process modelling is very crucial for enterprises because it give an idea how the business would be operated in the real world and it is important for every stakeholder. Along with increased connectivity in SOA environment, security risks rise exponentially. MDS frameworks are presented to systematically developed security enabled SOA based software applications, where security is modelled along with the business process model. However; there is an information gap that exists between business process expert (business analyst) and security expert (technical people) on the notion of security during business process modelling, while defining security requirements for SOA based application. This progress work paper is aim to bridge the information gap between the two experts. This will be done by presenting a framework which will facilitate the business process expert in modelling the security requirements along with the business process modelling. This security annotated business process model will facilitate the security expert to specify concrete security implementation. We apply approach for a typical on-line student information system business process. © 2010 IEEE.