Collaborative business processes often consist of services provided by multiple business entities which agree to join business collaboration. To enable trustworthy and secure consumption and provisioning of services across organizational boundaries, security requirements must be carefully defined so as to be coherent, consistent, and in compliance with designed business processes. However, managing security requirements in collaborative environments is error-prone, effort inefficient, and hard to be verified. This paper introduces the authors' ongoing research effort for developing algorithms and methods to derive security policies from formally defined business process models. The derived policies serve as templates which can be later on complemented with concrete business entity data and finally turned into deployable policies.