BPEL is the de-facto standard for business process modeling in today\\\'s enterprises and is a promising candidate for the integration of business and Grid applications. While BPEL works well for traditional web services, it has a number of drawbacks with respect to the more complex world of WSRF-based Grid computing, especially where security is concerned. In this paper, a solution that extends the BPEL security approach to encompass secure Grid application interactions is presented. The proposed approach is capable of handling both web service and Grid service resources and their corresponding security mechanisms. The BPEL language is extended by security-related settings. An implementation of a GSI-compliant BPEL engine that can also manage the lifetime of proxy certificates is presented.