Information flow control consists of planning the interactions of services in order to satisfy different security restrictions concerning the propagation of information in a composition. This paper examines the questions of what the information flow is and how it can be modeled and controlled in service-oriented business processes. We present the design and implementation of a decentralized workflow management solution for the control of information flow. Our contribution targets orchestration-based compositions where centralized workflow descriptions are used to derive distributed and cooperating process fragments. The derived process fragments are deployed on composed services and they enable them to establish P2P interconnections with each other. The deriving operation is governed by the underlying dependencies of composed services and the computation of information flow policies. We present a framework for the modeling and computation of information flow and centralized specifications in order to derive cooperating process fragments. Furthermore, we present a reference architecture for service implementation. The former can be applied to a variety of composition specifications such as WS-BPEL while the latter provides an inexpensive and reasonable support for decentralized workflow management.