Access control models for business processes

A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for pr...

Full description

Saved in:
Bibliographic Details
Main Authors: Karimi, Vahid R., Cowan, Donald D.
Format: Conference Proceeding
Language:English
Subjects:
Access control
Access control models and policies
Adaptation model
Business
Business processes
Context
Customer service
Data models
Patterns
RBAC
REA
Unified modeling language
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 10
container_issue
container_start_page 1
container_title
container_volume
creator Karimi, Vahid R.
Cowan, Donald D.
description A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5741668</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5741668</ieee_id><sourcerecordid>5741668</sourcerecordid><originalsourceid>FETCH-ieee_primary_57416683</originalsourceid><addsrcrecordid>eNpjZOC1NLewBEITI1NDCwsOBt7i4iwDAwNDSzNzMwNDTgYdx-Tk1OJiheT8vJKi_ByF3PyU1JxihbT8IoWk0uLMPJBcQVE-SE1qMQ8Da1piTnEqL5TmZpB2cw1x9tDNTE1NjS8oysxNLKqMNzU3MTQzszDGLwsAHtstJQ</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Access control models for business processes</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Karimi, Vahid R. ; Cowan, Donald D.</creator><creatorcontrib>Karimi, Vahid R. ; Cowan, Donald D.</creatorcontrib><description>A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.</description><identifier>EISBN: 9789898425188</identifier><identifier>EISBN: 9898425180</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Access control models and policies ; Adaptation model ; Business ; Business processes ; Context ; Customer service ; Data models ; Patterns ; RBAC ; REA ; Unified modeling language</subject><ispartof>2010 International Conference on Security and Cryptography (SECRYPT), 2010, p.1-10</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5741668$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,54918</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5741668$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Karimi, Vahid R.</creatorcontrib><creatorcontrib>Cowan, Donald D.</creatorcontrib><title>Access control models for business processes</title><title>2010 International Conference on Security and Cryptography (SECRYPT)</title><addtitle>SECRYPT</addtitle><description>A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.</description><subject>Access control</subject><subject>Access control models and policies</subject><subject>Adaptation model</subject><subject>Business</subject><subject>Business processes</subject><subject>Context</subject><subject>Customer service</subject><subject>Data models</subject><subject>Patterns</subject><subject>RBAC</subject><subject>REA</subject><subject>Unified modeling language</subject><isbn>9789898425188</isbn><isbn>9898425180</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNpjZOC1NLewBEITI1NDCwsOBt7i4iwDAwNDSzNzMwNDTgYdx-Tk1OJiheT8vJKi_ByF3PyU1JxihbT8IoWk0uLMPJBcQVE-SE1qMQ8Da1piTnEqL5TmZpB2cw1x9tDNTE1NjS8oysxNLKqMNzU3MTQzszDGLwsAHtstJQ</recordid><startdate>201007</startdate><enddate>201007</enddate><creator>Karimi, Vahid R.</creator><creator>Cowan, Donald D.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201007</creationdate><title>Access control models for business processes</title><author>Karimi, Vahid R. ; Cowan, Donald D.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-ieee_primary_57416683</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Access control</topic><topic>Access control models and policies</topic><topic>Adaptation model</topic><topic>Business</topic><topic>Business processes</topic><topic>Context</topic><topic>Customer service</topic><topic>Data models</topic><topic>Patterns</topic><topic>RBAC</topic><topic>REA</topic><topic>Unified modeling language</topic><toplevel>online_resources</toplevel><creatorcontrib>Karimi, Vahid R.</creatorcontrib><creatorcontrib>Cowan, Donald D.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Karimi, Vahid R.</au><au>Cowan, Donald D.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Access control models for business processes</atitle><btitle>2010 International Conference on Security and Cryptography (SECRYPT)</btitle><stitle>SECRYPT</stitle><date>2010-07</date><risdate>2010</risdate><spage>1</spage><epage>10</epage><pages>1-10</pages><eisbn>9789898425188</eisbn><eisbn>9898425180</eisbn><abstract>A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.</abstract><pub>IEEE</pub></addata></record>
fulltext fulltext_linktorsrc
identifier EISBN: 9789898425188
ispartof 2010 International Conference on Security and Cryptography (SECRYPT), 2010, p.1-10
issn
language eng
recordid cdi_ieee_primary_5741668
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Access control models and policies
Adaptation model
Business
Business processes
Context
Customer service
Data models
Patterns
RBAC
REA
Unified modeling language
title Access control models for business processes
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-14T12%3A43%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Access%20control%20models%20for%20business%20processes&rft.btitle=2010%20International%20Conference%20on%20Security%20and%20Cryptography%20(SECRYPT)&rft.au=Karimi,%20Vahid%20R.&rft.date=2010-07&rft.spage=1&rft.epage=10&rft.pages=1-10&rft_id=info:doi/&rft.eisbn=9789898425188&rft.eisbn_list=9898425180&rft_dat=%3Cieee_6IE%3E5741668%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-ieee_primary_57416683%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5741668&rfr_iscdi=true