Conference Paper

ReMoLa: Responsibility Model Language to Align Access Rights with Business Process Requirements

DOI: 10.1109/RCIS.2011.6006828 Conference: Fifth IEEE International Conference on Research Challenges in Information Science

ABSTRACT Access controls is an important IT security issue and has accordingly been a huge research topic for the last decade. Many models and role engineering methods have been provided since then, and RBAC has appeared to be one of the most significant contributions. In parallel to those developments, new requirements have appeared in the field of IT governance and they provide new constraints for the elicitation of access control policies. One of those requirements is to have access rights strictly aligned with the business process and to have the responsibility of the employees involved in those processes strictly defined and suitably assigned to the employee. RBAC doesn’t permit to integrate these new requirements. In this paper we propose a responsibility modeling language to align access rights with business processes requirements. To achieve that, our approach uses the concept of employees’ responsibility as a means to bridge the gap through frameworks from the business layer down to frameworks from the technical layer.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Service engineering is a huge research topic that addresses the specification, the compliance and the sharing of business and IT services across companies, institutions or governmental organizations. Despite many advantages of working with the services, the guarantee of service compliance and management of the service overlaps by the stakeholders remains challenging. The objective of this document is to present a methodological approach in order to specify the links between the organizational layer and the informational layer of services. Therefore our research has focused on clarifying the responsibility dimension of the stakeholders involved in those services. The proposed approach is illustrated with an example in the context of sensitive data exchange between stakeholders from the healthcare domain.
    06/2012; 4(1):123-142. DOI:10.1007/s12927-012-0005-2
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Evolution is characteristic to every Information System (IS) because of continuing changes in its environment. It is also a necessary condition for guaranteeing IS fitness to the organizational needs and requirements. Nonetheless, each IS evolution presents several risks towards its sustainability and further changes, and steering IS evolution is indispensable for any organization. In this work we propose a framework that aims to guide the actors responsible for IS evolution steering. The framework allows to reduce the uncertainty, which is inherent in the IS evolution, by providing the information necessary to realise IS evolution activities and to simulate their impact. It is composed of several conceptual models representing different IS dimensions (information, activities, regulation). In this paper we detail the IS Steering Metamodel (IS-SM), which is the main element of our framework.
    The Practice of Enterprise Modeling, 7th IFIP WG 8.1 Working Conference PoEM 2014, Manchester, UK; 11/2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Service-orientation is currently considered as a promising paradigm to deal with the complexity, interoperability and evolution of enterprise Information Systems (IS), which are the foremost preoccupation in today’s enterprises. However, the shift from a conventional IS architecture to a service-oriented one is not an easy task despite of the various service design approaches proposed in the literature. In this paper we promote the concepts of information service and Information Services System (ISS) and we present three different ways to design an ISS taking into account enterprise legacy IS and/or from scratch. We illustrate the three approaches with examples taken from industrial projects and case studies.
    The 6th IFIP WG8.1 Working Conference on the Practice of Enterprise Modelling, PoEM 2013, Riga; 11/2013