ReMoLa: Responsibility Model Language to Align Access Rights with Business Process Requirements
DOI: 10.1109/RCIS.2011.6006828 Conference: Fifth IEEE International Conference on Research Challenges in Information Science
Access controls is an important IT security issue and has accordingly been a huge research topic for the last decade. Many models and role engineering methods have been provided since then, and RBAC has appeared to be one of the most significant contributions. In parallel to those developments, new requirements have appeared in the field of IT governance and they provide new constraints for the elicitation of access control policies. One of those requirements is to have access rights strictly aligned with the business process and to have the responsibility of the employees involved in those processes strictly defined and suitably assigned to the employee. RBAC doesn’t permit to integrate these new requirements. In this paper we propose a responsibility modeling language to align access rights with business processes requirements. To achieve that, our approach uses the concept of employees’ responsibility as a means to bridge the gap through frameworks from the business layer down to frameworks from the technical layer.
- [Show abstract] [Hide abstract]
ABSTRACT: An innovative approach is proposed for aligning the different layers of the enterprise architecture of a European institution. The main objective of the alignment targets the definition and the assignment of the access rights needed by the employees according to business specifications. This alignment is realized by considering the responsibility and the accountabilities (doing, deciding and advising) of these employees regarding business tasks. Therefore, the responsibility (modeled in a responsibility metamodel) is integrated with the enterprise architecture metamodel using a structured method. The approach is illustrated and validated with a dedicated case study dealing with the definition of access rights assigned to employees involved in the user account provisioning and management processes.PoEM; 01/2012
Conference Paper: Responsibility aspects in service engineering for e-GovernmentInteroperability for Enterprise Systems and Applications conference; 03/2012
- [Show abstract] [Hide abstract]
ABSTRACT: Service engineering is a huge research topic that addresses the specification, the compliance and the sharing of business and IT services across companies, institutions or governmental organizations. Despite many advantages of working with the services, the guarantee of service compliance and management of the service overlaps by the stakeholders remains challenging. The objective of this document is to present a methodological approach in order to specify the links between the organizational layer and the informational layer of services. Therefore our research has focused on clarifying the responsibility dimension of the stakeholders involved in those services. The proposed approach is illustrated with an example in the context of sensitive data exchange between stakeholders from the healthcare domain.06/2012; 4(1):123-142. DOI:10.1007/s12927-012-0005-2
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.