Workflow Access Control from a Business Perspective

Workflow management systems are increasingly being used to support business processes. Methodologies have been proposed in order to derive workflow process definitions from business models. However, these methodologies do not comprise access control aspects. In this paper we propose an extension to the Work Analysis Refinement Modelling (WARM) methodology, which also enables to determine workflow access control information from the business process model. This is done by identifying useful information from business process models and showing how it can be refined to derive access control information. Our approach reduces the effort required to define the workflow access control, ensures that authorization rules are directly related to the business and aligns access control with the information system architecture that implements the business process.

• Publication year

  2004

• Venue

  International Conference on Enterprise Information Systems

• Publication date

  Unknown publication date

• Fields of study

  Business, Computer Science

• Identifiers
  DOI 10.5220/0002598500180025
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Use Case Modeling

  2002cited by this paper
• Secure Role-Based Workflow Models

  2001cited by this paper
• Managing Workflow Authorization Constraints through Active Database Technology

  2001cited by this paper
• Separation of duties for access control enforcement in workflow environments

  2001cited by this paper
• Designing role hierarchies for access control in workflow systems

  2001cited by this paper
• Workflow Modeling: Tools for Process Improvement and Application Development

  2001cited by this paper
• Access control mechanisms for inter-organizational workflow

  2001cited by this paper
• Business Modeling With UML: Business Patterns at Work

  2000influential reference
• Micro-Workflow: A Workflow Architecture Supporting Compositional Object -Oriented Software Development

  2000cited by this paper
• The specification and enforcement of authorization constraints in workflow management systems

  1999cited by this paper
• Metadata and active object-models

  1998cited by this paper
• Realization of a Context-Dependent Access Control Mechanism on a Commercial Platform

  1998cited by this paper
• Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

  1997cited by this paper
• Determining role rights from use cases

  1997influential reference
• Role-Based Access Control Models

  1996cited by this paper
• The use of business process models for security design in organisations

  1996cited by this paper
• An Authorization Model for Workflows

  1996cited by this paper
• Database security IX: Status and prospects

  1996cited by this paper
• A Formal Security Design Approach for Information Exchange in Organisations

  1995cited by this paper
• The workflow Reference Model

  1994cited by this paper

• A methodology for the experimental performance evaluation of Access Control enforcement mechanisms based on business processes

  2025cites this paper
• Optimal Deployment of High-Level Access Control Policies in Heterogeneous Enforcement Infrastructures

  2024cites this paper
• A Security Framework for Scientific Workflow Provenance Access Control Policies

  2019cites this paper
• Scalable And Secure Provenance Querying For Scientific Workflows And Its Application In Autism Study

  2018cites this paper
• A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

  2014cites this paper
• Secure*BPMN : a graphical extension for BPMN 2.0 based on a reference model of information assurance & security

  2014cites this paper
• Extending Conceptual Schemas with Business Process Information

  2010cites this paper
• Object-Centered Process Modeling: Principles to Model Data-Intensive Systems

  2010cites this paper
• Engineering Business Processes with Service Level Agreements: From Early Requirements towards Business Processes

  2010cites this paper
• Secure Workflow Development from Early Requirements Analysis

  2008cites this paper
• Secure Scientific Workflow Provenance Querying with Security Views

  2008cites this paper
• Delegation in Role Based Access Control Model for Workflow Systems

  2008cites this paper
• Scientific Workflow Provenance Querying with Security Views

  2008cites this paper
• Automatic Generation of Workflow-extended Domain Models ( extended version )

  2007cites this paper
• Automatic generation of workflow-extended domain models

  2007cites this paper
• Generating Extended Conceptual Schemas from Business Process Models

  2007cites this paper