Specifying separation of duty constraints in BPEL4People processes

Lecture Notes in Business Information Processing

Volumn 7 LNBIP, Issue , 2008, Pages 273-284

  Mendling, Jan ^a   Ploesser, Karsten ^b   Strembeck, Mark ^c  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

^b SAP RESEARCH   (Australia)

^c VIENNA UNIVERSITY OF ECONOMICS AND BUSINESS   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SYSTEMS; SEPARATION;

BUSINESS PROCESS; OPEN INTERFACE; SECURITY ISSUES; SEPARATION OF DUTY;

ACCESS CONTROL;

EID: 70350051021     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-540-79396-0_24     Document Type: Conference Paper

References (30)

1. Agrawal, A., Amend, M., Das, M., Keller, C., Kloppmann, M., König, D., Leymann, F., Müller, R., Pfau, G., Ploesser, K., Rangaswamy, R., Rickayzen, A., Rowley, M., Schmidt, P., Trickovic, I., Yiu, A., Zeller, M.: Web services human task (WSHumanTask), version 1.0 (2007)
2. Agrawal, A., Amend, M., Das, M., Keller, C., Kloppmann, M., König, D., Leymann, F., Müller, R., Pfau, G., Ploesser, K., Rangaswamy, R., Rickayzen, A., Rowley, M., Schmidt, P., Trickovic, I., Yiu, A., Zeller, M.: WS-BPEL extension for people (BPEL4People), version 1.0 (2007)
3. Ahn, G.J., Sandhu, R.: Role-based Authorization Constraints Specification. ACM Trans. on Information and System Security (TISSEC) 3(4) (November 2000)
4. Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guizar, A., Kartha, N., Liu, C.K., Khalaf, R., Koenig, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web Services Business Process Execution Language - Version 2.0. OASIS (January 2007)
5. Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proc. of the IEEE International Conference on Web Services (ICWS) (September 2006)
6. Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)
7. Botha, R.A., Elo., J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3) (2001)
8. Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: Proc. of the IEEE Symposium on Security and Privacy (1987)
9. Ferraiolo, D.F., Barkley, J.F., Kuhn, D.R.: A Role-Based Access Control Model and Reference Implementation within a Corporate Intranet. ACM Transactions on Information and System Security (TISSEC) 2(1) (February 1999)
10. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3) (August 2001)
11. Gallaher, M.P., O'Connor, A.C., Kropp, B.: The Economic Impact of Role-Based Access Control. National Institute of Standards & Technology (NIST), Planning Report 02-11 (March 2002)
12. Georgiadis, C.K., Mavridis, I., Pangalos, G., Thomas, R.K.: Flexible Team-Based Access Control Using Contexts. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT) (May 2001)
13. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in Operating Systems. Communications of the ACM 19(8) (August 1976)
14. Koshutanski, H., Massacci, F.: Interactive access control for web services. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds.) IFIP 18th WorldComputer Congress, TC11 19th Int. Information Security Conference, pp. 151-166 (2004)
15. Landwehr, C.E.: Formal Models for Computer Security. ACM Computing Surveys 13(3) (September 1981)
16. Mendling, J., zur Muehlen, M., Price, A.: Process Aware Information Systems: Bridging People and Software Through Process Technology. In: Standards for Workflow De.nition and Execution, pp. 281-316. Wiley Publishing, Chichester (2005)
17. Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proc. of the 13th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE) (June 2004)
18. Neumann, G., Strembeck, M.: A Scenario-driven Role Engineering Process for Functional RBAC Roles. In: Proc. of 7th ACM Symposium on Access Control Models and Technologies (SACMAT) (June 2002)
19. Osborn, S., Sandhu, R., Munawer, Q.: Con.guring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security (TISSEC) 3(2) (February 2000)
20. Russell, N., van der Aalst, W.M.P.: Evaluation of the BPEL4People and WSHumanTask Extensions to WS-BPEL 2.0 using the Workflow Resource Patterns. BPM Center Report BPM-07-10, BPMcenter.org (2007)
21. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: Identi.cation, representation and tool support. In: Pastor, ́ O., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol.3520, pp. 216-232. Springer, Heidelberg (2005)
22. Sandhu, R.S., Samarati, P.: Access control: Principles and practice. IEEE Communications 32(9) (September 1994)
23. Strembeck, M.: Con.ict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences. In: Proc. of the Conference on Software Engineering (SE 2004) (February 2004)
24. Strembeck, M.: A Role Engineering Tool for Role-Based Access Control. In: Proc. of the 3rd Symposium on Requirements Engineering for Information Security (SREIS) (August 2005)
25. Strembeck, M.: Embedding Policy Rules for Software-Based Systems in a Requirements Context. In: Proc. of the IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY) (June 2005)
26. Tan, K., Crampton, J., Gunter, C.A.: The Consistency of Task-Based Authorization Constraints in Workflow Systems. In: Proc. of the IEEE Workshop on Computer Security Foundations (CSFW) (June 2004)
27. Thomas, J., Paci, F., Bertino, E., Eugster, P.: User Tasks and Access Control over Web Services. In: Proc. of the IEEE International Conference on Web Services (ICWS) (July 2007)
28. Thomas, R.K.: Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. In: Proc. of the ACM Workshop on Role Based Access Control (1997)
29. Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: Proc. of the IFIP WG11.3 Conference on Database Security (August 1997)
30. Wolter, C., Schaad, A.: Modeling of Task-Based Authorization Constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol.4714, pp. 64-79. Springer, Heidelberg (2007)