Title :
Modeling of A-Posteriori Access Control in Business Processes
Author :
Aroua, Mohamed Karim ; Zouari, Belhassen
Author_Institution :
LIP2 Lab., Univ. El Manar, Tunis, Tunisia
Abstract :
A-priori access control techniques allow granting access to a set of predefined agents. In some processes, we cannot define in advance the set of authorized agents because the characteristics of the process instance determine activity assignment. A-posteriori access control allows access to many agents who claim being authorized. It implements an audit process permitting to check the behavior of the different agents in the system. In this paper, we introduce the concept of a-posteriori access control and we provide an approach allowing modeling an auditable process by using Business Process Management Notation (BPMN). We express audit requirements through text annotations. Finally, we provide an example from the banking context to illustrate an auditable process.
Keywords :
auditing; authorisation; business data processing; text analysis; BPMN; a-priori access control techniques; audit requirements; authorized agents; banking context; business process management notation; predefined agents; text annotations; Access control; Business; Context; Databases; Process control; Unified modeling language; Access control; Audit logic; BPMN; Secure Business processes;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2012 IEEE 36th Annual
Conference_Location :
Izmir
Print_ISBN :
978-1-4673-2714-5
Electronic_ISBN :
978-0-7695-4758-9
DOI :
10.1109/COMPSACW.2012.77
