Title :
Modeling Access Control Transactions in Enterprise Architecture
Author :
Gaaloul, Khaled ; Guerreiro, Sergio ; Proper, Henderik A.
Author_Institution :
Public Res. Centre, Henri Tudor, Luxembourg
Abstract :
Enterprise architecture (EA) aims to provide management with appropriate indicators and controls to steer and model service-oriented enterprises. However, the management of EA models change is a challenging task due to complex dependencies when dealing with security constraints such as access control. In this paper, we motivate the use of an access control model in EA. More specifically, we present the role-based access control (RBAC) standard as a mean to model access control transactions in EA. To that end, we present (i) how the concepts of RBAC can be modeled into the Archi Mate enterprise architecture modeling language, and (ii) how RBAC´s enforcementis supported with the DEMO enterprise modeling methodology via the business transaction concept. These attempts will help us to identify the conceptual link between RBAC, Archi Mate, and DEMO meta models in order to create a consistent lightweight model for access control in EA. Finally, we illustrate the application of the proposed approach through the handling of an e-Government scenario.
Keywords :
authorisation; enterprise resource planning; service-oriented architecture; ArchiMate enterprise architecture modeling language; ArchiMate models; DEMO enterprise modeling methodology; DEMO meta models; EA model management; RBAC enforcement; RBAC standard; access control transaction modeling; business transaction concept; enterprise architecture; role-based access control standard; security constraints; service-oriented enterprise model; Access control; Object oriented modeling; Organizations; Production; Standards;
Conference_Titel :
Business Informatics (CBI), 2014 IEEE 16th Conference on
Conference_Location :
Geneva
DOI :
10.1109/CBI.2014.26
