Modeling Access Control Transactions in Enterprise Architecture

Enterprise architecture (EA) aims to provide management with appropriate indicators and controls to steer and model service-oriented enterprises. However, the management of EA models change is a challenging task due to complex dependencies when dealing with security constraints such as access control. In this paper, we motivate the use of an access control model in EA. More specifically, we present the role-based access control (RBAC) standard as a mean to model access control transactions in EA. To that end, we present (i) how the concepts of RBAC can be modeled into the Archi Mate enterprise architecture modeling language, and (ii) how RBAC´s enforcementis supported with the DEMO enterprise modeling methodology via the business transaction concept. These attempts will help us to identify the conceptual link between RBAC, Archi Mate, and DEMO meta models in order to create a consistent lightweight model for access control in EA. Finally, we illustrate the application of the proposed approach through the handling of an e-Government scenario.