Introducing Security Access Control Policies into Legacy Business Processes

Author

Giraldo, Fáber D. ; Blay-Fornarino, Mireille ; Mosser, Sébastien

Author_Institution

Syst. & Comput. Eng., Univ. of Quindio, Armenia, Armenia

fYear

2011

Firstpage

42

Lastpage

49

Abstract

Applying separation of concerns approaches into business process context generally results in several initiatives oriented to automatic generation of aspect code, generation of specific code according to the kind of concern (code for mapping roles and permissions derived from RBAC model for example), or proposition of new mechanisms as dedicated aspectual languages. Most of these initiatives only consider functional behaviours of business process, omitting special behaviours derived from quality attributes such as security, which can be modelled as concerns that must be supported in the business process. In this paper we propose the integration of cross-cuttings standardized control access policies (based on RBAC model and Oasis XACML) into legacy business processes, using a separation of concerns approach.

Keywords

XML; authorisation; business data processing; Oasis XACML; RBAC model; aspect code automatic generation; aspectual languages; cross-cuttings standardized control access policies; legacy business process; quality attributes; security access control policies; separation of concern approach; specific code generation; Access control; Authentication; Business; Process control; Software; Unified modeling language; Business Processes; Security Standards; Separation of Concerns; Service–oriented Architecture;

fLanguage

English

Publisher

ieee

Conference_Titel

Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2011 15th IEEE International

Conference_Location

Helsinki

Print_ISBN

978-1-4577-0869-5

Electronic_ISBN

978-0-7695-4426-7

Type

conf

DOI

10.1109/EDOCW.2011.11

Filename

6037600