An Access Control Model for Organisational Management in Enterprise Architecture

Enterprise architecture (EA) aims to provide management with appropriate indicators and controls to steer and model service-oriented enterprises. EA offers a suitable operating platform to support an organisation´s future goals and the roadmap for moving towards this vision. Despite significant research interest in the domain, common enterprises architecture frameworks lack of access control mechanisms supporting security requirements within organisations. Security has become a matter of paramount concern when managing organisations resources such as stakeholders´ authorisation or sensitive data. In this paper, we propose an innovative approach for managing organisational resources in enterprise architecture. In doing so, we reason about task-based resources in the EA language ArchiMate. The idea is to build a conceptual model supporting access control when modelling a business process (set of tasks) in ArchiMate. We then map the common concepts with the role-based access control model (RBAC) to specify the required authorisation policies as part of the security specifications and guidelines in EA. Finally, a case study illustration will be used for the evaluation as part of the research approach.