Title :
Extending Role-Based Access Control for Business Usage
Author :
Klarl, Heiko ; Klinger, Karsten ; Molitorisz, Korbinian ; Abeck, Sebastian ; Emig, Christian
Author_Institution :
iC Consult GmbH, Oberhaching, Germany
Abstract :
Role-based access control (RBAC) is used for managing authorisation in IT systems, by utilising the concept of roles. Existing approaches do not clearly define the term "role" in its different contexts as well as not considering the relation between roles and business process modelling. Therefore this work introduces business and system role-based access control (B&S-RBAC). Established role-based access control models are extended with a business perspective and the term role is defined from a business and from an IT perspective, resulting in business and system roles. The relation between them is shown in a meta-model and the usage of business roles for secure business process modelling is explained.
Keywords :
authorisation; business data processing; business process re-engineering; authorisation management; business process modelling; system role-based access control; Access control; Authorization; Business process re-engineering; Conference management; Context modeling; Identity management systems; Information security; Permission; Technology management; Unified modeling language; Access Control; Business Process Modelling; Business-IT Alignment; Identity Management; RBAC; Roles;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on
Conference_Location :
Athens, Glyfada
Print_ISBN :
978-0-7695-3668-2
DOI :
10.1109/SECURWARE.2009.28
