Title :
Introducing Security Access Control Policies into Legacy Business Processes
Author :
Giraldo, Fáber D. ; Blay-Fornarino, Mireille ; Mosser, Sébastien
Author_Institution :
Syst. & Comput. Eng., Univ. of Quindio, Armenia, Armenia
Abstract :
Applying separation of concerns approaches into business process context generally results in several initiatives oriented to automatic generation of aspect code, generation of specific code according to the kind of concern (code for mapping roles and permissions derived from RBAC model for example), or proposition of new mechanisms as dedicated aspectual languages. Most of these initiatives only consider functional behaviours of business process, omitting special behaviours derived from quality attributes such as security, which can be modelled as concerns that must be supported in the business process. In this paper we propose the integration of cross-cuttings standardized control access policies (based on RBAC model and Oasis XACML) into legacy business processes, using a separation of concerns approach.
Keywords :
XML; authorisation; business data processing; Oasis XACML; RBAC model; aspect code automatic generation; aspectual languages; cross-cuttings standardized control access policies; legacy business process; quality attributes; security access control policies; separation of concern approach; specific code generation; Access control; Authentication; Business; Process control; Software; Unified modeling language; Business Processes; Security Standards; Separation of Concerns; Service–oriented Architecture;
Conference_Titel :
Enterprise Distributed Object Computing Conference Workshops (EDOCW), 2011 15th IEEE International
Conference_Location :
Helsinki
Print_ISBN :
978-1-4577-0869-5
Electronic_ISBN :
978-0-7695-4426-7
DOI :
10.1109/EDOCW.2011.11
