Identity Management in Business Process Modelling: A Model-driven Approach

The modelling of business processes is widely used in enterprises. Though this is very common, requirements for identity management and access control are often collected separately in documents or requirement tools. Due to the business-driven background of access control, this kind of requirement should be collected at the business site's business process model. This work introduces a meta-model for modelling access control requirements at the business process level. It combines the model and its requirements, reducing the risk of inconsistencies caused by process changes. A model-driven development process utilises the enriched models for generating policies for different identity management products.

[1]  M.N. Kreeger,et al.  Engineering secure software by modelling privacy and security requirements , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[2]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[3]  Michael Hammer,et al.  Reengineering Work: Don’t Automate, Obliterate , 1990 .

[4]  Dirk Krafzig Serviceorientierte Architekturen (SOA) , 2010 .

[5]  Jan-Peter Richter,et al.  Serviceorientierte Architektur , 2005, Informatik-Spektrum.

[6]  Beate List,et al.  A UML 2 Profile for Event Driven Process Chains , 2006, CONFENIS.

[7]  Andreas Schaad,et al.  Deriving XACML Policies from Business Process Models , 2007, WISE Workshops.

[8]  Ruth Breu,et al.  Model based development of access policies , 2007, International Journal on Software Tools for Technology Transfer.

[9]  Wolfgang Hommel Architektur- und Werkzeugkonzepte für föderiertes Identitäts-Management , 2007 .

[10]  Ravi S. Sandhu,et al.  Identity management , 2003, IEEE Internet Computing.

[11]  Mario Piattini,et al.  Towards CIM to PIM Transformation: From Secure Business Processes Defined in BPMN to Use-Cases , 2007, BPM.

[12]  Peter Fettke,et al.  Model Driven Architecture (MDA) , 2003, Wirtsch..

[13]  Mario Piattini,et al.  A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[14]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[15]  Günther Pernul,et al.  Viewing Business-Process Security from Different Perspectives , 1999, Int. J. Electron. Commer..

[16]  Qing Li,et al.  Unified Modeling Language , 2009 .

[17]  Elisa Bertino,et al.  Access Control and Authorization Constraints for WS-BPEL , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[18]  Christian Emig,et al.  An Access Control Metamodel for Web Service-Oriented Architecture , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[19]  Mario Piattini,et al.  Security requirement with a UML 2.0 profile , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[20]  M. Burling The key to compliance [corporate accounting] , 2005 .

[21]  Fabio Casati,et al.  Web services interoperability specifications , 2006, Computer.

[22]  Aileen Cater-Steel,et al.  Resolving the troubled IT-business relationship from a cultural perspective , 2001 .

[23]  Hamid Bagheri,et al.  Injecting security as aspectable NFR into Software Architecture , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[24]  Heiko Klarl Modellgetriebene, mustergestützte Sicherheit in serviceorientierten Architekturen , 2007, Informatik-Spektrum.

[25]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[26]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[27]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[28]  Christoph Meinel,et al.  Modelling Security Goals in Business Processes , 2008, Modellierung.

[29]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[30]  Christian Emig,et al.  Model-Driven Development of Access Control Policies for Web Services , 2008 .

[31]  Ruth Breu,et al.  Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0 , 2005, MoDELS'05.

[32]  Jon Finke Identity Management , 2006, LISA.

[33]  Stefan Biffl,et al.  Secure business process management: a roadmap , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[34]  Mario Piattini,et al.  A Survey of Web Services Security , 2004, ICCSA.

[35]  Christian Wolff,et al.  Abbildung von Zugriffskontrollaussagen in Geschäftsprozessmodellen , 2008 .

[36]  Beate List,et al.  Extending the UML 2 Activity Diagram with Business Process Goals and Performance Measures and the Mapping to BPEL , 2006, ER.