Abstract
One of the most important characteristics of current enterprise systems is the existence of collaborative processes where different users/subsystems communicate and cooperate in order to carry out common activities. In these processes, shared resources are often used and there are complex relationships between activities and users, so the definition and administration of different security levels (tasks, users, resources, etc.) is necessary. In this article, we shall focus on an important dimension related to the security aspect of collaborative systems: access control. We shall use an organization model that considers the necessary elements to represent authorization and access control aspects in enterprise systems. This model is used in a service-oriented architecture (SOA) in order to facilitate the implementation of a service which is responsible for these important functions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell DE, LaPadula LJ (1974) Secure Computer Systems: Mathematical Foundations and Models. Mitre Report M74-244, Mitre Corporation, Bedford, Massachusetts
Firesmith DG (2003) Engineering Security Requirements. J Object Technology 2: 53-68
Firesmith DG (2004) Specifying Reusable Security Requirements. J Object Technology 3: 61-75
Garrido JL, Paderewski P, Rodríguez ML, Hornos M, Noguera M (2005) A software architecture intended to design high quality groupware applications. In: Proceedings of the ICSE Research and Practice, pp 59-65
Gerber M, von Solms R, Overbeek P (2001) Formalizing information security requirements. J Information Management & Computer Security 9: 32-37
Gutiérrez C, Fernández-Medina E, Piattini M (2004) A Survey of Web Services Security. Computational Science and Its Applications ICCSA 2004 vol 3043/2004 pp 968-977
Gutiérrez FL, Isla JL, Paderewski P, Sánchez M, Jiménez B (2007) An architecture for access control management in collaborative enterprise systems based on organization models. J Sci Comput Program 66: 44-59
Harrison MH, Ruzzo WL, and Ullman JD (1976) Protection in operating systems. Commun ACM 19: 461-471
Joshi JB, Aref WG, Ghafoor A, Spafford E H (2001) Security models for web-based applications. Commun ACM 44: 38-44
Paderewski P, Rodríguez MJ, Parets J (2003) An Architecture for Dynamic and Evolving Cooperative Software Agents. In: Computer Standards & Interfaces, vol 25, Elsevier Science, pp 261-269
Paderewski P, Torres JJ, Rodríguez MJ, Medina N, Molina F, A software system evolutionary and adaptive framework: Application to agent-based systems. Journal of Systems Architecture 50: 407-416
Sandhu RS (1988) The schematic protection model: its definition and analysis for acyclic attenuating schemes. J ACM 35: 404-432
Sandhu RS (1992) The typed access matrix model. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, pp 122-136
Sandhu RS (1993) Lattice-based access control models. IEEE Computer 26:9-19
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (2006) Role-based access control models. IEEE Computer 29: 38-47
Thomas RK, Sandhu RS (1997) Task-based Authorization Controls(TBAC): A Family of Models for Active and Enterpriseoriented Authorization Management. Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, pp 166-181
Tidswell J, Potter J (1998) A Dynamically Typed Access Control Model. In: Proceedings of the Third Australasian Conference on information Security and Privacy C. Boyd and E. Dawson (eds), Lecture Notes In Computer Science, vol 1438, Springer-Verlag, London, pp 308-319
Van Welie M, Van der Veer GC (1998) An ontology for task world models. In: Design, Specification and Verification of Interactive System’98, Springer Computer Science
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag London
About this chapter
Cite this chapter
Sánchez, M., Jiménez, B., Gutièrrez, F., Paderewski, P., Isla, J.L. (2009). Access Control Model for Collaborative Business Processes. In: Redondo, M., Bravo, C., Ortega, M. (eds) Engineering the User Interface. Springer, London. https://doi.org/10.1007/978-1-84800-136-7_9
Download citation
DOI: https://doi.org/10.1007/978-1-84800-136-7_9
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-84800-135-0
Online ISBN: 978-1-84800-136-7
eBook Packages: Computer ScienceComputer Science (R0)