Sciweavers

RULEML
2007
Springer

Specifying Process-Aware Access Control Rules in SBVR

13 years 9 months ago
Specifying Process-Aware Access Control Rules in SBVR
Abstract. Access control is an important aspect of regulatory compliance. Therefore, access control specifications must be process-aware in that they can refer to an underlying business process context, but do not specify when and how they must be enforced. Such access control specifications are often expressed in terms of general rules and exceptions, akin to defeasible logic. In this paper we demonstrate how a role-based, process-aware access control policy can be specified in the SBVR. In particular, we define an SBVR vocabulary that allows for a process-aware specification of defeasible access control rules. Because SBVR does not support defeasible rules, we show how a set of defeasible access control rules can be transformed into ordinary SBVR access control rules using decision tables as a transformation mechanism.
Stijn Goedertier, Christophe Mues, Jan Vanthienen
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where RULEML
Authors Stijn Goedertier, Christophe Mues, Jan Vanthienen
Comments (0)