The University of Southampton
University of Southampton Institutional Repository

Specifying process-aware access control rules in SBVR

Specifying process-aware access control rules in SBVR
Specifying process-aware access control rules in SBVR
Access control is an important aspect of regulatory compliance. Therefore, access control specifications must be process-aware in that they can refer to an underlying business process context, but do not specify when and how they must be enforced. Such access control specifications are often expressed in terms of general rules and exceptions, akin to defeasible logic. In this paper we demonstrate how a role-based, process-aware access control policy can be specified in the SBVR. In particular, we define an SBVR vocabulary that allows for a process-aware specification of defeasible access control rules. Because SBVR does not support defeasible rules, we show how a set of defeasible access control rules can be transformed into ordinary SBVR access control rules using decision tables as a transformation mechanism.
access control, defeasible logic, rbac, sbvr, bpm
9783540759744
39-52
Springer
Goedertier, Stijn
40588435-0c85-44df-98de-4275880b56df
Mues, Christophe
07438e46-bad6-48ba-8f56-f945bc2ff934
Vanthienen, Jan
6f3d818f-0fce-46fa-966b-160e645caf6d
Goedertier, Stijn
40588435-0c85-44df-98de-4275880b56df
Mues, Christophe
07438e46-bad6-48ba-8f56-f945bc2ff934
Vanthienen, Jan
6f3d818f-0fce-46fa-966b-160e645caf6d

Goedertier, Stijn, Mues, Christophe and Vanthienen, Jan (2007) Specifying process-aware access control rules in SBVR. In Advances in Rule Interchange and Applications. vol. 4824, Springer. pp. 39-52 . (doi:10.1007/978-3-540-75975-1).

Record type: Conference or Workshop Item (Paper)

Abstract

Access control is an important aspect of regulatory compliance. Therefore, access control specifications must be process-aware in that they can refer to an underlying business process context, but do not specify when and how they must be enforced. Such access control specifications are often expressed in terms of general rules and exceptions, akin to defeasible logic. In this paper we demonstrate how a role-based, process-aware access control policy can be specified in the SBVR. In particular, we define an SBVR vocabulary that allows for a process-aware specification of defeasible access control rules. Because SBVR does not support defeasible rules, we show how a set of defeasible access control rules can be transformed into ordinary SBVR access control rules using decision tables as a transformation mechanism.

This record has no associated files available for download.

More information

Published date: 2007
Additional Information: ISSN: 0302-9743
Venue - Dates: International RuleML Symposium on Rule Interchange and Applications (RuleML2007), Orlando, Florida, 2007-10-24 - 2007-10-25
Keywords: access control, defeasible logic, rbac, sbvr, bpm

Identifiers

Local EPrints ID: 51617
URI: http://eprints.soton.ac.uk/id/eprint/51617
ISBN: 9783540759744
PURE UUID: f3a9576f-8380-4c57-bd96-d2c0e0a480dd
ORCID for Christophe Mues: ORCID iD orcid.org/0000-0002-6289-5490

Catalogue record

Date deposited: 27 Aug 2008
Last modified: 08 Apr 2022 01:38

Export record

Altmetrics

Contributors

Author: Stijn Goedertier
Author: Christophe Mues ORCID iD
Author: Jan Vanthienen

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×