University of Wollongong
Browse

SOAC-Net: A model to manage service-based business process authorization

Download (437.55 kB)
conference contribution
posted on 2024-11-14, 11:15 authored by Haiyang Sun, Jian Yang, Weiliang Zhao, Sanjay K Nepal
Business process (BP) can be supported by a large number of resources with evolving contents. In order to receive the support from these resources, the BP must satisfy the authorization policies of these resources. On the other hand, a BP also has its own authorization policies that users must satisfy in order to interact with the BP. Meanwhile, execution policies need to be applied to manage the sequence of tasks invocations in a BP. Therefore, without proper coordination among these policies, BP may not be able to perform correctly, e.g., imperative support from a specific resource could be missing or unauthorized user access can occur. An effective authorization management bringing all types of policies together becomes a must for a BP executing correctly without breaking any authorization and business rules. In this paper, we propose a process model, SOAC-Net that is incorporated with an authorization model, Process-Aware Service-Oriented Authorization Control (PASOAC). PASOAC is an extension of Role Based Access Control (RBAC), which takes both resource and user into account. A set of authorization constraints are designed in PASOAC to coordinate the user access and the resource support in a process environment. © 2012 IEEE.

History

Citation

Sun, H., Yang, J., Zhao, W. & Nepal, S. K. (2012). SOAC-Net: A model to manage service-based business process authorization. Ninth International Conference on Services Computing, SCC 2012 (pp. 376-383). Piscataway, New Jersey: IEEE.

Parent title

Proceedings - 2012 IEEE 9th International Conference on Services Computing, SCC 2012

Pagination

376-383

Language

English

RIS ID

68822

Usage metrics

    Categories

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC