Abstract
A business model describes certain operations of an enterprise, and an important aspect of business operations deals with the specification of access control policies, which are used to constrain the business operations by adding what should, could, or must be. We describe the use of patterns for presenting access control models and policies. Our goal is to specify access control policies such that they are based on access control models and have the capability of policy languages, thereby making the foundational blocks of these policies and operational models identical. Thus, the integration of these policies into operational models is straightforward. To show our approach, we use Role-based Access Control (RBAC), a well-known access control model, and also select a business process model whose foundational building blocks are Resources, Events, and Agents (REA). We make three main contributions: 1) the use of the same foundational building blocks and similar models to describe business processes and access control models, 2) access control policies that are based on an access control model, and 3) access control policies that are rule-based and akin to policy languages. As a result, such models are more understandable, and their future modifications are more straightforward.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
