Where did i misbehave? diagnostic information in compliance checking
BPM'12 Proceedings of the 10th international conference on Business Process Management
Business process regulatory compliance management solution frameworks: a comparative evaluation
APCCM '12 Proceedings of the Eighth Asia-Pacific Conference on Conceptual Modelling - Volume 130
| Hi-index | 0.00 |
Business process modelling focuses on the modelling of functional behaviour. In this article, we propose an extension for the business process modelling notation to express non-functional authorisations requirements in a process model to enable the collaboration between security experts and business analysts. To capture multi-level, role-based and Separation of Duty authorisation requirements, new model element attributes and authorisation artefacts are introduced. To enhance the usability of this approach, simple visual decorators are specified to ease the communication of requirements between various stakeholders. To provide an early validation of these authorisation requirements during the definition of a process model, formal semantics are applied to the process model and model-checking techniques are used to provide feedback. As a pragmatic proof-of-concepts, a first prototype implementation is briefly discussed.