From business process choreography to authorization policies

Authors:
Philip Robinson;Florian Kerschbaum;Andreas Schaad
Affiliations:
SAP Research, Karlsruhe, Germany;SAP Research, Karlsruhe, Germany;SAP Research, Sophia Antipolis, France
Venue:
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Year:
2006

Citing 10
Cited 7

Role-Based Access Control Models

Computer
The use of business process models for security design in organisations

Information systems security
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Protection in operating systems

Communications of the ACM
Access control mechanisms for inter-organizational workflow

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A model of OASIS role-based access control and its support for active security

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management

Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Dynamic access control through Petri net workflows

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
An Approach to Extract RBAC Models from BPEL4WS Processes

WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises

A comprehensive security architecture for dynamic, web service based virtual organizations for businesses

Proceedings of the 3rd ACM workshop on Secure web services
An Approach to Identity Management for Service Centric Systems

ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
Security architecture for virtual organizations of business web services

Journal of Systems Architecture: the EUROMICRO Journal
A verifiable, centralized, coercion-free reputation system

Proceedings of the 8th ACM workshop on Privacy in the electronic society
Derivation of trust federation for collaborative business processes

Information Systems Frontiers
Securing VO management

TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Rule-Based Security Capabilities Matching for Web Services

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

A choreography specifies the interactions between the resources of multiple collaborating parties at design time. The runtime management of authorization policies in order to support such a specification is however tedious for administrators to manually handle. By compiling the choreography into enhanced authorization policies, we are able to automatically derive the minimal authorizations required for collaboration, as well as enable and disable the authorizations in a just-in-time manner that matches the control flow described in the choreography. We have evaluated the advantage of this utility in a collaborative engineering scenario.