An Approach to Extract RBAC Models from BPEL4WS Processes

Authors:
Jan Mendling;Mark Strembeck;Gerald Stermsek;Gustaf Neumann
Affiliations:
Vienna University of Economics and BA, Austria;Vienna University of Economics and BA, Austria;Vienna University of Economics and BA, Austria;Vienna University of Economics and BA, Austria
Venue:
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Year:
2004

Citing 0
Cited 14

A medical diagnostic and treatment advice system for the provision of home care

Proceedings of the 1st international conference on PErvasive Technologies Related to Assistive Environments
Controlling Usage in Business Process Workflows through Fine-Grained Security Policies

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
HyDRo --- Hybrid Development of Roles

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Security architecture for virtual organizations of business web services

Journal of Systems Architecture: the EUROMICRO Journal
A Mediation Framework for the Implementation of Context-Aware Access Control in Pervasive Grid-Based Healthcare Systems

GPC '09 Proceedings of the 4th International Conference on Advances in Grid and Pervasive Computing
A transformation approach for security enhanced business processes

SE '08 Proceedings of the IASTED International Conference on Software Engineering
Deriving XACML policies from business process models

WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
A system for the provision of medical diagnostic and treatment advice in home care environment

Personal and Ubiquitous Computing
Modeling process-related RBAC models with extended UML activity models

Information and Software Technology
Deriving role engineering artifacts from business processes and scenario models

Proceedings of the 16th ACM symposium on Access control models and technologies
From business process choreography to authorization policies

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Minimizing insider misuse through secure Identity Management

Security and Communication Networks
Recovering role-based access control security models from dynamic web applications

ICWE'12 Proceedings of the 12th international conference on Web Engineering
Secure federation of semantic information services

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Business Process Execution Language for Web Services (BPEL) has become the defacto standard for Web Service composition. Yet, it does not address security aspects. This paper is concerned with access control for BPEL based processes. We present an approach to integrate Role-Based Access Control (RBAC) and BPEL on the meta-model level. Moreover, we show that such an integration can be used to automate steps of the role engineering process. In particular, we extract RBAC models from BPEL processes and present an XSLT converter that transforms BPEL code to the XML import format of the xoRBAC software component.