Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2006: Data and Applications Security XX pp 297–309Cite as

  1. Home
  2. Data and Applications Security XX
  3. Conference paper
From Business Process Choreography to Authorization Policies

From Business Process Choreography to Authorization Policies

  • Philip Robinson18,
  • Florian Kerschbaum18 &
  • Andreas Schaad19 
  • Conference paper

  • 693 Accesses

  • 10 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

A choreography specifies the interactions between the resources of multiple collaborating parties at design time. The runtime management of authorization policies in order to support such a specification is however tedious for administrators to manually handle. By compiling the choreography into enhanced authorization policies, we are able to automatically derive the minimal authorizations required for collaboration, as well as enable and disable the authorizations in a just-in-time manner that matches the control flow described in the choreography. We have evaluated the advantage of this utility in a collaborative engineering scenario.

Keywords

  • Access Control
  • Business Process
  • Access Control Model
  • Policy Decision Point
  • Authorization Policy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

Download to read the full chapter text

References

  1. Barros, A., Dumas, M., Oaks, P.: A Criticial Overview of the Web Services Choreography Description Language, BPTrends (2005)

    Google Scholar 

  2. Danesh, M.R., Jin, Y.: An Aggregated Value Model for Collaborative Engineering Decisions. In: Proceedings of the 5th ASME Design for Manufacturing Conference (2000)

    Google Scholar 

  3. Gould, A., Barker, S., Carver, E., Golby, D., Turner, M.: BAEgrid: From e-Science to e-Engineering. In: Proceedings of the UK e-Science All Hands Meeting (2003)

    Google Scholar 

  4. Harrison, M., Ruzzo, W., Ullman, J.: Protection in Operating Systems. Communications of the ACM 19(8) (1976)

    Google Scholar 

  5. Holbein, R., Teufel, S., Bauknecht, K.: The use of business process models for security design in organisations. In: Proceedings of SEC (1996)

    Google Scholar 

  6. Kang, M., Park, J., Froscher, J.: Access control mechanisms for inter-organizational workflow. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (2001)

    Google Scholar 

  7. Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y., Barreto, C.: Web Services Choreography Description Language Version 1.0 (2005), available at: http://www.w3.org/TR/ws-cdl-10/

  8. Knorr, K.: Dynamic access control through Petri net workflows. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)

    Google Scholar 

  9. Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies (2004)

    Google Scholar 

  10. Robinson, P., Karabulut, Y., Haller, J.: Dynamic Virtual Organization Management for Service Oriented Enterprise Applications. In: Proceedings of IEEE CollaborateCom (2005)

    Google Scholar 

  11. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2) (1996)

    Google Scholar 

  12. Samarati, P., di Vimercati, S.d.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  13. Dimitrakos, T., Ristol, S., Wilson, M.: TrustCoM: A Trust and Contract Management Framework for Dymamic Virtual Organisations. ERCIM News Magazine (2004)

    Google Scholar 

  14. Thomas, R.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the 2nd ACM workshop on Role-basedAccess Control (1997)

    Google Scholar 

  15. Thomas, R., Sandhu, R.: Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management. In: Proceedings of the IFIP 11th International Conference on Database Security (1998)

    Google Scholar 

  16. van der Aalst, W.M.P., Weske, M.:The P2P Approach to Interorganizational Workflows. LNCS. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  17. Yao, W., Moody, K., Bacon, J.: A Model of OASIS Role-Based Access Control and its Support for Active Security. In: Proceedings of 6th ACM Symposium on Access Control Models and Technologies (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Research, Karlsruhe, Germany

    Philip Robinson & Florian Kerschbaum

  2. SAP Research, Sophia Antipolis, France

    Andreas Schaad

Authors
  1. Philip Robinson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Kerschbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Schaad
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy

    Ernesto Damiani

  2. The Logistics Institute, Northeastern University, Shenyang, China

    Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 IFIP International Federation for Information Processing

About this paper

Cite this paper

Robinson, P., Kerschbaum, F., Schaad, A. (2006). From Business Process Choreography to Authorization Policies. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_21

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/11805588_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36796-3

  • Online ISBN: 978-3-540-36799-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Cancel contracts here

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature