Skip to main content
SpringerLink
Log in

Integrating Users in Object-Aware Process Management Systems: Issues and Challenges

  • Conference paper
Business Process Management Workshops (BPM 2009)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 43))

Included in the following conference series:

Abstract

Despite the increasing maturity of contemporary Workflow Management Systems (WfMS), there still exist numerous process-aware application systems with more or less hard-coded process logic. This does not only cause high maintenance efforts (e.g. costly code adaptions), but also results in hard-coded rules for controlling the access to business processes, business functions, and business data. In particular, the assignment of users to process activities needs to be compliant with the rights granted for executing business functions and for accessing business data. A major reason for not using WfMS in a broader context is the inflexibility provided by their activity-centered paradigm, which also limits the access control strategies offered by them. This position paper discusses key challenges for a process management technology in which processes, data objects and users are well integrated in order to ensure a sufficient degree of flexibility. We denote such technology as Object-Aware Process Management System and consider related research as fundamental for the further maturation of process management technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Künzle, V., Reichert, M.: Towards Object-aware Process Management Systems: Issues, Challenges, Benefits. In: Proc. BPMDS 2009. LNBIP, vol. 29, pp. 197–210. Springer, Heidelberg (2009)

    Google Scholar 

  2. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)

    Article  Google Scholar 

  3. Bertino, E., Ferrari, E., Atluri, V.: The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)

    Article  Google Scholar 

  4. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  5. Aalst, W., Hee, K.: Workflow-Management - Models, Methods and Systems. MIT Press, Cambridge (2004)

    Google Scholar 

  6. Aalst, W., Hofstede, A., Kiepuszewski, B., Barros, A.: Workflow Patterns. Distr. & Parallel Databases 14, 5–51 (2003)

    Article  Google Scholar 

  7. Rinderle-Ma, S., Manfred, R.: A Formal Framework for Adaptive Access Control Models. In: Spaccapietra, S., Atzeni, P., Fages, F., Hacid, M.-S., Kifer, M., Mylopoulos, J., Pernici, B., Shvaiko, P., Trujillo, J., Zaihrayeu, I. (eds.) Journal on Data Semantics IX. LNCS, vol. 4601, pp. 82–112. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Aalst, W., Weske, M., Grünbauer, D.: Case Handling: A new paradigm for business process support. Data and Knowledge Engineering 53(2), 129–162 (2005)

    Article  Google Scholar 

  9. Reijers, H., Liman, S., Aalst, W.: Product-based Workflow Design. Management Information Systems 20(1), 229–262 (2003)

    Article  Google Scholar 

  10. Müller, D., Reichert, M., Herbst, J.: Data-driven Modeling and Coordination of Large Process Structures. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part I. LNCS, vol. 4803, pp. 131–149. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  11. Aalst, W., Barthelmess, P., Ellis, C., Wainer, J.: Workflow Modeling using Proclets. In: Scheuermann, P., Etzion, O. (eds.) CoopIS 2000. LNCS, vol. 1901, pp. 198–209. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Sadiq, S., Orlowska, M., Sadiq, W., Schulz, K.: When workflows will not deliver: The case of contradicting work practice. In: Proc. BIS 2005 (2005)

    Google Scholar 

  13. Bertino, E.: Data security. Data Knowl. Eng. 25(1-2), 199–216 (1998)

    Article  Google Scholar 

  14. Ferraiolo, D., Kuhn, R.: Role-based Access Control. In: Proc. 15th NIST-NCSC, pp. 554–563 (1992)

    Google Scholar 

  15. Samarati, P., Vimercati, S.: Access Control: Policies, Models and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Pfeiffer, V.: A Framework for Evaluating Access Control Concepts in Workflow Management Systems. Master thesis (2005)

    Google Scholar 

  17. Weber, B., Reichert, M., Wild, W., Rinderle, S.: Balancing Flexibility and Security in Adaptive Process Management Systems. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3760, pp. 59–76. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Rosemann, M., Mühlen, M.: Modellierung der Aufbauorganisation in Workflow-Management-Systemen: Kritische Bestandsaufnahme und Gestaltungsvorschläge. EMISA Forum 3(1), 78–86 (1998)

    Google Scholar 

  19. Rosemann, M., Mühlen, M.: Organizational Management in Workflow Applications: Issues and Perspectives. Inf. Technol. and Mgmt. 5(3-4), 271–291 (2004)

    Google Scholar 

  20. Botha, R.: Cosawoe – A Model for Context-sensitive Access Control in Workflow Environments. PhD thesis (2002)

    Google Scholar 

  21. Hu, J., Weaver, A.: A Dynamic, Context-Aware Security Infrastructure for Distributed Healthcare Applications. In: Proc. PSPT 2004 (2004)

    Google Scholar 

  22. Kumar, A., Karnik, N., Chafle, G.: Context Sensitivity in Role-based Access Control. SIGOPS 36(3), 53–66 (2002)

    Article  Google Scholar 

  23. Barkley, J., Beznosov, K., Uppal, J.: Supporting Relationships in Access Control Using Role Based Access Control. In: Proc. RBAC 1999, pp. 55–65 (1999)

    Google Scholar 

  24. Liu, R., Bhattacharya, K., Wu, F.: Modeling Business Contexture and Behavior Using Business Artifacts. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 324–339. Springer, Heidelberg (2007)

    Google Scholar 

  25. Vanderfeesten, I.T.P., Reijers, H.A., van der Aalst, W.M.P.: Product-based Workow Support: Dynamic Workow Execution. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 571–574. Springer, Heidelberg (2008)

    Google Scholar 

  26. Müller, D., Reichert, M., Herbst, J.: A New Paradigm for the Enactment and Dynamic Adaptation of Data-driven Process Structures. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 48–63. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Sandhu, R., Thomas, R.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: Proc. IFIP 1997, pp. 166–181 (1997)

    Google Scholar 

  28. Wu, S., Sheth, A., Miller, J., Luo, Z.: Authorization and Access Control Of Application Data In Workflow-Systems. JIIS 18, 71–94 (2002)

    Google Scholar 

  29. Lupu, E., Sloman, M.: A Policy Based Role Object Model. In: Proc. EDOC 1997, pp. 36–47 (1997)

    Google Scholar 

  30. Thomas, R.: Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. In: Proc. RBAC 1997, pp. 13–19 (1997)

    Google Scholar 

  31. Russell, N., Hofstede, A., Edmond, D.: Workflow Resource Patterns. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)

    Google Scholar 

  32. Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints. IJCIS 12 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Databases and Information Systems, Ulm University, Germany

    Vera Künzle & Manfred Reichert

Authors
  1. Vera Künzle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manfred Reichert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ulm University, Germany and University of Vienna, Austria

    Stefanie Rinderle-Ma

  2. University of Queensland, St Lucia, Qld, Australia

    Shazia Sadiq

  3. IAAS, University of Stuttgart, Germany

    Frank Leymann

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Künzle, V., Reichert, M. (2010). Integrating Users in Object-Aware Process Management Systems: Issues and Challenges. In: Rinderle-Ma, S., Sadiq, S., Leymann, F. (eds) Business Process Management Workshops. BPM 2009. Lecture Notes in Business Information Processing, vol 43. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12186-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12186-9_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12185-2

  • Online ISBN: 978-3-642-12186-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation