Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization

Abstract

In this paper we describe the work in progress with a process-oriented approach for role-finding to implement Role-Based Security Administration. Our results stem from using a recently proposed role model and procedural model at Siemens AG ICN, a large industrial organization. The core of this paper presents the data model, which integrates business processes, role based security administration and access control. Moreover, a structured top-down approach is outlined which is the basis for derivation of suitable business roles from enterprise process models. A brief description is given on how these results may be used to first build the Role Catalog and then support the implementation of RBAC and a single point of administration and control, using a cross-platform administration tool.