为业务用途扩展基于角色的访问控制

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.28

Heiko Klarl, Korbinian Molitorisz, Christian Emig, K. Klinger, S. Abeck

{"title":"为业务用途扩展基于角色的访问控制","authors":"Heiko Klarl, Korbinian Molitorisz, Christian Emig, K. Klinger, S. Abeck","doi":"10.1109/SECURWARE.2009.28","DOIUrl":null,"url":null,"abstract":"Role-based access control (RBAC) is used for managing authorisation in IT systems, by utilising the concept of roles. Existing approaches do not clearly define the term \"role\" in its different contexts as well as not considering the relation between roles and business process modelling. Therefore this work introduces business and system role-based access control (B&S-RBAC). Established role-based access control models are extended with a business perspective and the term role is defined from a business and from an IT perspective, resulting in business and system roles. The relation between them is shown in a meta-model and the usage of business roles for secure business process modelling is explained.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Extending Role-Based Access Control for Business Usage\",\"authors\":\"Heiko Klarl, Korbinian Molitorisz, Christian Emig, K. Klinger, S. Abeck\",\"doi\":\"10.1109/SECURWARE.2009.28\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Role-based access control (RBAC) is used for managing authorisation in IT systems, by utilising the concept of roles. Existing approaches do not clearly define the term \\\"role\\\" in its different contexts as well as not considering the relation between roles and business process modelling. Therefore this work introduces business and system role-based access control (B&S-RBAC). Established role-based access control models are extended with a business perspective and the term role is defined from a business and from an IT perspective, resulting in business and system roles. The relation between them is shown in a meta-model and the usage of business roles for secure business process modelling is explained.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.28\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

基于角色的访问控制(RBAC)利用角色的概念，用于管理IT系统中的授权。现有的方法没有在不同的上下文中清楚地定义术语“角色”，也没有考虑角色和业务流程建模之间的关系。因此，本文引入了基于业务和系统角色的访问控制(B&S-RBAC)。已建立的基于角色的访问控制模型通过业务角度进行扩展，术语角色从业务角度和IT角度定义，从而产生业务角色和系统角色。它们之间的关系显示在元模型中，并解释了用于安全业务流程建模的业务角色的用法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Extending Role-Based Access Control for Business Usage

Role-based access control (RBAC) is used for managing authorisation in IT systems, by utilising the concept of roles. Existing approaches do not clearly define the term "role" in its different contexts as well as not considering the relation between roles and business process modelling. Therefore this work introduces business and system role-based access control (B&S-RBAC). Established role-based access control models are extended with a business perspective and the term role is defined from a business and from an IT perspective, resulting in business and system roles. The relation between them is shown in a meta-model and the usage of business roles for secure business process modelling is explained.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量