Sciweavers

ACISP
2015
Springer

BP-XACML an Authorisation Policy Language for Business Processes

8 years 7 months ago
BP-XACML an Authorisation Policy Language for Business Processes
Abstract. XACML has become the defacto standard for enterprisewide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task insta...
Khalid Alissa, Jason Reid, Ed Dawson, Farzad Salim
Added 13 Apr 2016
Updated 13 Apr 2016
Type Journal
Year 2015
Where ACISP
Authors Khalid Alissa, Jason Reid, Ed Dawson, Farzad Salim
Comments (0)