Specifying Process-Aware Access Control Rules in SBVR
نویسندگان
چکیده
Access control is an important aspect of regulatory compliance. Therefore, access control specifications must be process-aware in that they can refer to an underlying business process context, but do not specify when and how they must be enforced. Such access control specifications are often expressed in terms of general rules and exceptions, akin to defeasible logic. In this paper we demonstrate how a role-based, process-aware access control policy can be specified in the SBVR. In particular, we define an SBVR vocabulary that allows for a process-aware specification of defeasible access control rules. Because SBVR does not support defeasible rules, we show how a set of defeasible access control rules can be transformed into ordinary SBVR access control rules using decision tables as a transformation mechanism.
منابع مشابه
Unified Patterns to Transform Business Rules into an Event Coordination Mechanism
Business rules define and constrain various aspects of the business, such as vocabulary, behavior and organizational issues. Enforcing the various rules of the business in information systems is not straightforward, because different mechanisms exist for the transformation of business rules into model driven implementations, leading to partial solutions for process management, data constraints,...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملSBVR's Approach to Controlled Natural Language
The "Semantics of Business Vocabulary and Business Rules" (SBVR 1.0) is one of the initial specifications in the OMG's family of business-focused specifications. SBVR covers two aspects: Vocabulary (natural language ontology) and Rules (elements of guidance that govern actions). However, SBVR does not standardize any particular language for expressing vocabularies and rules. Instead, SBVR uses ...
متن کاملOn Specifying Requirements Using a Semantically Controlled Representation
Requirements are typically specified in natural languages (NL) such as English and then analyzed by analysts and developers to generate formal software design/model. However, English is ambiguous and the requirements specified in English can result in erroneous and absurd software designs. We propose a semantically controlled representation based on SBVR for specifying requirements. The SBVR ba...
متن کاملSBVR Business Rules Generation from Natural Language Specification
In this paper, we present a novel approach of translating natural languages specification to SBVR business rules. The business rules constraint business structure or control behaviour of a business process. In modern business modelling, one of the important phases is writing business rules. Typically, a business rule analyst has to manually write hundreds of business rules in a natural language...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007