while reading in a paper about Security for Workflow, i found an interesting definitions for security requirements in regards to the BPM terminology.
Vijay Atluri in his paper "Security for Workflow Systems" thinks that the security requirements for Workflows are:
Confidentiality:
This refers to unauthorized disclosure of information including the specification, and the workflow instances during its execution.
Integrity:
Refers to the unauthorized modification of information, again including the specification as well as the data manipulated during the execution of a workflow instance.
Availability:
Refers to making the data and resources available to the agents responsible for executing the tasks in a workflow.
Authentication:
Refers to reliably verifying the identity of the task execution agents
Authorization:
Refers to enforcing access control to ensure confidentiality and integrity
Audit:
Refers to recording information about who has performed which actions at what time within the workflow, which can later be analyzed to detect suspicious behavior and misuse of authority.
Anonymity:
Refers to keeping the agents anonymous from other agents executing the workflow. This may be needed especially when agents with conflict-of-interest execute different tasks within a workflow.
Separation of duties:
These are additional constraints associated with the workflow to reduce the risk of fraud.
Reference:
Security for Workflow Systems, Vijay Atluri, Rutgers University, 2002.
No comments:
Post a Comment