Wednesday, 10 November 2010

Summery of: Modeling of Task-Based Authorization Constraints in BPMN

Title: Modeling of Task-Based Authorization Constraints in BPMN
Authors: Christian Wolter, and Andreas Schaad
Published: 2007

This paper proposes an extension for the Business Process Modeling Notation (BPMN) to express “authorization constraints for task allocation in workflows” within the workflow model. Such as Separation of Duty, Role-Based Allocation, Case Handling, or History-Based Allocation in BPMN.

The paper defines Task-based authorization constraints as “express who is allowed or must perform a certain task under specific circumstances in the context of a workflow”, and it state that most resource allocation pattern are not supported in the domain of business process modeling.

This paper provides:
      Formal definition of authorization constraints in the context of workflow models.
      Example workflow constraints derived from the banking domain and their formal representation.
      Evaluation of BPMN’s capabilities to express task-based authorization constraints in the context of resource allocation and defines a BPMN extension for the specification of appropriate authorization constraints.
      Applies the proposed BPMN extension to a real world banking scenario to evaluate its applicability.

Then it went in defining the constrains and what security requirements this paper is going cover, paper provided deep technical and mathematical definition of all the constrains related (such as task-roll, and conflict tasks). But all can be summarized in the below table:


Then the paper gave an example about a real-life process (Banking workflow) that can make use of these constraints, example can be understood from the process model:

And explained the 6 constraints that need to be applied in this process: Clerk must interact with the customer, bank manager must sign the form, user must not check the credit worthiness, bank manager may act as a clerk, user acquiring the customer data must identify the customer’s account, For a single customer an user must not perform more than five tasks. And gave the mathematical equation for each.

Finally, the paper explained how to solve these requirement and how to have them as an extension to BPMN, then showed how to represent each in a model (such as manual tasks and roles, task grouping and looping, Allocation Constraint Artifact), and finally reproduced the process model with all the 6 requirements expressed in the model, as shown below:

This paper presented a novel approach to describe authorization constraints for manual tasks within the Business Process Modeling Notation.

No comments:

Post a Comment