Authors: Christian Wolter, and Andreas Schaad
Published: 2007
This paper proposes an extension for the
Business Process Modeling Notation (BPMN) to express “authorization constraints
for task allocation in workflows” within the workflow model. Such as Separation
of Duty, Role-Based Allocation, Case Handling, or History-Based Allocation in
BPMN.
The paper defines Task-based authorization
constraints as “express who is allowed or must perform a certain task under
specific circumstances in the context of a workflow”, and it state that most
resource allocation pattern are not supported in the domain of business process
modeling.
This paper provides:
–
Formal definition of
authorization constraints in the context of workflow models.
–
Example workflow constraints
derived from the banking domain and their formal representation.
–
Evaluation of BPMN’s
capabilities to express task-based authorization constraints in the context of
resource allocation and defines a BPMN extension for the specification of
appropriate authorization constraints.
–
Applies the proposed BPMN
extension to a real world banking scenario to evaluate its applicability.
Then it went in defining the constrains and
what security requirements this paper is going cover, paper provided deep
technical and mathematical definition of all the constrains related (such as
task-roll, and conflict tasks). But all can be summarized in the below table:
Then the paper gave an example about a
real-life process (Banking workflow) that can make use of these constraints,
example can be understood from the process model:
And explained the 6 constraints that need
to be applied in this process: Clerk must
interact with the customer, bank manager must sign the form, user must not
check the credit worthiness, bank manager may act as a clerk, user acquiring
the customer data must identify the customer’s account, For a single customer
an user must not perform more than five tasks. And gave the mathematical
equation for each.
Finally, the paper explained how to solve
these requirement and how to have them as an extension to BPMN, then showed how
to represent each in a model (such as manual tasks and roles, task grouping and
looping, Allocation Constraint Artifact), and finally reproduced the process
model with all the 6 requirements expressed in the model, as shown below:
This paper presented a novel approach to
describe authorization constraints for manual tasks within the Business Process
Modeling Notation.
No comments:
Post a Comment