[1]
M. Backes, B. Pfitzmann, and M. Waidner. Security in business process
engineering. In W. M. P. van der Aalst, A. H. M. ter Hofstede, and M. Weske,
editors, Business Process Management, volume 2678 of Lecture Notes in Computer
Science, pages 168–183. Springer, 2003.
The
paper starts by showing that security is usually neglected in the modelling
phase and only integrated in an ad-hoc manner later on, then it goes on showing
how problematic this approach is, and how that security should be considered
earlier as it will make it clearer, easier, and will produce less errors.
The
paper then discusses the trust models, and how they can be applied to BPM, it
also give an example to illustrate the need of integrating security (specially
cryptography) in early stagiest of BPM. The example used was "Certified
Mail System". The paper then went in to technical details in showing what
security requirements are needed in such example; it was focusing more on the
cryptographic requirements, and little on Trust.
Then
it goes on showing in detailed technical way how would considering security requirements
from the beginning help in building butter system.
It
finally ends with comparing this work with other works done by others, and
showing how considering cryptography from the beginning was useful in this
example.
Relation
to the research on hand, this paper shows the importance of early consideration
of security, instead of an ad-hoc way. It also add to the review on what work
is done in integrating security in to BPM. Also it gave a brief discussion
about trust and trust-models, and showed that this might be important to BPM
and it need to be integrated.
No comments:
Post a Comment