Annotated Bib.: Modeling of task-based authorization constraints in bpmn

[1] C. Wolter and A. Schaad. Modeling of task-based authorization constraints in bpmn. In G. Alonso, P. Dadam, and M. Rosemann, editors, BPM, volume 4714 of Lecture Notes in Computer Science, pages 64–79. Springer, 2007.

 

 

This paper proposes an extension for the Business Process Modeling Notation (BPMN) to express “authorization constraints for task allocation in workflows” within the workflow model, such as Separation of Duty, Role-Based Allocation, Case Handling, or History-Based Allocation in BPMN.

The paper defines Task-based authorization constraints that it “expresses who is allowed or must perform a certain task under specific circumstances in the context of a workflow”, and it state that most resource allocation pattern are not supported in the domain of business process modeling.

This paper provides:

–       Formal definition of authorization constraints in the context of workflow models.

–       Example workflow constraints derived from the banking domain and their formal representation.

–       Evaluation of BPMN’s capabilities to express task-based authorization constraints in the context of resource allocation and defines a BPMN extension for the specification of appropriate authorization constraints.

–       Applies the proposed BPMN extension to a real world, banking scenario, to evaluate its applicability.

Then the paper gave an example about a real-life process (Banking workflow) that can make use of these constraints, and explained the 6 constraints that need to be applied in this process: Clerk must interact with the customer, bank manager must sign the form, user must not check the credit worthiness, bank manager may act as a clerk, user acquiring the customer data must identify the customer’s account, For a single customer an user must not perform more than five tasks. Then provided deep technical and mathematical definition of all these constrains.

Finally, the paper explained how to solve these requirement and how to have them as an extension to BPMN, then showed how to represent each in a model (such as manual tasks and roles, task grouping and looping, Allocation Constraint Artifact), and finally reproduced the process model with all the six requirements expressed in the model, as shown below:

 

Relation to research in hand, this paper presented a novel approach to describe authorization constraints for manual tasks within the Business Process Modeling Notation. It covered one security requirement (authorization) in one modeling language (BPMN), but covered it in details, and showed six different requirements and constrains all related to authorization. The idea of this paper could be extended to other modeling languages and to make it generic to cover the authorization aspect in process modeling.