Because
data do not behave on there own (non-behavioral entity), so, to trust data in
BPM will mean that data should resist
any malicious attack and stay as they are expected to be. For
example in a banking sector, if a transfer process was to ‘transfer $5,000 to
account number 12345’ if the data got maliciously manipulated and the attacker
changed the account number the process will end up not doing what it is
expected to do. Another example if the attacker changed the data of ‘transfer
to’ and made it ‘transfer from’ the client will end up loosing money instead of
getting money. So it is important for both ‘control data’ and ‘object data’ to
know if they are trustworthy r not, it is important for the resource and the system
to know the trustworthiness of the data. There are few ideas on how to solve
this problem, for example we can build trust-annotated data so system and
resources will use these annotations to analyze the trustworthiness of the
data.
No comments:
Post a Comment