Thursday, 24 March 2011

Trust & data in BPM


Because data do not behave on there own (non-behavioral entity), so, to trust data in BPM will mean that data should resist any malicious attack and stay as they are expected to be. For example in a banking sector, if a transfer process was to ‘transfer $5,000 to account number 12345’ if the data got maliciously manipulated and the attacker changed the account number the process will end up not doing what it is expected to do. Another example if the attacker changed the data of ‘transfer to’ and made it ‘transfer from’ the client will end up loosing money instead of getting money. So it is important for both ‘control data’ and ‘object data’ to know if they are trustworthy r not, it is important for the resource and the system to know the trustworthiness of the data. There are few ideas on how to solve this problem, for example we can build trust-annotated data so system and resources will use these annotations to analyze the trustworthiness of the data.

No comments:

Post a Comment