Tuesday, 22 November 2011

what we need to enforce Sec. into BPM

G. Governatori. Law, logic and business processes. In Requirements Engineering and Law (RELAW), 2010 Third International Workshop on, pages 1 –10, sept. 2010.

It is a relationship between two set of specifications, where one the target does not result in violation of the source. This means that to determine whether a business process is appling the relevant security policies, one has to have:
1) a formal specification of the business process;
2) a formal specification of the (relevant) security policies;
3) a common framework to interface the two sets of specifications.
 

G. Governatori and Z. Milosevic. A formal analysis of a business contract language. Int. J. Cooperative Inf. Syst., 15(4):659–685, 2006.


A formal language for security policies should be conceptual, allowing its users to focus exclusively on aspects related to the content of the policy, ignoring implementation aspects.


No comments:

Post a Comment