M. zur Muehlen and M. Indulska. Modeling languages for business
processes and business rules: A representational analysis. Information Systems,
35(4):379–390, Elsevier, 2010.
Process modeling languages and security policies languages are both used to document organizational policies and procedures. While process modeling languages typically describe a procedural sequence of activities, including decisions and concurrency, security policy languages often rely on a declarative description of security conditions, and constraints that need to be followed. To date, their synergies and overlap are under researched. Understanding the relationship between the two languages types would allow organizations to maximize synergies, avoid content duplication, and thus reduce their overall effort.
G. Governatori. Law, logic and business processes. In Requirements Engineering and Law (RELAW), 2010 Third International Workshop on, pages 1 –10, sept. 2010.
S. Sadiq and G. Governatori, “Managing regulatory compliance in business processes,” in Handbook of Business Process Management, J. van Brocke and M. Rosemann, Eds. Berlin: Springer, 2010, vol. 2, ch. 8, pp. 157–173.
Nowadays more and more businesses in all sectors relay and heavily depends on their process aware information systems. These systems are now essential to control, administer and enact all core business activities. Furthermore, failure to follow security policies is no longer an option. This means that research in business processes must now address the issue of how to incorporate techniques to handle security policies requirements, and these techniques should be conceptual, in the sense that they should provide notions and construction as close as possible to the concepts they intend to models. Until now ad-hoc solutions appear as the only option for otherwise routine situations. This leads to increased cost, and this is one of the reasons why security policies are still seen as burden on a process, instead of an opportunity to improve the performance of it.
S. Goedertier and J. Vanthienen. Designing compliant business
processes with obligations and permissions. In J. Eder and S. Dustdar, editors,
Business Process Management Workshops, volume 4103 of Lecture Notes in Computer
Science, pages 5–14. Springer, 2006.
Business process languages such as UML Activity Diagrams, BPMN, Event- Process-Chains, etc. are most often based on the control-flow paradigm, and define an explicit order relation between the activities in the process. These order relations even occur in the case handling paradigm, in which a preferred or normal control-flow is defined between activities. What is lacking is a declarative approach that makes the partial order relations due to security and legal requirements more explicit.
No comments:
Post a Comment