Extending Role-based Access Control for Business Usage
Abstract:
Role-based access control (RBAC) is used for managing
authorisation in IT systems, by utilising the concept of
roles. Existing approaches do not clearly define the term
role in its different contexts as well as not considering
the relation between roles and business process modelling.
Therefore this work introduces business and system rolebased
access control (B&S-RBAC). Established role-based
access control models are extended with a business perspective
and the term role is defined from a business and
from an IT perspective, resulting in business and system
roles. The relation between them is shown in a meta-model
and the usage of business roles for secure business process
modelling is explained.
authorisation in IT systems, by utilising the concept of
roles. Existing approaches do not clearly define the term
role in its different contexts as well as not considering
the relation between roles and business process modelling.
Therefore this work introduces business and system rolebased
access control (B&S-RBAC). Established role-based
access control models are extended with a business perspective
and the term role is defined from a business and
from an IT perspective, resulting in business and system
roles. The relation between them is shown in a meta-model
and the usage of business roles for secure business process
modelling is explained.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2009 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-0-7695-3668-2 urn:nbn:de:swb:90-120131 KITopen-ID: 1000012013 |
| Erschienen in | The Third International Conference on Emerging Security Information, Systems and Technologies |
| Seiten | 136-141 |