Skip to Main Content
Administrative controls exist to ensure that business activities are correctly managed and controlled according to corporate and legal regulations. With many organisations reliant on complex IT solutions these controls relate to functionality of software. In this paper we present an extension for business process models to express administrative controls, such as role-based, mandatory or dynamic separation of duty access control policies on the abstraction level of business process models. A model-driven approach is applied to generate platform-specific policies. As an example we utilise the eXtensible Access Control Markup Language (XACML).
Date of Conference: 20-22 July 2009