By Topic

SOAC-Net: A Model to Manage Service-Based Business Process Authorization

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Haiyang Sun ; Dept. of Comput., Macquarie Univ., Sydney, NSW, Australia ; Jian Yang ; Weiliang Zhao ; Surya Nepal

Business process (BP) can be supported by a large number of resources with evolving contents. In order to receive the support from these resources, the BP must satisfy the authorization policies of these resources. On the other hand, a BP also has its own authorization policies that users must satisfy in order to interact with the BP. Meanwhile, execution policies need to be applied to manage the sequence of tasks invocations in a BP. Therefore, without proper coordination among these policies, BP may not be able to perform correctly, e.g., imperative support from a specific resource could be missing or unauthorized user access can occur. An effective authorization management bringing all types of policies together becomes a must for a BP executing correctly without breaking any authorization and business rules. In this paper, we propose a process model, SOAC-Net that is incorporated with an authorization model, Process-Aware Service-Oriented Authorization Control (PASOAC). PASOAC is an extension of Role Based Access Control (RBAC), which takes both resource and user into account. A set of authorization constraints are designed in PASOAC to coordinate the user access and the resource support in a process environment.

Published in:

Services Computing (SCC), 2012 IEEE Ninth International Conference on

Date of Conference:

24-29 June 2012