BP-XACML: An authorisation policy language for business processes
Alissa, Khalid, Reid, Jason, Dawson, Ed, & Salim, Farzad (2015) BP-XACML: An authorisation policy language for business processes. In Foo, Ernest & Stebila, Douglas (Eds.) Information Security and Privacy: 20th Australasian Conference, ACISP 2015, Proceedings [Lecture Notes in Computer Science, Volume 9144], Springer, QUT Gardens Point, Brisbane, Australia, pp. 307-325.
XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task instance, which are important requirements in enforcing business process authorisation policies.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Conference Paper|
|Keywords:||Authorisation policy language, Authorisation management, XACML, BPM, Workflow, Business Process|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000)|
|Divisions:||Past > Schools > Computer Science
Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
|Copyright Owner:||Copyright 2015 [please consult the authors]|
|Deposited On:||06 May 2015 03:30|
|Last Modified:||01 Jul 2015 14:02|
Repository Staff Only: item control page