Alignment of remmo with rbac to manage access rights in the frame of enterpri...christophefeltus
The document proposes aligning a Responsibility metamodel (ReMMo) with the Role-Based Access Control (RBAC) model to better manage access rights based on employee responsibilities within an enterprise architecture. It first defines the ReMMo to represent business responsibilities and related access rights. ReMMo is then integrated with the ArchiMate enterprise architecture framework. Finally, the paper proposes aligning ReMMo and RBAC and provides a reference model for engineering access rights based on aligning business roles, responsibilities, and RBAC roles. This approach uses responsibility as a pivot to integrate business and application layer access rights requirements.
DESIGN AND DEVELOPMENT OF BUSINESS RULES MANAGEMENT SYSTEM (BRMS) USING ATLAN...ijcsit
The document describes the design and development of a Business Rules Management System (BRMS) using the ATL and Eclipse Sirius frameworks. It proposes a new "Target Ecore meta model" to improve the structure and management of business rules. The system allows business rules to be modeled and transformed from their current format into an object-oriented format using ATL model transformations. This provides improved modularity, scalability and extensibility of the rules compared to the original structure. A case study demonstrates transforming an example business rule from a software package based on the proposed approach.
RESILIENT INTERFACE DESIGN FOR SAFETY-CRITICAL EMBEDDED AUTOMOTIVE SOFTWAREcsandit
The replacement of the former, purely mechanical, functionality with mechatronics-based solutions, the introduction of new propulsion technologies, and the connection of cars to their environment are just a few reasons for the continuously increasing electrical and/or electronic
system (E/E system) complexity in modern passenger cars. Smart methodologies and techniques have been introduced in system development to cope with these new challenges. A topic that is often neglected is the definition of the interface between the hardware and software subsystems.
However, during the development of safety-critical E/E systems, according to the automotive
functional safety standard ISO 26262, an unambiguous definition of the hardware-software interface (HSI) has become vital. This paper presents a domain-specific modelling approach for mechatronic systems with an integrated hardware-software interface definition feature. The
newly developed model-based domain-specific language is tailored to the needs of mechatronic system engineers and supports the system’s architectural design including the interface definition, with a special focus on safety-criticality.
Towards a semantic for uml activity diagram based on institution theory for i...csandit
In this article, we define an approach for model transformation. We use the example of UML
Activity Diagram (UML AD) and Event-B as a source and a target formalism. Before doing the
transformation, a formal semantic is given to the source formalism. We use the institution
theory to define the intended semantic. With this theory, we gain a algebraic specification for
this formalism. Thus, the source formalism will be defined in its own natural semantic meaning
without any intermediate semantic. Model transformation will be performed by a set of
transformation schema which preserve the semantic expressed in the source model during the
transformation process. The generated model expressed in Event-B language will be used for
the formal verification of the source model. As a result, some model expressed in a precise
formalism, the verification of this model can be seen as the verification of the Event-B model
semantically equivalent to the source model. Then, in the present work we combine the
institution theory, Event-Bmethod and graph grammar to develop an approach supporting the
specification, the transformation and the verification of UML AD.
Evolution of Modelling Techniques for Service Oriented ArchitectureIJERA Editor
Service-oriented architecture (SOA) is a software design and architecture design pattern based on independent pieces of software providing functionality as services to other applications. The benefit of SOA in the IT infrastructure is to allow parallel use and data exchange between programs which are services to the enterprise. Unified Modelling Language (UML) is a standardized general-purpose modelling language in the field of software engineering. The UML includes a set of graphic notation techniques to create visual models of object-oriented software systems. We want to make UML available for SOA as well. SoaML (Service oriented architecture Modelling Language) is an open source specification project from the Object Management Group (OMG), describing a UML profile and meta-model for the modelling and design of services within a service-oriented architecture. BPMN was also extended for SOA but there were few pitfalls. There is a need of a modelling framework which dedicated to SOA. Michael Bell authored a framework called Service Oriented Modelling Framework (SOMF) which is dedicated for SOA.
Mohammed Yousuf has over 14 years of experience in information technology and
telecommunications. He holds a Bachelor's degree in Information Technology and a diploma in
Electronics and Telecommunications Engineering. He is currently pursuing a Master's degree in
Computer Science and Engineering. For the past 14 years, he has held various leadership roles such as
Vice President at Renaissance Softlabs where he helped establish training programs in areas like mobile
application development, telecommunications, and enterprise solutions. He now runs his own consulting
firm called CatalystONE Consulting Services which aims to help universities and corporations.
This document summarizes a presentation by three IBM employees on applying cognitive computing techniques to improve the delivery of messages in z/OS enterprise systems. It discusses their multidisciplinary backgrounds and collaborative approach to enhancing the search and information experience for customers. Specifically, it addresses tagging z/OS documentation in XML, classifying content, and using metadata to improve search results for messages and other system information.
Alignment of remmo with rbac to manage access rights in the frame of enterpri...christophefeltus
The document proposes aligning a Responsibility metamodel (ReMMo) with the Role-Based Access Control (RBAC) model to better manage access rights based on employee responsibilities within an enterprise architecture. It first defines the ReMMo to represent business responsibilities and related access rights. ReMMo is then integrated with the ArchiMate enterprise architecture framework. Finally, the paper proposes aligning ReMMo and RBAC and provides a reference model for engineering access rights based on aligning business roles, responsibilities, and RBAC roles. This approach uses responsibility as a pivot to integrate business and application layer access rights requirements.
DESIGN AND DEVELOPMENT OF BUSINESS RULES MANAGEMENT SYSTEM (BRMS) USING ATLAN...ijcsit
The document describes the design and development of a Business Rules Management System (BRMS) using the ATL and Eclipse Sirius frameworks. It proposes a new "Target Ecore meta model" to improve the structure and management of business rules. The system allows business rules to be modeled and transformed from their current format into an object-oriented format using ATL model transformations. This provides improved modularity, scalability and extensibility of the rules compared to the original structure. A case study demonstrates transforming an example business rule from a software package based on the proposed approach.
RESILIENT INTERFACE DESIGN FOR SAFETY-CRITICAL EMBEDDED AUTOMOTIVE SOFTWAREcsandit
The replacement of the former, purely mechanical, functionality with mechatronics-based solutions, the introduction of new propulsion technologies, and the connection of cars to their environment are just a few reasons for the continuously increasing electrical and/or electronic
system (E/E system) complexity in modern passenger cars. Smart methodologies and techniques have been introduced in system development to cope with these new challenges. A topic that is often neglected is the definition of the interface between the hardware and software subsystems.
However, during the development of safety-critical E/E systems, according to the automotive
functional safety standard ISO 26262, an unambiguous definition of the hardware-software interface (HSI) has become vital. This paper presents a domain-specific modelling approach for mechatronic systems with an integrated hardware-software interface definition feature. The
newly developed model-based domain-specific language is tailored to the needs of mechatronic system engineers and supports the system’s architectural design including the interface definition, with a special focus on safety-criticality.
Towards a semantic for uml activity diagram based on institution theory for i...csandit
In this article, we define an approach for model transformation. We use the example of UML
Activity Diagram (UML AD) and Event-B as a source and a target formalism. Before doing the
transformation, a formal semantic is given to the source formalism. We use the institution
theory to define the intended semantic. With this theory, we gain a algebraic specification for
this formalism. Thus, the source formalism will be defined in its own natural semantic meaning
without any intermediate semantic. Model transformation will be performed by a set of
transformation schema which preserve the semantic expressed in the source model during the
transformation process. The generated model expressed in Event-B language will be used for
the formal verification of the source model. As a result, some model expressed in a precise
formalism, the verification of this model can be seen as the verification of the Event-B model
semantically equivalent to the source model. Then, in the present work we combine the
institution theory, Event-Bmethod and graph grammar to develop an approach supporting the
specification, the transformation and the verification of UML AD.
Evolution of Modelling Techniques for Service Oriented ArchitectureIJERA Editor
Service-oriented architecture (SOA) is a software design and architecture design pattern based on independent pieces of software providing functionality as services to other applications. The benefit of SOA in the IT infrastructure is to allow parallel use and data exchange between programs which are services to the enterprise. Unified Modelling Language (UML) is a standardized general-purpose modelling language in the field of software engineering. The UML includes a set of graphic notation techniques to create visual models of object-oriented software systems. We want to make UML available for SOA as well. SoaML (Service oriented architecture Modelling Language) is an open source specification project from the Object Management Group (OMG), describing a UML profile and meta-model for the modelling and design of services within a service-oriented architecture. BPMN was also extended for SOA but there were few pitfalls. There is a need of a modelling framework which dedicated to SOA. Michael Bell authored a framework called Service Oriented Modelling Framework (SOMF) which is dedicated for SOA.
Mohammed Yousuf has over 14 years of experience in information technology and
telecommunications. He holds a Bachelor's degree in Information Technology and a diploma in
Electronics and Telecommunications Engineering. He is currently pursuing a Master's degree in
Computer Science and Engineering. For the past 14 years, he has held various leadership roles such as
Vice President at Renaissance Softlabs where he helped establish training programs in areas like mobile
application development, telecommunications, and enterprise solutions. He now runs his own consulting
firm called CatalystONE Consulting Services which aims to help universities and corporations.
This document summarizes a presentation by three IBM employees on applying cognitive computing techniques to improve the delivery of messages in z/OS enterprise systems. It discusses their multidisciplinary backgrounds and collaborative approach to enhancing the search and information experience for customers. Specifically, it addresses tagging z/OS documentation in XML, classifying content, and using metadata to improve search results for messages and other system information.
Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for...Iver Band
In this paper, we describe an innovative approach for aligning the
business layer and the application layer of ArchiMate to ensure
that applications manage access rights consistently with enterprise
goals and risk tolerances. The alignment is realized by using the
responsibility of the employees, which we model using ReMoLa.
The main focus of the alignment targets the definition and the
assignment of the access rights needed by the employees
according to business specification. The approach is illustrated
and validated with a case study in a municipal hospital in
Luxembourg.
1) In 389 BC, barbaric Celtic tribes invaded the Roman Empire, looting and burning the city until paid ransom.
2) In 535 AD, the massive volcanic eruption of Krakatoa caused global climate catastrophe and stunted tree growth for years.
3) In 1532, 168 Spanish conquistadors led by Francisco Pizarro attacked and killed 7,000 Inca soldiers in Peru, conquering the vast Inca Empire with few casualties due to their technological advantages.
This document outlines the author Elly Sawicky's history including their hometown of Mission Viejo, California, travels to San Francisco, Kauai, Victoria, Lake Dillon and the Grand Canyon, their family consisting of their mother Kathy, father Richard, sister Hannah and brother Luke, education at Capistrano Valley High School and Saddleback College, job as a shift supervisor at Starbucks, and favorite things such as their dogs, being in the sun, the beach, hot chocolate, and Italian food.
Headway Chemicals presents its range of fire protection and sealing products for the construction industry. It distributes products from NPT Italy, including one-part polyurethane sealants for joints in concrete and buildings. It also offers polyurethane foam, passive fire protection products, and intumescent fire stopping materials like sealants, mortars, coatings, and putty. Headway has a 20-year production history, fully equipped laboratories for product development and testing, and distributes globally through partnerships like the one with NPT Italy.
This short document promotes fat loss and provides a link to more information, suggesting that fat loss does not have to be hard but is important for one's health. It encourages the reader to check out the link now and not wait to learn more about how simple fat loss can be for them.
The document lists various automobile models from 1900 to 1937, including brands such as Berliet, National, Cadillac, Ford, Packard, Rolls Royce, Locomobile, Simplex Crane, Isotta Fraschini, Minerva, McFarlan, Bentley, Stutz, Duesenberg, Cord, Willys-Knight, Mercedes Benz, Chrysler, Ford, Lagonda, and others. The models range from touring cars, roadsters, sedans, limousines, and convertibles. The listing includes both vintage and classic automobiles from early in the 20th century.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
"Outsourcing and globalization have numerous benefits, but they have a significant downside—the proliferation of counterfeits and sales through unauthorized channels."
The document discusses different types of sales approaches. It contrasts the traditional "vendor centric" approach where salespeople try to sell products to customers with a "customer centric" approach. The customer centric approach focuses on understanding customer needs and problems, allowing customers to define their own selection criteria and make their own decisions about whether and what to purchase based on evaluating alternatives themselves. The document advocates that sales processes should be adaptive to customers rather than manipulative.
The document provides an overview of Arduino labs and training. It discusses that Arduino is low-cost, easy to use, and open-source. The initial labs focus on basics like blinking LEDs and serial communication. Later labs introduce more complex devices and integrating multiple devices. The training covers basic programming, communication between devices, and creating real-life applications. Materials required include an Arduino board, computer, power supply and cables. Installation involves downloading the Arduino software and selecting the correct board and port.
This document describes an Arduino lab experiment to generate an SOS signal using LED blinks of different durations. It defines a pin for the LED, sets it as an output, and uses a for loop in the main loop function to blink the LED three times at 100ms intervals and three times at 300ms intervals to create the Morse code pattern for SOS. This pattern would be recognized as an SOS signal, most commonly associated with distress signals heard on radios and televisions for many years. The document provides contact information for the author to ask additional questions.
Impact of counterfeits on electronics companiesNEW Momentum
Outsourcing and globalization have numerous benefits, but there is a downside—the proliferation of counterfeits and sales through unauthorized channels. This paper demonstrates the impact of counterfeits on electronics companies and gives solutions for finding the violators as well as a four-step roadmap for recovering revenue lost to counterfeits.
The document summarizes that TBD Enterprises is committed to being a partner to customers and helping them succeed by providing the highest quality and cost-effective automation solutions and services. It presents TBD as offering complete solutions for robotic and non-robotic automation needs across various industries and processes, as well as related services from engineering to shipping. Customers are encouraged to contact TBD to have their production processes or products reviewed for potential optimizations.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for...Iver Band
In this paper, we describe an innovative approach for aligning the
business layer and the application layer of ArchiMate to ensure
that applications manage access rights consistently with enterprise
goals and risk tolerances. The alignment is realized by using the
responsibility of the employees, which we model using ReMoLa.
The main focus of the alignment targets the definition and the
assignment of the access rights needed by the employees
according to business specification. The approach is illustrated
and validated with a case study in a municipal hospital in
Luxembourg.
1) In 389 BC, barbaric Celtic tribes invaded the Roman Empire, looting and burning the city until paid ransom.
2) In 535 AD, the massive volcanic eruption of Krakatoa caused global climate catastrophe and stunted tree growth for years.
3) In 1532, 168 Spanish conquistadors led by Francisco Pizarro attacked and killed 7,000 Inca soldiers in Peru, conquering the vast Inca Empire with few casualties due to their technological advantages.
This document outlines the author Elly Sawicky's history including their hometown of Mission Viejo, California, travels to San Francisco, Kauai, Victoria, Lake Dillon and the Grand Canyon, their family consisting of their mother Kathy, father Richard, sister Hannah and brother Luke, education at Capistrano Valley High School and Saddleback College, job as a shift supervisor at Starbucks, and favorite things such as their dogs, being in the sun, the beach, hot chocolate, and Italian food.
Headway Chemicals presents its range of fire protection and sealing products for the construction industry. It distributes products from NPT Italy, including one-part polyurethane sealants for joints in concrete and buildings. It also offers polyurethane foam, passive fire protection products, and intumescent fire stopping materials like sealants, mortars, coatings, and putty. Headway has a 20-year production history, fully equipped laboratories for product development and testing, and distributes globally through partnerships like the one with NPT Italy.
This short document promotes fat loss and provides a link to more information, suggesting that fat loss does not have to be hard but is important for one's health. It encourages the reader to check out the link now and not wait to learn more about how simple fat loss can be for them.
The document lists various automobile models from 1900 to 1937, including brands such as Berliet, National, Cadillac, Ford, Packard, Rolls Royce, Locomobile, Simplex Crane, Isotta Fraschini, Minerva, McFarlan, Bentley, Stutz, Duesenberg, Cord, Willys-Knight, Mercedes Benz, Chrysler, Ford, Lagonda, and others. The models range from touring cars, roadsters, sedans, limousines, and convertibles. The listing includes both vintage and classic automobiles from early in the 20th century.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
"Outsourcing and globalization have numerous benefits, but they have a significant downside—the proliferation of counterfeits and sales through unauthorized channels."
The document discusses different types of sales approaches. It contrasts the traditional "vendor centric" approach where salespeople try to sell products to customers with a "customer centric" approach. The customer centric approach focuses on understanding customer needs and problems, allowing customers to define their own selection criteria and make their own decisions about whether and what to purchase based on evaluating alternatives themselves. The document advocates that sales processes should be adaptive to customers rather than manipulative.
The document provides an overview of Arduino labs and training. It discusses that Arduino is low-cost, easy to use, and open-source. The initial labs focus on basics like blinking LEDs and serial communication. Later labs introduce more complex devices and integrating multiple devices. The training covers basic programming, communication between devices, and creating real-life applications. Materials required include an Arduino board, computer, power supply and cables. Installation involves downloading the Arduino software and selecting the correct board and port.
This document describes an Arduino lab experiment to generate an SOS signal using LED blinks of different durations. It defines a pin for the LED, sets it as an output, and uses a for loop in the main loop function to blink the LED three times at 100ms intervals and three times at 300ms intervals to create the Morse code pattern for SOS. This pattern would be recognized as an SOS signal, most commonly associated with distress signals heard on radios and televisions for many years. The document provides contact information for the author to ask additional questions.
Impact of counterfeits on electronics companiesNEW Momentum
Outsourcing and globalization have numerous benefits, but there is a downside—the proliferation of counterfeits and sales through unauthorized channels. This paper demonstrates the impact of counterfeits on electronics companies and gives solutions for finding the violators as well as a four-step roadmap for recovering revenue lost to counterfeits.
The document summarizes that TBD Enterprises is committed to being a partner to customers and helping them succeed by providing the highest quality and cost-effective automation solutions and services. It presents TBD as offering complete solutions for robotic and non-robotic automation needs across various industries and processes, as well as related services from engineering to shipping. Customers are encouraged to contact TBD to have their production processes or products reviewed for potential optimizations.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
This document proposes a metamodel for modeling reputation-based multi-agent systems using an adaptation of the ArchiMate enterprise architecture modeling framework. It describes a case study applying this metamodel to model an electrical distribution critical infrastructure system. Key elements of the metamodel include:
- Representing agents and their behaviors through policies that integrate both behavior and trust components
- Modeling trust relationships between agents using a reputation-based trust model
- Illustrating the metamodel layers and components on a system that detects weather alerts and broadcasts messages to the public through various channels like SMS or social media
Generate rough cut capacity plan
Planner: Get planning parameters
Planning Parameters: Return planning parameters
Planner: Get product constraints
Product Constraints: Return constraints
Planner: Generate rough cut capacity plan
Planner: Send rough cut capacity plan to assistant
Assistant: Acknowledge receipt of rough cut capacity plan
Planner: Inform business partner of rough cut capacity plan
Business
Priorities
Priority 1: Improve forecast accuracy
Priority 2: Reduce inventory levels
Priority 3: Shorten order fulfillment lead time
The Role of the Enterprise Architect in Business Process ReengineeringRichard Freggi
Business Process Reengineering is often a challenging undertaking. This paper is a case study, sharing practical experience of how the enterprise architect can help in three ways:
• Provide a common language allowing different organizations, consultants and IT teams to communicate effectively
• Set the right level of abstraction to facilitate analysis and solution of complex questions
• Reconcile user’s wants and needs with the capabilities and constraints of IT systems
Reference is made to the Zachman Framework, especially the columns for “Data”, “Function” and “People”; and how these columns can be used to interact with stakeholders using UML (Unified Modeling Language).
The document discusses cloud computing models that could support the growing business needs of Falcon Security. It suggests that Falcon adopt cloud services like Amazon RDS for databases, Amazon S3 for storage, and Google Mail, Office 365, and Microsoft CRM online for software. The paper compares cloud computing to service-oriented architecture and discusses private, public, and hybrid cloud deployment models as well as platform as a service (PaaS), software as a service (SaaS), and service-oriented architecture (SOA).
Graph-Based Algorithm for a User-Aware SaaS Approach: Computing Optimal Distr...IJERA Editor
As a tool to exploit economies of scale, Software as a Service cloud models promote Multi-Tenancy which is the notion of sharing instances among a large group of tenants. However, Multi-Tenancy only satisfies requirements that are common to all tenants as well as the fact that tenants themselves hesitate about sharing. In a try to solve this problem, the present paper propose a User-Aware approach for Software as a Service models using Rich-Variant Components. The main contribution of this approach is a framework summarized in a graphbased algorithm enabling deduction of an optimal distribution of instances on application's tenants. To illustrate and evaluate the framework, the approach is applied on a Software as a Service Application for private school management
A Methodology For Large-Scale E-Business Project ManagementApril Smith
This document proposes an environment-based methodology for managing large-scale e-business projects. The methodology defines six working environments - development, integration, pre-production, production, demonstration, and software repository - that represent increasing stages of stability for a software product. It describes the tasks and migration processes between environments. The methodology aims to systematically guide e-business project management according to an organization's needs and resources.
Web Services-Enhanced Agile Modeling and Integrating Business ProcessesMustafa Salam
We propose a model-driven approach, based on Web services standards, for modeling and integrating agile business processes using Web services. The choice of focusing on Web services technology was not arbitrary. The large and broad adoption of this technology by enterprises will lead most business processes to be performed using Web services. Besides, the added value of Web services and their great interest to business process management are beyond doubt. Web services produce, on the one hand, loosely coupled applicative components.
On the other hand, they are the most widely used implementation technology of SOA (Service-Oriented Architecture), which is based on the large experiences of software and distributed component technologies. Being founded on the XML (eXtensible Markup Language) language, the SOAP (Simple Object Access Protocol) protocol and the UDDI (Universal Description Discovery and Integration) repository, this technology can be considered as an appropriate mean to ensure interoperability, data exchange and the publication and discovery of business processes when they can be implemented as Web services.
This document discusses concurrent development of formal models and software implementations in an evolutionary development process. It proposes using formal models, such as those written in B or Z, to support iterative software development approaches. The document describes benefits like animation and model-checking that formal models enable through tool support. It then presents two case studies on e-business applications where teams attempted to develop models and implementations concurrently and evolve them together. The case studies aimed to evaluate how well formal modeling techniques could be integrated into an evolutionary development process.
Process perspective is valuable, but far too much time is wasted in detailed process modelling with too little benefit. Presents an approach that delivers high benefits for less effort.
In the 1990s, many companies implemented packaged software solutions like SAP and Oracle ERP, but these systems were difficult to integrate. Each system stored redundant customer data, requiring manual updates when data changed. This led to inconsistent data across systems. To address this, companies sought to integrate their systems, giving rise to the field of enterprise application integration (EAI). EAI uses middleware to integrate disparate applications and data in a way that is flexible and isolates changes in one application from impacting others. Middleware provides generic interfaces that applications can use to communicate, replacing brittle point-to-point integration and improving manageability, scalability, and other benefits.
General Methodology for developing UML models from UIijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may
be software development, mechanics, construction, psychology and so on. These demarcations work fine
as long as the requirements are within one discipline. However, if the project extends over several
disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature.
Predicting the performance of web services during early stages of software development is significant. In
Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for
predicting the performance from UML models is available. Hence, In this paper, a methodology for
developing Use Case model and Activity model from User Interface is presented. The methodology is
illustrated with a case study on Amazon.com
General Methodology for developing UML models from UIijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may
be software development, mechanics, construction, psychology and so on. These demarcations work fine
as long as the requirements are within one discipline. However, if the project extends over several
disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature.
Predicting the performance of web services during early stages of software development is significant. In
Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for
predicting the performance from UML models is available. Hence, In this paper, a methodology for
developing Use Case model and Activity model from User Interface is presented. The methodology is
illustrated with a case study on Amazon.com.
General Methodology for developing UML models from UI ijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may be software development, mechanics, construction, psychology and so on. These demarcations work fine as long as the requirements are within one discipline. However, if the project extends over several disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature. Predicting the performance of web services during early stages of software development is significant. In Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for predicting the performance from UML models is available. Hence, In this paper, a methodology for developing Use Case model and Activity model from User Interface is presented. The methodology is illustrated with a case study on Amazon.com.
General Methodology for developing UML models from UIijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may be software development, mechanics, construction, psychology and so on. These demarcations work fine as long as the requirements are within one discipline. However, if the project extends over several disciplines, interfaces have to be created and coordinated between the methods of these disciplines. Performance is an important quality aspect of Web Services because of their distributed nature. Predicting the performance of web services during early stages of software development is significant. In Industry, Prototype of these applications is developed during analysis phase of Software Development Life Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for predicting the performance from UML models is available. Hence, In this paper, a methodology for developing Use Case model and Activity model from User Interface is presented. The methodology is illustrated with a case study on Amazon.com.
Similar to Enhancing the archimate® standard with a responsibility modeling language for access rights management (20)
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document discusses the NOEMI model, a collaborative management model for ICT processes in SMEs. The model was developed by the Centre Henri Tudor and tested with a cluster of 8 partner SMEs. Key aspects of the model include defining ICT activities across 5 domains, assessing each SME's capabilities, and having an operational team manage activities for the cluster under a coordination committee. The experiment showed improved cost control, management, and partner satisfaction compared to alternatives like outsourcing or hiring individual IT staff. The research is now ready for market transfer as the successful model is adopted long-term by participating SMEs.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
This document proposes a multi-agent architecture for incident reaction in information system security. The architecture has three layers - low level interacts directly with the infrastructure, intermediate level correlates alerts and deploys reaction actions using multi-agent systems, and high level provides supervision and manages business policies. The architecture was tested for data access control and aims to quickly and efficiently react to attacks while ensuring policy compliance. The document discusses requirements like scalability, autonomy, and global supervision. It also describes the key components of alert management, reaction decision making, and policy definition/deployment to implement the architecture using a multi-agent approach.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
More from Luxembourg Institute of Science and Technology (20)
When I was asked to give a companion lecture in support of ‘The Philosophy of Science’ (https://shorturl.at/4pUXz) I decided not to walk through the detail of the many methodologies in order of use. Instead, I chose to employ a long standing, and ongoing, scientific development as an exemplar. And so, I chose the ever evolving story of Thermodynamics as a scientific investigation at its best.
Conducted over a period of >200 years, Thermodynamics R&D, and application, benefitted from the highest levels of professionalism, collaboration, and technical thoroughness. New layers of application, methodology, and practice were made possible by the progressive advance of technology. In turn, this has seen measurement and modelling accuracy continually improved at a micro and macro level.
Perhaps most importantly, Thermodynamics rapidly became a primary tool in the advance of applied science/engineering/technology, spanning micro-tech, to aerospace and cosmology. I can think of no better a story to illustrate the breadth of scientific methodologies and applications at their best.
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...Advanced-Concepts-Team
Presentation in the Science Coffee of the Advanced Concepts Team of the European Space Agency on the 07.06.2024.
Speaker: Diego Blas (IFAE/ICREA)
Title: Gravitational wave detection with orbital motion of Moon and artificial
Abstract:
In this talk I will describe some recent ideas to find gravitational waves from supermassive black holes or of primordial origin by studying their secular effect on the orbital motion of the Moon or satellites that are laser ranged.
Authoring a personal GPT for your research and practice: How we created the Q...Leonel Morgado
Thematic analysis in qualitative research is a time-consuming and systematic task, typically done using teams. Team members must ground their activities on common understandings of the major concepts underlying the thematic analysis, and define criteria for its development. However, conceptual misunderstandings, equivocations, and lack of adherence to criteria are challenges to the quality and speed of this process. Given the distributed and uncertain nature of this process, we wondered if the tasks in thematic analysis could be supported by readily available artificial intelligence chatbots. Our early efforts point to potential benefits: not just saving time in the coding process but better adherence to criteria and grounding, by increasing triangulation between humans and artificial intelligence. This tutorial will provide a description and demonstration of the process we followed, as two academic researchers, to develop a custom ChatGPT to assist with qualitative coding in the thematic data analysis process of immersive learning accounts in a survey of the academic literature: QUAL-E Immersive Learning Thematic Analysis Helper. In the hands-on time, participants will try out QUAL-E and develop their ideas for their own qualitative coding ChatGPT. Participants that have the paid ChatGPT Plus subscription can create a draft of their assistants. The organizers will provide course materials and slide deck that participants will be able to utilize to continue development of their custom GPT. The paid subscription to ChatGPT Plus is not required to participate in this workshop, just for trying out personal GPTs during it.
The cost of acquiring information by natural selectionCarl Bergstrom
This is a short talk that I gave at the Banff International Research Station workshop on Modeling and Theory in Population Biology. The idea is to try to understand how the burden of natural selection relates to the amount of information that selection puts into the genome.
It's based on the first part of this research paper:
The cost of information acquisition by natural selection
Ryan Seamus McGee, Olivia Kosterlitz, Artem Kaznatcheev, Benjamin Kerr, Carl T. Bergstrom
bioRxiv 2022.07.02.498577; doi: https://doi.org/10.1101/2022.07.02.498577
ESR spectroscopy in liquid food and beverages.pptxPRIYANKA PATEL
With increasing population, people need to rely on packaged food stuffs. Packaging of food materials requires the preservation of food. There are various methods for the treatment of food to preserve them and irradiation treatment of food is one of them. It is the most common and the most harmless method for the food preservation as it does not alter the necessary micronutrients of food materials. Although irradiated food doesn’t cause any harm to the human health but still the quality assessment of food is required to provide consumers with necessary information about the food. ESR spectroscopy is the most sophisticated way to investigate the quality of the food and the free radicals induced during the processing of the food. ESR spin trapping technique is useful for the detection of highly unstable radicals in the food. The antioxidant capability of liquid food and beverages in mainly performed by spin trapping technique.
hematic appreciation test is a psychological assessment tool used to measure an individual's appreciation and understanding of specific themes or topics. This test helps to evaluate an individual's ability to connect different ideas and concepts within a given theme, as well as their overall comprehension and interpretation skills. The results of the test can provide valuable insights into an individual's cognitive abilities, creativity, and critical thinking skills
PPT on Direct Seeded Rice presented at the three-day 'Training and Validation Workshop on Modules of Climate Smart Agriculture (CSA) Technologies in South Asia' workshop on April 22, 2024.
The binding of cosmological structures by massless topological defectsSérgio Sacani
Assuming spherical symmetry and weak field, it is shown that if one solves the Poisson equation or the Einstein field
equations sourced by a topological defect, i.e. a singularity of a very specific form, the result is a localized gravitational
field capable of driving flat rotation (i.e. Keplerian circular orbits at a constant speed for all radii) of test masses on a thin
spherical shell without any underlying mass. Moreover, a large-scale structure which exploits this solution by assembling
concentrically a number of such topological defects can establish a flat stellar or galactic rotation curve, and can also deflect
light in the same manner as an equipotential (isothermal) sphere. Thus, the need for dark matter or modified gravity theory is
mitigated, at least in part.
Current Ms word generated power point presentation covers major details about the micronuclei test. It's significance and assays to conduct it. It is used to detect the micronuclei formation inside the cells of nearly every multicellular organism. It's formation takes place during chromosomal sepration at metaphase.
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...Scintica Instrumentation
Targeting Hsp90 and its pathogen Orthologs with Tethered Inhibitors as a Diagnostic and Therapeutic Strategy for cancer and infectious diseases with Dr. Timothy Haystead.
2. business layer of ArchiMate, what allows us defining employee’s
responsibility. In section 4, we adapt the application layer of
ArchiMate to support the provisioning of access right according to
business specification. In the fifth section, we illustrate the whole
with a case study of a municipal hospital from Luxembourg for
concluding the paper.
2. MODELING RESPONSIBILITY
The elaboration of the responsibility meta-model (Figure 1) has
been performed based on a literature overview. As explained in
previous papers [1,2], we have, in the first place, analyzed how
responsibility is included in information technology professional
frameworks, in the field of requirements engineering and role
engineering, and in the field of access right with the review of
access control models. Afterwards, this literature overview has
been completed by a literature review in the field of Human
Sciences (psychology, sociology, and management).
Figure 1. ReMoLa modeled in UML.
On figure 1, the most meaningful concepts of ReMoLa, are
defined in the following way:
• The responsibility is a charge assigned to an employee to
signify his accountabilities concerning a business task, and the
right and capacity required to perform those accountabilities.
• The accountability represents the obligation of what have to
be done concerning a business task and the justification that it is
done to someone else, under threat of sanction
• The capability represents the qualities, the skills or the
resources intrinsic to the employee and required to perform
accountability.
• The right represents the resources provided by the company to
the employee and required to perform accountability.
• The assignment is the action of linking an agent to a
responsibility. Delegation process is the transfer of an agent’s
responsibility assignment to another agent.
3. DEFINING RESPONSIBILITY AT THE
BUSINESS LAYER
In this section, we integrate ReMoLa with the business layer of the
ArchiMate enterprise architecture modeling language. This
integration allows defining the access rights provided to the
employees at the application layer according to their defined
responsibilities at the business layer.
The integration of ReMoLa with ArchiMate is achieved using a
three steps approach to integrate models defined by Petit in [6].
The first step is the preparation of the integration, the second step
is the investigation and the definition of the correspondences and
the third step is the integration of both meta-models.
3.1 Preparation for integration
As defined in [6], this first step of the integration of two meta-
models requires a certain preparation of the integration. Therefore,
an integration strategy is defined and provides the baselines for
the integration process such as the context of the integration, the
selection of a common language for the representation of the
meta-models being integrated, the expected abstraction layer of
the concepts represented in the integrated meta-model and so
forth.
The languages at our disposition are, e.g. Telos [7], UML, and so
forth. Telos has the advantages of being based on mathematical
foundations, of being expressive, and of using a limited number of
concepts. UML has the advantages of offering more
representation choices, of being less informal and, as a
consequence, might be more intuitive [6]. For the integration, we
have also selected UML as common representative language.
ArchiMate has been traduced in UML in [8].
Our integration aims at enhancing the alignment between the
business and the IT layer of ArchiMate and, thereby, enhancing
the definition of the access right. As a consequence, some
concepts of ArchiMate will not be considered such as e.g. those
from the technical layer, the value and so forth. Some concepts
from ReMoLa have also not been considered because they are not
of the appropriate abstraction layer like the sanction, the
commitment or the motivation.
3.2 Investigation and definition of the
correspondences
In [6], the author explains that this second step analyzes the
correspondences between the classes of the meta-models. Those
correspondences exist if correspondences between instances of
these classes, taken two by two, can be generalized. Therefore, it
is advisable to carry out one or more case study(ies) to model real
world elements with both languages and, to compare the
semantics of the obtained models. The correspondences between
the models' elements have been analyzed during complete case
study at the municipal hospital which is summarized in section 5.
During the investigation and definition of the correspondences,
we have model this case study with ArchiMate and with ReMoLa
first. Afterwards, we generalize the case modeling considering:
(1) Classes of both meta-models semantically equivalent:
• The business actor and the employee
• The business role (in ArchiMate) and the business role (in
ReMoLa)
• The business object and the information
• The business function and the association accountability–task
(2) Classes not existing in ArchiMate:
• The concept of capability. This concept exists explicitly in
ReMoLa and implicitly in ArchiMate that considers that a business
function groups behavior according to, for instance, the required
skill and knowledge [5]. This concept is explicitly introduced in
the integrated model.
• The concept of right. This concept exists explicitly in ReMoLa.
In ArchiMate, the business function also aims at grouping behavior
accord to the required resource [5] but the semantic of the resource
and its difference with the business object is not obvious.
(3) UML association between those classes that are equivalents:
• The UML association that assigns a business actor to a
business role
3. • The UML association that assigns a business role to business
function
• The UML association that associates a business function with
the business object which it accesses
3.3 Integration of ReMoLa in ArchiMate
The third step defined in [6] corresponds to the integration of the
meta-models. During analyze of the correspondences between the
classes and the UML associations between the classes, we have
observed some minor divergences. Notwithstanding the influence
of those divergences, to consider that a sufficient correspondence
exists between the elements and to consider them during this third
step of integration, we have to analyze that divergence in depth
and formalize the integration rules to consider for having a perfect
integration.
Our objective is to elaborate an integrated meta-model that
enriches the business layer of ArchiMate with the meta-model of
ReMoLa. Therefore, our integration strategy is as follows
regarding the classes of both meta-models: (1) when an exact
correspondence between one class from ArchiMate and one class
from ReMoLa exists, we preserve the name of the ArchiMate
class, (2) when the class of ReMoLa has no corresponding class in
ArchiMate, this class is integrated in the integrated meta-model
and it preserves its name from ReMoLa, (3) when a
correspondence with conflicts between the definition of the
classes exists, the classes are integrated in the integrated meta-
model and we preserve the name of the ArchiMate class but,
additionally, we includes integrations rules that need to be
followed in case of using the integrated meta-model. We observe
that, all the classes from ArchiMate have a corresponding class in
ReMoLa. The correspondence between the UML associations in
ArchiMate and in ReMoLa is also analyzed during the integration
of both meta-models. Two situations coexist: Firstly, one direct
association between two classes of ArchiMate corresponds to one
direct association between the equivalent classes of ReMoLa. In
this case, it can exist short semantic difference(s) between the
associations, and integration rule sometimes needs to be defined
to consider this difference. Furthermore, the name of the
association from ArchiMate is preserved. Secondly, one direct
association between two classes of ArchiMate corresponds to one
indirect association between the equivalent classes in ReMoLa. In
this case, the indirect UML associations are renamed.
1. Classes that correspond exactly
• The business role in ArchiMate and the business role in
ReMoLa
• The business object in ArchiMate and the information in
ReMoLa
2. Classes that only exist in ReMoLa
• Responsibility
• Right
• Capability
• Accountability
3. Classes that correspond under integration rules
• The business function and the task. The first integration rule is
that the definition of the business function in ArchiMate is
completed by a type of obligation for the business actor. As a
consequence, the ReMoLa's class of task corresponds to an
obligation concerning a business function being performed by the
business actor. This integration rule completes the business
function that have to be accurate enough to define what type of
obligation is expected by the business function, e.g. the business
function producing a rapport should be defined more precisely like,
for instance, make the report, review the report, manage the team
that produces it and so forth. Moreover, the business actor that
produces it must justify its realization.
• The business actor and the employee. The second integration
rule is that the ArchiMate class of business actor is limited to a
human actor. This integration rule exists due to the commitment
which is pledge by an employee, once he is assigned to a
responsibility. If the business actor is a machine, we assume there
is no question of commitment since a machine executes the
operation it is programmed for. If the business actor consists of a
group of humans, the commitment is not able to be check
individually and, by consequence, it is not possible to validate that
responsibility assigned to an employee from the group will be
fulfilled since no employee personally commits to it.
UML associations integration:
1. Equivalent associations between two classes of AchiMate and
the corresponding two classes of ReMoLa
• The business actor is assigned to the business role
2. Links from ReMoLa in the integrated meta-model complete or
replace the associations from ArchiMate
• The business actor is assigned to a responsibility that compose
a business role is an alternative association to the association that
associates the business actor with the business role.
• The business role is composed of responsibilities which are
composed of business function replace the direct association
between the business role and the business function.
• The association between the business function that composes a
responsibility and the rights concerning a business object that are
required to a responsibility replace the ArchiMate direct access
association from the business function to the business object.
3. New associations from ReMoLa, which do not exist in
ArchiMate, are integrated in the integrated meta-model.
• The responsibility required capability
• The capability is necessary for a business function
Figure 2. ReMoLa integrated with ArchiMate.
The integration of new classes from the responsibility meta-model
and the consideration of the above integration rules from the
analyze of the correspondence between the classes of business
object and information, and the business role in ArchiMate and in
ReMoLa permit to assemble both meta-models on a unique
schema in UML, which is afterwards represented with ArchiMate
symbols on Figure 2. To integrate responsibility in ArchiMate, we
used the symbols of full line hexagonal for responsibility, dash
line hexagonal for right and capability, and dot line hexagonal for
accountability.
4. ACCESS RIGHT MANAGEMENT
4.1 Previous work
RBAC is a model that facilitates the management of the access
rights to application component such as software or server. To
manage these access rights related to application components at
the application layer, it is necessary to be able to interpret the
business components such as the business role, the business actor
or the permission at the application layer.
4. Therefore, [4] introduces three data objects: the user, the role, and
the permission at the application layer (see Figure 3). The
interpretation of a concept from the business layer by a concept at
the technical layer in ArchiMate is only possible by using a
Realization link [5]. Unfortunately, this realization link only exists
between a data object that realizes a business data. Since this
realization does not formally exist in ArchiMate, [4] does not
explicitly consider that: 1) the role from the application layer
realizes the business role (or the concept of role from RBAC), 2)
the user from the application layer realizes the business actor (or
the concept of user from RBAC) and 3) the permission from the
application layer realizes a type of access to a business object (or
the permission concept from RBAC).
4.2 Realization link
Although it is not considered by [4], this realization link is
necessary, especially, in the field of the access right management.
Indeed, an access right management solution needs to be able to
consider an electronic representation of the business user to
calculate the access rights he needs. Therefore, we introduce a
new realization relationship in ArchiMate between Business and
Application layer concepts. This relationship specifies that a
concept at the application layer is an electronic representation of a
concept at the business layer.
This realization relationship is represented by using a double line
with a stealth arrow in Figures 3, 4, 7 and 9.
Figure 3. User-role and permission-role assignment.
Access rights management with RBAC is defined by a set of
functions such as the assignment of users to roles and the review
of this assignment, the assignment of permissions to roles and the
review of this assignment, the management of the roles hierarchy,
the management of the separation of duties constraint, the
management of the sessions, and the performance of access check.
[4] has explained all these functions. In Figure 3, we only
highlight the two functions that are important for our research: the
users to roles assignment and the permissions to roles assignment.
These functions are represented by using a horizontal chevron
symbol.
The users to roles assignment function requests the creation of a
new data object named User-Role Assignments and the
permissions to roles assignment function requires the creation of a
new data object named Permissions-Roles Assignment. These two
new data objects contain the list of the existing assignments. To
execute the assignment of users to roles, the user to role
assignment function reads the user and the role data objects, and
reads and writes the user-role assignment data object. To execute
the assignment of permissions to roles, the permission to role
assignment function reads the permission and the role data
objects, and reads and writes the permission-role assignment data
object. The integration of RBAC at the business layer and the
association of the RBAC role with ArchiMate's business role
seem appropriate. In this case, we have a RBAC role that
corresponds to a real role from the company such as the roles
encountered in the organizational chart (we have, for instance, the
business role of doctor, of medical secretary, of nurse, and so
forth). Accordingly, we have an exact correspondence between
the existing business roles of the company and the roles that are
used to manage the access rights. However, the problem with this
integration is that it requires a perfect alignment between the
permissions needed by the employees assigned to these roles and
the permissions really assigned to them. This is based on the
postulate: Mostly all users with the same role have exactly the
same tasks to perform and need exactly the same permissions.
In practice, this is slightly different since, although all users with
the same role globally achieved the same tasks, there always exist
some differences between the responsibilities of the employees
assigned to the same role. For instance, although all the doctors
from the role doctor, a priori, require the same access rights over
the information system, in practice, the doctors never exactly
perform the same tasks and never need access to the same
information, e.g. some doctors, additionally to their roles, manage
the unit and need access to financial software, while others are
members of ethical committee and need access to reporting tools,
others are specialized in specific professional in a specialty and
need access to dedicated software. The weaknesses related to the
roles’ definition have been demonstrated in [3, 9, 10].
4.3 Our approach
Our approach considers the assignment of rights to the employee
based on their responsibilities. Therefore, the responsibilities
integrated with the business layer of ArchiMate needs ultimately,
to be represented at the application layer.
4.3.1 Representation of responsibility, business role
and business actor
At the application layer, we introduce a data object responsibility
that realizes (according to [5]) the business concept of
responsibility and a data object business role which realizes the
business object of business role (see Figure 4). This data object of
business role is necessary for representing the composition of
business roles with responsibilities at the application layer.
Figure 4. Business role with responsibility composition.
We also introduce the data object of business actor that
corresponds to the computerized representation of the business
actor from the business layer. The business actor representation
corresponds to an electronic ID or to a unique identification. The
data object of business actor does not perform a behavior or an
application function, but it is used by some application functions
to calculate whether the business actor from the business layer
may access specific application functions or specific application
data used by this application function.
4.3.2 Responsibility to business role assignment
As explained in Section 3, a business role is composed of one or
more responsibilities. To administer this composition in
ArchiMate, we integrate, at the application layer, an application
function named Compose Business roles with Responsibilities,
5. and a data object named Responsibility-Business role
Compositions. This data object represents a set of Responsibilities
that compose a set of Business roles. As explained on Figure 5, to
compose the business roles with responsibilities, the application
function Compose Business roles with Responsibilities needs to
access the three following data objects: Responsibility, Business
role and Responsibility-Business role Compositions.
Figure 5. Business role administration.
4.3.3 Business actor assignment
To administer the assignment of a business actor to a
responsibility and/or to a business role, we integrate three new
data objects named (1) Business actor, that realizes the Business
actor from the business layer, (2) Business actor-Responsibility
Assignment, that represents a set of Responsibilities assigned to a
set of Business actors, and (3) Business actor-Business role
Assignment, that represents a set of Business actors assigned to a
set of Business roles (see Figure 6). We also integrate two new
application functions: Assign Business actors to Responsibilities
and Assign Business actor to Business role.
As explained in Figure 6, in order to assign responsibilities to
business actors, the application function Assign Business actors to
Responsibilities access the three following data objects: Business
actor, Responsibility and Business actor-Responsibility
Assignment. Equivalently, to assign a Business role to a Business
actor, the application function Assign Business actor to Business
role access the three following data objects: Business actor,
Business role and Business actor-Business role Assignment
Figure 6. Business actor assignment administration.
4.3.4 Representation of Permissions
At the business layer, a permission, corresponds to a type of
access right to a business object. The data object Permission
realizes the Permission from the business layer to the application
layer (see Figure 7).
4.3.5 Permissions to responsibilities
As explained in Section 2, a responsibility requires one or more
rights. Permission is a type of right to access a business object. To
administer this assignment of permissions too, we integrate an
application function named Assign Permissions to
Responsibilities, and a data object named Permission-
Responsibility Assignment at the application layer.
As explained in Figure 8, to assign permissions to responsibilities,
the application function Assign Permissions to Responsibilities
needs to access the three following data objects: Permission,
Responsibility, and Permission-Responsibility Assignment
Figure 7. Permission administration.
4.4 Permissions Assignment Optimization
Our approach used the concept of responsibility as a pivot
between the business layer and the application layer. Firstly, we
consider that a business role is composed of a set of
responsibilities (defined at the business layer) and secondly, we
consider that permissions provided with application functions at
the application layer are necessary to perform the responsibilities.
These permissions are calculated at the business layer but are
provided and managed at the application layer.
Regarding this second point, in practice, we are confronted at the
application layer with a large amount of responsibilities that need
a large amount of permissions and each permission may be
assigned to a set of different responsibilities. This situation is
close to the situation where a large amount of users are assigned
to a large amount of permissions and each permission may be
assigned to a large amount of users. Therefore, in the next
chapters, we analyze how it is possible to consider the RBAC
model to enhance the assignment of permissions to
responsibilities, at the application layer and we consider two
assignment functions: the responsibilities to roles assignment and
the permissions to roles assignment.
4.4.1 Representation of RBAC
At the application layer, we need to introduce a data object for the
RBAC role, such as realized in [4]. This data object facilitates not
the assignment of permissions to users, but the assignment of
permissions to responsibilities. It is only used at the application
layer, to optimize the management of the permissions, and has no
correspondences at the business layer. We keep the data object of
responsibility that realizes the business concept of responsibility
as explained in Figure 4 and, we keep the data object of
permission that corresponds to a type of access to a business data
as explained in Figure 8.
The data object of the RBAC role is a type of application role that
corresponds with a logical gathering of business actor
representations which have the same operations to perform on the
6. information system (IS) and therefore, request the same
permissions regarding the data objects. As a consequence, the
RBAC role is different to the business role such as defined in
ArchiMate.
Figure 8. Permission-responsibility assignment optimization.
4.4.2 RBAC role administration
To administer the assignments of responsibilities to the RBAC
role and the assignment of permissions to this role, we integrate,
at the application layer, two application functions named Assign
Responsibilities to RBAC role and Assign Permissions to RBAC
role.
Additionally, we also integrate two new data objects named
Responsibility-RBAC role Assignment, which represents a set of
responsibilities assigned to an RBAC role, and Permission-RBAC
role Assignment, which represents a set of permissions assigned
to an RBAC role. As explained in Figure 9, to assign
responsibilities to an RBAC role, the application function Assign
Responsibilities to RBAC role needs to access the three following
data objects: Responsibility, RBAC role and Responsibility-
RBAC role Assignment. Equivalently, to assign permission to an
RBAC role, the application function Assign Permission to RBAC
role needs to access the three following data objects: Permission,
RBAC role and Responsibility-RBAC role Assignment.
Figure 9. RBAC role administration.
4.4.3 Discussion
In our approach, we keep the use of the concept of a business role
that exists in the company and is consequently useful to manage
the business actors, as well as their responsibilities. In parallel, we
introduce and define the concept of Responsibility to improve the
definition of the responsibilities of the Business actors. Indeed,
although the business role offers a macro list of responsibilities to
be performed by the business actor, it does not allow managing
the responsibilities that are sporadically assigned to or removed
from the employees; it does not allow the management of
delegation of some responsibilities, etc. The access rights
provisioning using the RBAC model and using the mapping of the
RBAC role with the business role, as explained previously,
presents weaknesses, in terms of accuracy.
To face the question of accuracy, we have, considered providing
the access rights to the business actor according to these
responsibilities. In companies, access rights are managed with
application components at the application layer. Therefore, it was
necessary to translate business actor and responsibility at the
application layer, to define business roles to responsibility
assignment function and to define permissions to responsibility
assignment function.
Using responsibility to provide permissions is interesting, but it
reduces the advantage introduced by the role based access control
model to manage a large amount of users and permissions using
roles. As a result, after having introduced responsibility in
ArchiMate, we had to face the management of a large amount of
access rights to be provided to a large amount of responsibilities.
To provide a solution to this problem, we have considered using
the RBAC model and we have reintroduced the RBAC role at the
application layer.
5. CASE STUDY AT THE HOSPITAL
At the municipal hospital, there is no formal alignment, in terms
of access rights to professional software, between the business
layer where business roles are defined and assigned to the
employees, and the application layer where the access rights are
provided to these employees. Therefore, the objective of this case
study is to illustrate that the integrated ArchiMate with ReMoLa
meta-model at the business layer, as well as the enhancement of
the permissions to responsibilities assignment using RBAC at the
application layer, is a solution that improves the provisioning of
professional software access rights to the employees. All along
this section, the case study is illustrated with the reception
department from the hospital. The case study has been conducted
between January 2011 and January 2012, to the rhythm of one
meeting a month. During those meetings, the following persons
have participated: the Application support manager, the Reception
department manager and the Competences manager.
5.1 Hospital business roles analyze
At the municipal hospital, the employees are categorized based on
their roles. In the Human Resources (HR) department, the roles of
the employees are going to be formalized in the Job description.
These job descriptions aim to describe the tasks which are to be
performed by a role, as well as the necessary knowledge required
to be assigned to this role. The job descriptions, however, do not
specify the access rights required on professional software. In this
case study, we consider that the business role from ArchiMate
corresponds to the business roles from the hospital and that the
employees assigned to a role are accountable for doing the tasks
described in the job description. To illustrate this, let’s take the
job description of the receptionist role which is a thirteen page
document that formalizes the five main activities to be performed
by this role, i.e.: welcome and inform the patient, perform the
various technical and administrative tasks, contribute to the
enhancement and evolution of professional practices, train and
mentor new employees, and train and supervise trainees. Each of
these activities are described by a set of tasks and by the required
competences to perform them in terms of knowledge,
methodological and technical know-how and, relational ability.
The tasks to be performed for the activity: Perform the various
technical and administrative tasks, are eg.: encode and control the
data relating to the admission of ambulatory or hospital patients,
print and give the admission form to the patients, manage daily
access to the parking, receive deposits, issue invoices, and so
forth.
7. An organization chart for the reception department structures the
activities into eight sub-roles, as follows:
• SR1: Receptionist at the municipal hospital.
• SR2: Receptionist at the pediatric clinic and the maternity
• SR3: Phone reception
• SR4: Info desk
• SR5: Human resources management
• SR6: Department management
• SR7: Room operator
• SR8: Outsourced guardian
5.2 Analysis of the application layer
The architecture of the IS of the hospital is composed of:
1. Vertical software are applications which are used by well
defined and well specified healthcare businesses. These are for
instance: the management of the laboratory, the endoscopy
software, or the management of the polyclinic.
2. Transversal software are those used together by all healthcare
businesses. These are for instance: the dispatching of the
laboratory's results or the medical imaging. The hospital ERP is
the most important transversal software (see Figure 10).
Figure 10. Hospital municipal application layer.
The hospital ERP is a business management software that offers
the possibility to program specific application functions by the
owner of the application himself. Therefore, it has been decided to
use it, to manage the access rights to all the other software. As a
consequence there exists links between the ERP and the vertical
software and on the other hand links between the ERP and the
other transversal software using contextual calls. With the hospital
ERP, the access right management is realized using
AuthorityObject. AuthorityObject is composed of zone(s) from 1
to n based on what authority check is performed. Practically,
AuthorityObject correspondent to ERP transactions (see Figure
10) and for each transaction, a set of authorizations are defined
such as create, modify, delete, view historic, and so forth.
Figure 11. Hospital RBAC role equivalents.
To facilitate their management, AuthorityObject is assigned to
Functional roles like, for instance, the Functional role of Search
for a patient in the database, create a patient entry, create a
transaction, show a transaction, and so forth. Additionally, the
concept of Reference user has been created to gather a set of
Functional roles. In practice, one user may be assigned to one or
more Reference user or to one or more Functional role (See
Figure 11). The mapping between the application layer of the
hospital and the enhanced ArchiMate-ReMoLa meta-model allows
defining the correspondences between the AuthorityObject that
corresponds to the kind of right to perform an operation. In the
ReMoLa-ArchiMate meta-model, that permission corresponds to
the data object of permission. The Functional role corresponds to
a set of AuthorityObject which may be assigned to a business user.
Therefore, we consider that the Functional role component from
the hospital application architecture corresponds to the concept of
RBAC role of the application layer of the ArchiMate-ReMoLa
meta-model.
Finally, the Reference user corresponds to a set of Functional
roles and, on the second hand, is assigned to a set of business
user. Therefore, we consider that the Reference user component
from the hospital application architecture also corresponds to the
concept of RBAC role of the application layer of the meta-model.
Moreover, given that the Reference user is composed of
Functional role, we consider that there exists a role hierarchy
between both roles.
5.3 Illustration with the receptionist role
At the application layer, an authorization profile document is
defined and formalizes the five Functional roles that may be
assigned to the employees with the role of receptionist. These
Functional roles are:
• Patient's basic data encoding, that means Add or create,
modify, display, delete patient's basic data and entry, transfer or
leaving data related to the patient
• Entry, transfer or leaving patient's data encoding
• Management of the beds status at the hospital
• Medical delivery encoding
• Patient invoices creation and modification
The three first Functional roles are aggregated in the Reference
user of REFRECEP. For each of these Functional roles, a set of
AuthorityObjects is defined. These AuthorityObjects are managed
using an application interface that allows formalization of the
concerned rights. In practice, the Functional roles and Reference
user, as well as other rights to specific software, are assigned to
the sub-roles as follows:
• SR1: REFRECEP, all rights related to equipment ordering
software
• SR2: REFRECEP, medical delivery encoding, patient invoices
creation and modification, all rights related to equipment ordering
software
• SR3: REFRECEP, all rights related to equipment ordering
software, right to read the planning of doctors on duty
• SR4: REFRECEP, all rights related to equipment ordering
software
• SR5: REFRECEP, medical delivery encoding, patient invoices
creation and modification, all rights related to equipment ordering
software, read and write access to the Excel file: Timetable
planning
• SR6: All rights provided to the other sub-roles
• SR7: Read access related to the room agenda in GroupWise
multi-users, read access to the ticketing tool.
• SR8: Write access to the reporting software, all rights related to
equipment ordering software
8. 5.4 Enhanced permission assignment
As explained in Section 4.4, to align the business role with the
application role, we have introduced the concept of responsibility
as an intermediary and pivot component. Responsibility composes
a business role at the business layer and is assigned with
permissions (or with an RBAC role) at the application layer. The
analysis of the receptionist job description has allowed defining
sixteen responsibilities that required access rights on the IS.
Table 1: Responsibility – Access Rights – Sub-Roles.
ID Responsibility Required Access Right Compose
Sub-Roles
1 Perform the entry record Add or create, modify, display, delete
patient’s basic data and entry, transfer,
or leave data related to the patient
SR1, SR2,
SR5
2 Perform the transfer
management
Display entry, transfer or leave data
related to the patient and all rights
related to the statistic software
SR1,SR2,
SR5
3 Perform the beds status
management
All rights related to the beds status
management
SR1,SR2,
SR5
4 Perform equipment
ordering
All rights related to the equipment
ordering software
SR8
5 Perform the medical
encoding for billing
All right related to the medical
delivery encoding
SR2
6 Perform the creation and
de modification of patient
invoices (billing)
All rights related to the patient
invoices creation and modification
SR2
7 Inform about the beds
status
Display rights related to the beds status SR1, SR2,
SR3, SR4
8 Perform the realization of
work plans
Read and write access to the Excel file:
Timetable planning
SR5
9 Perform the control of the
monthly worksheets
Read and write access to the Excel file:
Timetable planning
SR5
10 Perform the management
of HR indicators:
Overtime, Days off,
Hours of recovery
Read and write access to the Excel file:
Timetable planning
SR5
11 Perform the management
of the room
Read access related to the room agenda
in Groupwise multi-users
SR7
12 Perform the verification
of the infrastructure
Write access to the reporting software SR8
13 Fix defective
infrastructure
All rights related to equipment
ordering software
SR8
14 Perform the management
of the receptionists
All the rights provided to the sub-roles
SR1, SR2, SR3, SR4, SR5, SR7 and
SR8
SR6
15 Inform about the doctor
on duty
Rights to read the doctors on duty
planning
SR3
16 Perform the statistical
analysis to follow up the
daily business
All rights related to the statistical
software
SR5, SR7
The definitions and analysis of the responsibilities of the
receptionists have permitted to refine the required access rights
for each sub-role recovered in the organization chart of the
receptionist department (Table 1). By formalizing the
responsibilities, we have isolated the tasks to be performed by
each sub-role from the receptionist job description and we have
analyzed the access rights they need.
Thereby, we have observed the following differences:
• SR3 and SR4 have too many rights. The employees assigned to
the Phone reception and Infodesk role are authorized to add or
create, modify, display, delete patient's basic data and entry,
transfer, or leaving data related to the patient, although they do not
require these rights. They possess all rights related to the beds
status management, although, only some of them are required to
display information related to the beds status.
• SR1, SR2, SR5 do not have to perform equipment ordering,
although they have the right to do it.
6. CONCLUSIONS
We have proposed an approach for enhancing the alignment of the
business layer with the application layer, and in particular the
enhancement of the access right management and provisioning to
employees according to business specifications. This approach
takes responsibility as a link between both layers into account.
Therefore, responsibility has been modeled in a responsibility
modeling language named ReMoLa and has been integrated in
ArchiMate using the methodology defined in [5].
To illustrate the approach, a case study in a municipal hospital in
Luxembourg has been conducted with people in a variety of IT
and non-IT roles. We have defined and used the responsibilities of
the employees from the receptionist department to align the
business role, and sub-roles, defined at the business layer with
RBAC role defined at the application layer. At the application
layer, the business role and sub-roles, as well as the tasks to be
performed, have been recovered from the job description
document and from an organizational chart. At the application
layer, the RBAC roles have been analyzed in an authorization
profile document that defines a set of Functional roles, sometimes
aggregated in a Reference user.
We have observed that using responsibility allows a finer
assignment of rights to the employees. For instance, responsibility
16 does not compose any business role or sub-roles, but it may be
directly assigned to employees that are assigned to SR1 or SR2.
This direct assignment allows the provisioning of some
employees, who are responsible for making business analysis,
from the SR1 and SR2 sub-role, but not all of them.
This case study has allowed validating the usability of
responsibility to perform this alignment. Since the receptionist
department was already existing and functioning, the case study
did not engineer the access rights without relying on existing
resources, but it allows confronting the existing access rights with
those calculated by the modeling of the responsibilities. The
results of these confrontations were that the employees of five
sub-roles (over eight) were assigned to more permissions than
they really required in practice.
7. ACKNOWLEDGMENTS
This work is partially supported by the Fond National de la
Recherche in Luxembourg on the PEARL program ASINE.
8. REFERENCES
[1] C. Feltus, M. Petit, and M. Sloman, Enhancement of Business IT
Alignment by Including Responsibility Components in RBAC, 5th
Busital workshop, 2010, Hammamet, Tunisia.
[2] C. Feltus, M. Petit, and E. Dubois, Strengthening employee's
responsibility to enhance governance of IT: COBIT RACI chart case
study. 1st
ACM Workshop on Information Security Governance.
ACM, New York, NY.
[3] D. Richard Kuhn, Edward J. Coyne, Timothy R. Weil. Adding
attributes to role-based access control. Computer, 43(6):79-81, 2010.
[4] I. Band, Modeling RBAC with SABSA, TOGAF and ArchiMate,
Creating a Foundation for Understanding and Action, Open Group
Conference, Austin, Texas, 2011.
[5] M. Lankhorst. Archimate language primer, 2004.
[6] M. Petit. Some methodological clues for defining a unified enterprise
modelling language. ICEIMT '01, pages 359-369, Deventer, The
Netherlands, 2003.
[7] J. Mylopoulos, A. Borgida, M. Jarke, M. Koubarakis. Telos:
representingknowledge about information systems. ACM Trans. Inf.
Syst., 8:325-362, October 1990..H. Jonkers, M.-E.Iacob, M.
Wiering. Towards a uml profile for the archimate language, 2004
[8] B. Lang, I. Foster, F. Siebenlist, R. Ananthakrishnan, T. Freeman. A
exible attribute based access control method for grid computing.
Journal of Grid Computing, 7(2): 169-180, 2008.
[9] M. Covington and M. R. Sastry. A contextual attribute-based access
control model. On the Move to Meaningful Internet Systems 2006
OTM 2006 Workshops, pages 1996-2006.