SlideShare a Scribd company logo

Introducing Security Access Control Policies into Legacy Business Processes

Sébastien Mosser
Sébastien Mosser

Applying separation of concerns approaches into business process context generally results in several initiatives oriented to automatic generation of aspect code, generation of specific code according to the kind of concern (code for mapping roles and permissions derived from RBAC model for example), or proposition of new mechanisms as dedicated aspectual languages. Most of these initiatives only consider functional behaviours of business process, omitting special behaviours derived from quality attributes such as security, which can be modelled as concerns that must be supported in the business process. In this paper we propose the integration of cross-cuttings standardized control access policies (based on RBAC model and Oasis XACML) into legacy business processes, using a separation of concerns approach.

1 of 12
Introducing Security Control Access Policies into Legacy Business Processes 1 2 3 Fáber D. Giraldo, Mireille Blay-Fornarino and Sébastien Mosser 1: System and Computer Engineering, University of Quindío, Colombia 2: I3S (UMR CNRS 6070), Université Nice - Sophia Antipolis, France 3: INRIA Lille-Nord Europe, LIFL (UMR CNRS 8022), Université Lille 1, France EDOC 2011, Helsinki, Finland
Problem : Security & Business Processes • Business processes • Model (business) behavior in a Service-oriented Architecture • Think «activity diagram» in the UML • As complex as the modeled business: no magic here (at least yet) • Security is often handled at the infrastructure level (e.g., WS-*) • But clearly impacts modeled behaviors (e.g., «role-based access control») 2
Case Study: Car Crash Crisis Mgmt System • Requirement documents specified in [Kienzle et al, 2010] • Special issue of TAOSD, focusing on Aspect Oriented Modeling • Contents: • 8 main success scenario • 27 business extensions • 3 non-functional properties • How to handle a Car Crash accident? 3
Initial Process 4
Final Process 5
Proposition: Consider Security as Concern • Existing approaches deal with Separation of Concerns: • Concerns reification (e.g., «Aspects» in Aspect-oriented Programming) • Composition with legacy systems (e.g., «Aspect weaving») • Security (e.g., XACML standard) can be considered as another concern • Thus composed with other concerns (e.g., persistence standard) • Compliant with concern reasoning approaches • E.g, interaction detection mechanisms 6
sidered as a concern (e.g., requirements specification. All orchestrations are ation could be extended to calls to services (even the fragments themselve r business processes, if it A DORE focus on the modeling of orchestrations r compositions of services Implementation modeling the internal behavior of services or acti and considering security sed control access policies. • «Activity moDel to suppOrt iques oRchestration Evolution» [TAOSD’10] has been widely ac- ! sulate functional and non- modules overconcerns as • Consider a software "# $%&'(()*+,*-.%++/0&12(3$4) el of abstraction by identi- be composed «process fragments» to ;%&'(( which is a existing processes with targeted goal of "8# -.%++7'((94&63/&':'-"&'0/$4) • Support fragment composition through %&'(( different (endogenous) algorithms e extended to the treatment "8 $"4&6)*+,*-.%++"4&6<%3=$4) • Algorithms ensure compositional properties nd its derived implications, "4&6 ;"4&6 siness processes managed ditional features to preservation • E.g., order func- 6 6007$4) & &6=0>$?@"294&63/&':'-"&'0/?) access control as a non- ts the Provide interference detection mechanisms 5 • functional part of a 7
Endogenous Composition of Concerns hal-00594845, version 1 - 21 May 2011 Figure 2. A DORE XACML Fragment. ! ! "# $%&'"(%)*&+,-./0.12&//3"(%)"4+*&+,$5- %&'"(%)*&+, " #$%&'()'"**+#& "7 $,+&89:&+-./0.8)8//;<=>?,+@5+&4$,+&95,1+- -. #"$/0*12&'()'"*/3$0-4/((567//8$/0*12#$%& "K "H $3"(5+&?%&4-./0.8%8//I+4<44,%J54+'"(5+&$5- $"11+&&-./0.8)8//1928",+$,+&89:&+L3"(5+&?%&4- F%&'"(%)*&+, ⊕ 0 #9&'()'$/:*0:644#"$/0*12& 9 "11+&& F"11+&& ;9 -< 6$((%$/34-28$/0*12#=1+>"$/0*12& A A99G$- 4# 4A,9B$CD+:E.<11+&&C- , 6 XACML PEP concern Hospital EIS concern Figure 3. retrieveVictimHistory fragment Figure 2. A DORE XACML Fragment. 8
Composition leads to Iterative Process Modeling ! " #$%&'()'"**+#& -. #$/0-1$%2/34&'()'56/((7-1$%-832/34#94+& !"# $%!&'"!(')*(+,-.,!/"/*#/$+ $/0-1$%2/34 01 $*234/5+,-.,6*--5!7)589*"8*):/("!*58*72$%!&+ -A #43/;*C/3&'()';%;((DEFGH43I=3/8#$%& 0; $*<+,-.,6*--5!7)589*"8*)=</28*8>$%!&+ -M #7-1=3/H$/8&'()';$;((<38E884$N=830-1=3/#94+& @$/0-1$%2/34 0?@ $A7(5+,-.,")(--*</28*B>C55!75!*08/D7(5*80E$*234/5')*(FE7"+ -O #-553//&'()';%;((5*6;-43#43/;*C/3B7-1=3/H$/8& -553// @-553// rsion 1 - 21 May 2011 ⊕ 0?1 6*--<*(5E0>:/(8*208*72$%!&'A7(5+ -. #"$/8*4:&'()'"*/;$8-1/((<=3//>$/8*4:#$%& -J 8"4*9#KL3C:'E553//K& 0G )(HI6(--%0*8?)(H$J*2B7J'JE/0#*2HJ'%!&+ 8 #5&'()'$/?*8?=11#"$/8*4:& 0K )(HI6(--%0*8?)(H$J*2B7J'J#*"8*):!755/<J'%!&+ 5 0L )(HI6(--(/2<$J(8086(J'J(6""/((J')*(+ @5 -A =$((%$/;1-:>$/8*4:#94+B"$/8*4:& !5E !/5E>$+ , Composed Concern Initial Process (a) Initial version 9
!"# $%!&'"!(')*(+,-.,!/"/*#/$+ Results 0; $*<+,-.,6*--5!7)589*"8*)=</28*8>$%!&+ 01 $*234/5+,-.,6*--5!7)589*"8*):/("!*58*72$%!&+ 0G $*(90E*<H(/!+,-.,")(--#0E*<08/H(/!$%!&+ • Final process designed through *(90E*<H(/! the composition of smaller artifacts 01@ $!/(572(/+,-.,5<5--ICJKL!/M6/(8$*<+ P*(90E*<H(/! 011 $#0E6/(L*(8+,-.,5*5--Q/8C88!*R68/90E6/($%!&+ • Security fragments are «process independent» 01; $0""/((+,-.,5<5--"7)50!/$!/(572(/'#0E6/(L*(8+ P0""/(( 0""/(( • Thus can be reused in other 01N 8A!7%$O:/2>,C""/((O+ 01? $A*(87!>+,-.,A7(5*80E(--Q6/((D*(87!>$*<+ systems 01G $"+,-.,*(S78S6EE$A*(87!>+ • Approach applied successfully on " the complete CCCMS 01T 6*--<*(5E0>D*(87!>$A*(87!>'%!&+ P" 0?@ $A7(5+,-.,")(--*</28*B>C55!75!*08/D7(5*80E$*234/5')*(FE7"+ 10 FFF
Conclusions & Perspectives • Achievements • XACML behaviors implemented as process fragments • Approach applied to a concrete and complex case study • Future Works • Final process «optimization» (e.g., avoid redundant activities) • Raise the abstraction level into a more «semantic-driven» approach • «I want this process to be secured», automagically 11
Graphics: sxc.hu & C.line Thank You for Your Attention ! Introducing Security Control Access Policies into Legacy Business Processes Fáber D. Giraldo, Mireille Blay-Fornarino and Sébastien Mosser 1: System and Computer Engineering, University of Quindío, Colombia 2: I3S (UMR CNRS 6070), Université Nice - Sophia Antipolis, France 3: INRIA Lille-Nord Europe, LIFL (UMR CNRS 8022), Université Lille 1, France

Recommended

Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
United Nations Association of Australia (Vic)
 
Science World Board Presentation
Science World Board PresentationScience World Board Presentation
Science World Board Presentation
Danny Robinson
 
Chinese
ChineseChinese
Chinese
1234bateman
 
LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6
umapst
 
Apple earnings q4-2010
Apple earnings q4-2010Apple earnings q4-2010
Apple earnings q4-2010
O'Reilly Media
 
Merchants Bank & Trust
Merchants Bank & TrustMerchants Bank & Trust
Merchants Bank & Trust
ctelling
 
Republic Bank
Republic BankRepublic Bank
Republic Bank
ctelling
 
Park National Bank
Park National BankPark National Bank
Park National Bank
ctelling
 

Recommended

Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
Dr Joshua Bishop, WWF Australia - Presentation - UNAA Vic Natural Capital Sem...
United Nations Association of Australia (Vic)
 
Science World Board Presentation
Science World Board PresentationScience World Board Presentation
Science World Board Presentation
Danny Robinson
 
Chinese
ChineseChinese
Chinese
1234bateman
 
LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6
umapst
 
Apple earnings q4-2010
Apple earnings q4-2010Apple earnings q4-2010
Apple earnings q4-2010
O'Reilly Media
 
Merchants Bank & Trust
Merchants Bank & TrustMerchants Bank & Trust
Merchants Bank & Trust
ctelling
 
Republic Bank
Republic BankRepublic Bank
Republic Bank
ctelling
 
Park National Bank
Park National BankPark National Bank
Park National Bank
ctelling
 
Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012
IAB México
 
Waseda.L#3/@tkf
Waseda.L#3/@tkfWaseda.L#3/@tkf
Waseda.L#3/@tkf
tkf
 
Futsalf
FutsalfFutsalf
Futsalf
parenti55
 
Transformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statementsTransformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statements
Sage Computing Services
 
Deber base
Deber baseDeber base
Deber base
Marilyn Jaramillo
 
20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self
garrett honeycutt
 
Practical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for BusinessesPractical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for Businesses
New Marketing Labs
 
Planejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | BrookfieldPlanejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | Brookfield
Jonas Jaeger
 
Syed mohamed ak
Syed mohamed akSyed mohamed ak
Syed mohamed ak
Syed Mohamed
 
A Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIALA Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIAL
acasacriativa
 
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & ConfigurazioneRiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
Alessandro Carichini
 
Sej seo-guide-2016
Sej seo-guide-2016Sej seo-guide-2016
Sej seo-guide-2016
Connecticut SEO Experts
 
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
Sandeep Ekhe
 
Planejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot WheelsPlanejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot Wheels
Jonas Jaeger
 
Strategische Personalplanung in der Assekuranz
Strategische Personalplanung in der AssekuranzStrategische Personalplanung in der Assekuranz
Strategische Personalplanung in der Assekuranz
STRIMgroup
 
PLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und OberflächenPLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und Oberflächen
Intelliact AG
 
Resume
ResumeResume
Resume
sudeshna roy
 
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without CodingDesign a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
SharePoint Saturday Hong Kong
 
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
OPITZ CONSULTING Deutschland
 
Unternehmensschieflagen vermeiden
Unternehmensschieflagen vermeidenUnternehmensschieflagen vermeiden
Unternehmensschieflagen vermeiden
Michael Danisch
 
Privatisierung öffentlicher Aufgaben
Privatisierung öffentlicher AufgabenPrivatisierung öffentlicher Aufgaben
Privatisierung öffentlicher AufgabenMichael Danisch
 
OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle ManagerOSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
Skills Matter
 

More Related Content

What's hot

Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012
IAB México
 
Waseda.L#3/@tkf
Waseda.L#3/@tkfWaseda.L#3/@tkf
Waseda.L#3/@tkf
tkf
 
Futsalf
FutsalfFutsalf
Futsalf
parenti55
 
Transformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statementsTransformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statements
Sage Computing Services
 
Deber base
Deber baseDeber base
Deber base
Marilyn Jaramillo
 
20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self
garrett honeycutt
 

What's hot (6)

Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012Presentación de Jeffrey Hayzlett Conecta 2012
Presentación de Jeffrey Hayzlett Conecta 2012
 
Waseda.L#3/@tkf
Waseda.L#3/@tkfWaseda.L#3/@tkf
Waseda.L#3/@tkf
 
Futsalf
FutsalfFutsalf
Futsalf
 
Transformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statementsTransformations - how Oracle rewrites your statements
Transformations - how Oracle rewrites your statements
 
Deber base
Deber baseDeber base
Deber base
 
20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self20110611 expanded intro-to_puppet_for_self
20110611 expanded intro-to_puppet_for_self
 

Viewers also liked

Practical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for BusinessesPractical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for Businesses
New Marketing Labs
 
Planejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | BrookfieldPlanejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | Brookfield
Jonas Jaeger
 
Syed mohamed ak
Syed mohamed akSyed mohamed ak
Syed mohamed ak
Syed Mohamed
 
A Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIALA Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIAL
acasacriativa
 
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & ConfigurazioneRiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
Alessandro Carichini
 
Sej seo-guide-2016
Sej seo-guide-2016Sej seo-guide-2016
Sej seo-guide-2016
Connecticut SEO Experts
 
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
Sandeep Ekhe
 
Planejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot WheelsPlanejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot Wheels
Jonas Jaeger
 
Strategische Personalplanung in der Assekuranz
Strategische Personalplanung in der AssekuranzStrategische Personalplanung in der Assekuranz
Strategische Personalplanung in der Assekuranz
STRIMgroup
 
PLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und OberflächenPLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und Oberflächen
Intelliact AG
 
Resume
ResumeResume
Resume
sudeshna roy
 
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without CodingDesign a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
SharePoint Saturday Hong Kong
 
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
OPITZ CONSULTING Deutschland
 
Unternehmensschieflagen vermeiden
Unternehmensschieflagen vermeidenUnternehmensschieflagen vermeiden
Unternehmensschieflagen vermeiden
Michael Danisch
 
Privatisierung öffentlicher Aufgaben
Privatisierung öffentlicher AufgabenPrivatisierung öffentlicher Aufgaben
Privatisierung öffentlicher AufgabenMichael Danisch
 

Viewers also liked (15)

Practical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for BusinessesPractical Web 2.0 Tools and Solutions for Businesses
Practical Web 2.0 Tools and Solutions for Businesses
 
Planejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | BrookfieldPlanejamento de Live Mkt | Brookfield
Planejamento de Live Mkt | Brookfield
 
Syed mohamed ak
Syed mohamed akSyed mohamed ak
Syed mohamed ak
 
A Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIALA Casa Criativa/ PROPOSTA COMERCIAL
A Casa Criativa/ PROPOSTA COMERCIAL
 
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & ConfigurazioneRiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
RiminiLUG. Mini Corso su Linux p1: Installazione & Configurazione
 
Sej seo-guide-2016
Sej seo-guide-2016Sej seo-guide-2016
Sej seo-guide-2016
 
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
CV SANDEEP_EKHE_ME_VLSI and Embedded Systems_4.9 year Exp in Embedded Firmwar...
 
Planejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot WheelsPlanejamento de Live Mkt | Hot Wheels
Planejamento de Live Mkt | Hot Wheels
 
Strategische Personalplanung in der Assekuranz
Strategische Personalplanung in der AssekuranzStrategische Personalplanung in der Assekuranz
Strategische Personalplanung in der Assekuranz
 
PLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und OberflächenPLM Open Hours - Definition von Farben und Oberflächen
PLM Open Hours - Definition von Farben und Oberflächen
 
Resume
ResumeResume
Resume
 
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without CodingDesign a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
Design a Mobile Workflow Solution on Office 365 & SharePoint Without Coding
 
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
Geschäftsprozessmanagement - Anspruch vs. Wirklichkeit - OPITZ CONSULTING - S...
 
Unternehmensschieflagen vermeiden
Unternehmensschieflagen vermeidenUnternehmensschieflagen vermeiden
Unternehmensschieflagen vermeiden
 
Privatisierung öffentlicher Aufgaben
Privatisierung öffentlicher AufgabenPrivatisierung öffentlicher Aufgaben
Privatisierung öffentlicher Aufgaben
 

Similar to Introducing Security Access Control Policies into Legacy Business Processes

OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle ManagerOSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
Skills Matter
 
SANS Log Management 2
SANS Log Management 2SANS Log Management 2
SANS Log Management 2
laurenfortune
 
Science Fiction Sensor Networks
Science Fiction Sensor NetworksScience Fiction Sensor Networks
Science Fiction Sensor Networks
Diego Pizzocaro
 
Developer Tools, Nokia Platforms Santtu Ahonen
Developer Tools, Nokia Platforms Santtu AhonenDeveloper Tools, Nokia Platforms Santtu Ahonen
Developer Tools, Nokia Platforms Santtu Ahonen
Ashley Walker
 
Steering Iterative and Incremental Delivery with Jeff Patton
Steering Iterative and Incremental Delivery with Jeff PattonSteering Iterative and Incremental Delivery with Jeff Patton
Steering Iterative and Incremental Delivery with Jeff Patton
UIEpreviews
 
Ph 35
Ph 35Ph 35
Ph 35
denisparkhoc
 
WALA Tutorial at PLDI 2010
WALA Tutorial at PLDI 2010WALA Tutorial at PLDI 2010
WALA Tutorial at PLDI 2010
Julian Dolby
 
InnoDB Magic
InnoDB MagicInnoDB Magic
InnoDB Magic
sunnygleason
 
Carnet des innovations 20 fev 2012
Carnet des innovations 20 fev 2012Carnet des innovations 20 fev 2012
Carnet des innovations 20 fev 2012
DFIE Lyon
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Yandex
 
Creative Direction
Creative DirectionCreative Direction
Creative Direction
sara8487
 
Conducting Experiments in Software Industry
Conducting Experiments in Software IndustryConducting Experiments in Software Industry
Conducting Experiments in Software Industry
Natalia Juristo
 
Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500
Cisco Russia
 
Soundararajan arthurbalci agile2012_handout_v1_0
Soundararajan arthurbalci agile2012_handout_v1_0Soundararajan arthurbalci agile2012_handout_v1_0
Soundararajan arthurbalci agile2012_handout_v1_0
drewz lin
 
Instantiations in cmmi for services
Instantiations in cmmi for servicesInstantiations in cmmi for services
Instantiations in cmmi for services
kendymondpti
 
Open Solaris 2009.06
Open Solaris 2009.06Open Solaris 2009.06
Open Solaris 2009.06
Alexis Moussine-Pouchkine
 
Blueprint+: Developing a Tool for Service Design
Blueprint+: Developing a Tool for Service DesignBlueprint+: Developing a Tool for Service Design
Blueprint+: Developing a Tool for Service Design
Andy Polaine
 
Ipad gump
Ipad gumpIpad gump
Ipad gump
Tuany Beiram
 
Interaction design
Interaction designInteraction design
Interaction design
feifei2011
 
Brand & UX: Toward a New Interpretation (Version 2)
Brand & UX: Toward a New Interpretation (Version 2)Brand & UX: Toward a New Interpretation (Version 2)
Brand & UX: Toward a New Interpretation (Version 2)
Mark Badger
 

Similar to Introducing Security Access Control Policies into Legacy Business Processes (20)

OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle ManagerOSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
 
SANS Log Management 2
SANS Log Management 2SANS Log Management 2
SANS Log Management 2
 
Science Fiction Sensor Networks
Science Fiction Sensor NetworksScience Fiction Sensor Networks
Science Fiction Sensor Networks
 
Developer Tools, Nokia Platforms Santtu Ahonen
Developer Tools, Nokia Platforms Santtu AhonenDeveloper Tools, Nokia Platforms Santtu Ahonen
Developer Tools, Nokia Platforms Santtu Ahonen
 
Steering Iterative and Incremental Delivery with Jeff Patton
Steering Iterative and Incremental Delivery with Jeff PattonSteering Iterative and Incremental Delivery with Jeff Patton
Steering Iterative and Incremental Delivery with Jeff Patton
 
Ph 35
Ph 35Ph 35
Ph 35
 
WALA Tutorial at PLDI 2010
WALA Tutorial at PLDI 2010WALA Tutorial at PLDI 2010
WALA Tutorial at PLDI 2010
 
InnoDB Magic
InnoDB MagicInnoDB Magic
InnoDB Magic
 
Carnet des innovations 20 fev 2012
Carnet des innovations 20 fev 2012Carnet des innovations 20 fev 2012
Carnet des innovations 20 fev 2012
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
 
Creative Direction
Creative DirectionCreative Direction
Creative Direction
 
Conducting Experiments in Software Industry
Conducting Experiments in Software IndustryConducting Experiments in Software Industry
Conducting Experiments in Software Industry
 
Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500Архитектура коммутаторов Cisco Catalyst 6500
Архитектура коммутаторов Cisco Catalyst 6500
 
Soundararajan arthurbalci agile2012_handout_v1_0
Soundararajan arthurbalci agile2012_handout_v1_0Soundararajan arthurbalci agile2012_handout_v1_0
Soundararajan arthurbalci agile2012_handout_v1_0
 
Instantiations in cmmi for services
Instantiations in cmmi for servicesInstantiations in cmmi for services
Instantiations in cmmi for services
 
Open Solaris 2009.06
Open Solaris 2009.06Open Solaris 2009.06
Open Solaris 2009.06
 
Blueprint+: Developing a Tool for Service Design
Blueprint+: Developing a Tool for Service DesignBlueprint+: Developing a Tool for Service Design
Blueprint+: Developing a Tool for Service Design
 
Ipad gump
Ipad gumpIpad gump
Ipad gump
 
Interaction design
Interaction designInteraction design
Interaction design
 
Brand & UX: Toward a New Interpretation (Version 2)
Brand & UX: Toward a New Interpretation (Version 2)Brand & UX: Toward a New Interpretation (Version 2)
Brand & UX: Toward a New Interpretation (Version 2)
 

More from Sébastien Mosser

A commutative model composition operator to support software adaptation
A commutative model composition operator to support software adaptationA commutative model composition operator to support software adaptation
A commutative model composition operator to support software adaptation
Sébastien Mosser
 
Towards CloudML, a Model-Based Approach to Provision Resources in the Clouds
Towards CloudML, a Model-Based Approach to Provision Resources in the CloudsTowards CloudML, a Model-Based Approach to Provision Resources in the Clouds
Towards CloudML, a Model-Based Approach to Provision Resources in the Clouds
Sébastien Mosser
 
Tools For Software Engineering
Tools For Software EngineeringTools For Software Engineering
Tools For Software Engineering
Sébastien Mosser
 
La Thèse ...
La Thèse ...La Thèse ...
La Thèse ...
Sébastien Mosser
 
Using Domain Feature to handle Feature Interactions
Using Domain Feature to handle Feature InteractionsUsing Domain Feature to handle Feature Interactions
Using Domain Feature to handle Feature Interactions
Sébastien Mosser
 
Cloud Computing: From Revolution to Evolution
Cloud Computing: From Revolution to EvolutionCloud Computing: From Revolution to Evolution
Cloud Computing: From Revolution to Evolution
Sébastien Mosser
 
Undoing Event-driven Adaptation of Business Processes
Undoing Event-driven Adaptation of Business ProcessesUndoing Event-driven Adaptation of Business Processes
Undoing Event-driven Adaptation of Business Processes
Sébastien Mosser
 
Talk Session COSMAL du GDR GPL 2011
Talk Session COSMAL du GDR GPL 2011Talk Session COSMAL du GDR GPL 2011
Talk Session COSMAL du GDR GPL 2011
Sébastien Mosser
 
Behavioral Compositions in Service-Oriented Architecture
Behavioral Compositions in Service-Oriented ArchitectureBehavioral Compositions in Service-Oriented Architecture
Behavioral Compositions in Service-Oriented Architecture
Sébastien Mosser
 
ADAM Seminary
ADAM SeminaryADAM Seminary
ADAM Seminary
Sébastien Mosser
 
Software Composition 2010
Software Composition 2010Software Composition 2010
Software Composition 2010
Sébastien Mosser
 
jSeduite "Quickies" au Riviera JUG
jSeduite "Quickies" au Riviera JUGjSeduite "Quickies" au Riviera JUG
jSeduite "Quickies" au Riviera JUG
Sébastien Mosser
 
jSeduite @UNICE Foundation
jSeduite @UNICE FoundationjSeduite @UNICE Foundation
jSeduite @UNICE Foundation
Sébastien Mosser
 
Taming Orchestration Design Using ADORE
Taming Orchestration Design Using ADORETaming Orchestration Design Using ADORE
Taming Orchestration Design Using ADORE
Sébastien Mosser
 
Adore Demonstration (AOSD'10)
Adore Demonstration (AOSD'10)Adore Demonstration (AOSD'10)
Adore Demonstration (AOSD'10)
Sébastien Mosser
 
Builsing DSL using MDE
Builsing DSL using MDEBuilsing DSL using MDE
Builsing DSL using MDE
Sébastien Mosser
 
Le Framework jSeduite
Le Framework jSeduiteLe Framework jSeduite
Le Framework jSeduite
Sébastien Mosser
 

More from Sébastien Mosser (18)

A commutative model composition operator to support software adaptation
A commutative model composition operator to support software adaptationA commutative model composition operator to support software adaptation
A commutative model composition operator to support software adaptation
 
Towards CloudML, a Model-Based Approach to Provision Resources in the Clouds
Towards CloudML, a Model-Based Approach to Provision Resources in the CloudsTowards CloudML, a Model-Based Approach to Provision Resources in the Clouds
Towards CloudML, a Model-Based Approach to Provision Resources in the Clouds
 
Tools For Software Engineering
Tools For Software EngineeringTools For Software Engineering
Tools For Software Engineering
 
La Thèse ...
La Thèse ...La Thèse ...
La Thèse ...
 
Using Domain Feature to handle Feature Interactions
Using Domain Feature to handle Feature InteractionsUsing Domain Feature to handle Feature Interactions
Using Domain Feature to handle Feature Interactions
 
Cloud Computing: From Revolution to Evolution
Cloud Computing: From Revolution to EvolutionCloud Computing: From Revolution to Evolution
Cloud Computing: From Revolution to Evolution
 
Undoing Event-driven Adaptation of Business Processes
Undoing Event-driven Adaptation of Business ProcessesUndoing Event-driven Adaptation of Business Processes
Undoing Event-driven Adaptation of Business Processes
 
Talk Session COSMAL du GDR GPL 2011
Talk Session COSMAL du GDR GPL 2011Talk Session COSMAL du GDR GPL 2011
Talk Session COSMAL du GDR GPL 2011
 
Behavioral Compositions in Service-Oriented Architecture
Behavioral Compositions in Service-Oriented ArchitectureBehavioral Compositions in Service-Oriented Architecture
Behavioral Compositions in Service-Oriented Architecture
 
ADAM Seminary
ADAM SeminaryADAM Seminary
ADAM Seminary
 
Software Composition 2010
Software Composition 2010Software Composition 2010
Software Composition 2010
 
jSeduite "Quickies" au Riviera JUG
jSeduite "Quickies" au Riviera JUGjSeduite "Quickies" au Riviera JUG
jSeduite "Quickies" au Riviera JUG
 
jSeduite @UNICE Foundation
jSeduite @UNICE FoundationjSeduite @UNICE Foundation
jSeduite @UNICE Foundation
 
Taming Orchestration Design Using ADORE
Taming Orchestration Design Using ADORETaming Orchestration Design Using ADORE
Taming Orchestration Design Using ADORE
 
Adore Demonstration (AOSD'10)
Adore Demonstration (AOSD'10)Adore Demonstration (AOSD'10)
Adore Demonstration (AOSD'10)
 
Builsing DSL using MDE
Builsing DSL using MDEBuilsing DSL using MDE
Builsing DSL using MDE
 
Entrepôt'Lytech JM2L
Entrepôt'Lytech JM2LEntrepôt'Lytech JM2L
Entrepôt'Lytech JM2L
 
Le Framework jSeduite
Le Framework jSeduiteLe Framework jSeduite
Le Framework jSeduite
 

Recently uploaded

math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Constructing Your Course Container for Effective Communication
Constructing Your Course Container for Effective CommunicationConstructing Your Course Container for Effective Communication
Constructing Your Course Container for Effective Communication
Chevonnese Chevers Whyte, MBA, B.Sc.
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
BoudhayanBhattachari
 
Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
PsychoTech Services
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
spdendr
 
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdfIGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
Amin Marwan
 

Recently uploaded (20)

math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Constructing Your Course Container for Effective Communication
Constructing Your Course Container for Effective CommunicationConstructing Your Course Container for Effective Communication
Constructing Your Course Container for Effective Communication
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
 
Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
 
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdfIGCSE Biology Chapter 14- Reproduction in Plants.pdf
IGCSE Biology Chapter 14- Reproduction in Plants.pdf
 

Introducing Security Access Control Policies into Legacy Business Processes

  • 1. Introducing Security Control Access Policies into Legacy Business Processes 1 2 3 Fáber D. Giraldo, Mireille Blay-Fornarino and Sébastien Mosser 1: System and Computer Engineering, University of Quindío, Colombia 2: I3S (UMR CNRS 6070), Université Nice - Sophia Antipolis, France 3: INRIA Lille-Nord Europe, LIFL (UMR CNRS 8022), Université Lille 1, France EDOC 2011, Helsinki, Finland
  • 2. Problem : Security & Business Processes • Business processes • Model (business) behavior in a Service-oriented Architecture • Think «activity diagram» in the UML • As complex as the modeled business: no magic here (at least yet) • Security is often handled at the infrastructure level (e.g., WS-*) • But clearly impacts modeled behaviors (e.g., «role-based access control») 2
  • 3. Case Study: Car Crash Crisis Mgmt System • Requirement documents specified in [Kienzle et al, 2010] • Special issue of TAOSD, focusing on Aspect Oriented Modeling • Contents: • 8 main success scenario • 27 business extensions • 3 non-functional properties • How to handle a Car Crash accident? 3
  • 6. Proposition: Consider Security as Concern • Existing approaches deal with Separation of Concerns: • Concerns reification (e.g., «Aspects» in Aspect-oriented Programming) • Composition with legacy systems (e.g., «Aspect weaving») • Security (e.g., XACML standard) can be considered as another concern • Thus composed with other concerns (e.g., persistence standard) • Compliant with concern reasoning approaches • E.g, interaction detection mechanisms 6
  • 7. sidered as a concern (e.g., requirements specification. All orchestrations are ation could be extended to calls to services (even the fragments themselve r business processes, if it A DORE focus on the modeling of orchestrations r compositions of services Implementation modeling the internal behavior of services or acti and considering security sed control access policies. • «Activity moDel to suppOrt iques oRchestration Evolution» [TAOSD’10] has been widely ac- ! sulate functional and non- modules overconcerns as • Consider a software "# $%&'(()*+,*-.%++/0&12(3$4) el of abstraction by identi- be composed «process fragments» to ;%&'(( which is a existing processes with targeted goal of "8# -.%++7'((94&63/&':'-"&'0/$4) • Support fragment composition through %&'(( different (endogenous) algorithms e extended to the treatment "8 $"4&6)*+,*-.%++"4&6<%3=$4) • Algorithms ensure compositional properties nd its derived implications, "4&6 ;"4&6 siness processes managed ditional features to preservation • E.g., order func- 6 6007$4) & &6=0>$?@"294&63/&':'-"&'0/?) access control as a non- ts the Provide interference detection mechanisms 5 • functional part of a 7
  • 8. Endogenous Composition of Concerns hal-00594845, version 1 - 21 May 2011 Figure 2. A DORE XACML Fragment. ! ! "# $%&'"(%)*&+,-./0.12&//3"(%)"4+*&+,$5- %&'"(%)*&+, " #$%&'()'"**+#& "7 $,+&89:&+-./0.8)8//;<=>?,+@5+&4$,+&95,1+- -. #"$/0*12&'()'"*/3$0-4/((567//8$/0*12#$%& "K "H $3"(5+&?%&4-./0.8%8//I+4<44,%J54+'"(5+&$5- $"11+&&-./0.8)8//1928",+$,+&89:&+L3"(5+&?%&4- F%&'"(%)*&+, ⊕ 0 #9&'()'$/:*0:644#"$/0*12& 9 "11+&& F"11+&& ;9 -< 6$((%$/34-28$/0*12#=1+>"$/0*12& A A99G$- 4# 4A,9B$CD+:E.<11+&&C- , 6 XACML PEP concern Hospital EIS concern Figure 3. retrieveVictimHistory fragment Figure 2. A DORE XACML Fragment. 8
  • 9. Composition leads to Iterative Process Modeling ! " #$%&'()'"**+#& -. #$/0-1$%2/34&'()'56/((7-1$%-832/34#94+& !"# $%!&'"!(')*(+,-.,!/"/*#/$+ $/0-1$%2/34 01 $*234/5+,-.,6*--5!7)589*"8*):/("!*58*72$%!&+ -A #43/;*C/3&'()';%;((DEFGH43I=3/8#$%& 0; $*<+,-.,6*--5!7)589*"8*)=</28*8>$%!&+ -M #7-1=3/H$/8&'()';$;((<38E884$N=830-1=3/#94+& @$/0-1$%2/34 0?@ $A7(5+,-.,")(--*</28*B>C55!75!*08/D7(5*80E$*234/5')*(FE7"+ -O #-553//&'()';%;((5*6;-43#43/;*C/3B7-1=3/H$/8& -553// @-553// rsion 1 - 21 May 2011 ⊕ 0?1 6*--<*(5E0>:/(8*208*72$%!&'A7(5+ -. #"$/8*4:&'()'"*/;$8-1/((<=3//>$/8*4:#$%& -J 8"4*9#KL3C:'E553//K& 0G )(HI6(--%0*8?)(H$J*2B7J'JE/0#*2HJ'%!&+ 8 #5&'()'$/?*8?=11#"$/8*4:& 0K )(HI6(--%0*8?)(H$J*2B7J'J#*"8*):!755/<J'%!&+ 5 0L )(HI6(--(/2<$J(8086(J'J(6""/((J')*(+ @5 -A =$((%$/;1-:>$/8*4:#94+B"$/8*4:& !5E !/5E>$+ , Composed Concern Initial Process (a) Initial version 9
  • 10. !"# $%!&'"!(')*(+,-.,!/"/*#/$+ Results 0; $*<+,-.,6*--5!7)589*"8*)=</28*8>$%!&+ 01 $*234/5+,-.,6*--5!7)589*"8*):/("!*58*72$%!&+ 0G $*(90E*<H(/!+,-.,")(--#0E*<08/H(/!$%!&+ • Final process designed through *(90E*<H(/! the composition of smaller artifacts 01@ $!/(572(/+,-.,5<5--ICJKL!/M6/(8$*<+ P*(90E*<H(/! 011 $#0E6/(L*(8+,-.,5*5--Q/8C88!*R68/90E6/($%!&+ • Security fragments are «process independent» 01; $0""/((+,-.,5<5--"7)50!/$!/(572(/'#0E6/(L*(8+ P0""/(( 0""/(( • Thus can be reused in other 01N 8A!7%$O:/2>,C""/((O+ 01? $A*(87!>+,-.,A7(5*80E(--Q6/((D*(87!>$*<+ systems 01G $"+,-.,*(S78S6EE$A*(87!>+ • Approach applied successfully on " the complete CCCMS 01T 6*--<*(5E0>D*(87!>$A*(87!>'%!&+ P" 0?@ $A7(5+,-.,")(--*</28*B>C55!75!*08/D7(5*80E$*234/5')*(FE7"+ 10 FFF
  • 11. Conclusions & Perspectives • Achievements • XACML behaviors implemented as process fragments • Approach applied to a concrete and complex case study • Future Works • Final process «optimization» (e.g., avoid redundant activities) • Raise the abstraction level into a more «semantic-driven» approach • «I want this process to be secured», automagically 11
  • 12. Graphics: sxc.hu & C.line Thank You for Your Attention ! Introducing Security Control Access Policies into Legacy Business Processes Fáber D. Giraldo, Mireille Blay-Fornarino and Sébastien Mosser 1: System and Computer Engineering, University of Quindío, Colombia 2: I3S (UMR CNRS 6070), Université Nice - Sophia Antipolis, France 3: INRIA Lille-Nord Europe, LIFL (UMR CNRS 8022), Université Lille 1, France

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n