Articles
| Open Access |
NAVIGATING CONTEXTUAL CONSTRAINTS: A HOLISTIC APPROACH TO BUSINESS PROCESS ACCESS CONTROL
Gordana Slivka , Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovi´ca Novi Sad, SerbiaAbstract
Effective access control in business processes requires a nuanced understanding of contextual constraints to ensure the integrity and security of organizational workflows. This paper proposes a holistic approach to business process access control, emphasizing the integration of contextual factors into access management strategies. By considering dynamic attributes such as user roles, environmental conditions, task dependencies, and organizational policies, the proposed framework aims to adapt access control decisions in real-time to accommodate changing business requirements and mitigate security risks. Drawing upon principles of adaptive access control and contextual reasoning, the framework seeks to enhance flexibility, scalability, and resilience in managing access to critical business processes. Through a comprehensive analysis of contextual constraints and their implications for access control, this paper offers insights into the design and implementation of robust access management systems tailored to the specific needs of modern organizations.
Keywords
Business process, access control, contextual constraints
References
Abowd, G.D., Dey, A.K., Brown, P.J., Davies, N., Smith, M., Steggles, P.: Towards a better understanding of context and context-awareness. In: HUC ’99: Proceedings of the 1st international symposium on Handheld and Ubiquitous Computing. pp. 304–307. Springer-Verlag (1999)
Abowd, G.D., Mynatt, E.D., Rodden, T.: The human experience. IEEE Pervasive Computing 1(1), 48–57 (2002)
Bao, Y., Song, J., Wang, D., Shen, D., Yu, G.: A role and context based access control model with UML. In: International Conference for Young Computer Scientists. vol. 0, pp. 1175–1180. IEEE Computer Society (2008)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191–233 (2001)
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: SACMAT ’05: Proceedings of the tenth ACM symposium on Access control models and technologies. pp. 29–37. ACM (2005)
Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization con- straints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web- services. Distributed and Parallel Databases 18(1), 83–105 (2005)
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.B.: XML-based specification for web services document security. Computer 37(4), 41–49 (2004)
Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3), 666–682 (2001)
Article Statistics
Downloads
Copyright License
Copyright (c) 2024 Gordana Slivka
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright and Ethics:
- Authors are responsible for obtaining permission to use any copyrighted materials included in their manuscript.
- Authors are also responsible for ensuring that their research was conducted in an ethical manner and in compliance with institutional and national guidelines for the care and use of animals or human subjects.
- By submitting a manuscript to International Journal of Computer Science & Information System (IJCSIS), authors agree to transfer copyright to the journal if the manuscript is accepted for publication.