Abstract
XACML has become the defacto standard for enterprise-wide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task instance, which are important requirements in enforcing business process authorisation policies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, A.: Xacml profile for role based access control (rbac), committee draft 01. Standard, OASIS, February 2004
Anderson, A.: Core and hierarchical role based access control (rbac) profile of xacml version 2.0, oasis standard. Standard, OASIS Open, February 2005
Atluri, V., Kuang Huang, W.: An authorization model for workflows. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) European Symposium on Research in Computer Security. LNCS, vol. 1146, pp. 44–64. Springer, Heidelberg (1996)
Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: Securebpmn: Modeling and enforcing access control requirements in business processes. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT 2012, pp. 123–126. ACM, New York (2012)
Ferraiolo, D., Kuhn, D.: Role-Based Access Control. In: 15th National Computer Security Conference, pp. 554–563, October 1992
Gartner. Leading in times of transition: The 2010 CIO agenda. In Gartner EXP CIO report (2010)
Leitner, M., Rinderle-Ma, S., Mangler, J.: Aw-rbac: access control in adaptive workflow systems. In: Sixth International Conference on Availability, Reliability and Security, ARES, pp. 27–34. IEEE (2011)
Liu, A.X., Chen, F., Hwang, J., Xie, T.: Xengine: A fast and scalable xacml policy evaluation engine. In: Proceedings of the 2008 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2008, pp. 265–276. ACM, New York (2008)
Moses, T.: Extensible access control markup language (xacml) version 2.0. oasis standard. Technical report, OASIS Open (2005)
Mülle, J., Stackelberg, S.V., Böhm, K.: A security language for bpmn process models. In: Karlsruhe Reports in Informatics, Karlsruhe (2011)
Oh, S., Park, S.: Task-Role Based Access Control (T-RBAC): An Improved Access Control Model for Enterprise Environment. In: Ibrahim, M., Küng, J., Revell, N. (eds.) DEXA 2000. LNCS, vol. 1873, pp. 264–273. Springer, Heidelberg (2000)
Samarati, P., di Vimercati, S.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role - based access control models. IEEE Computer 29, 38–47 (1996)
Sinha, S., Sinha, S.K., Purkayastha, B.S.: Synchronization of Authorization Flow with Work Object Flow in a Document Production Workflow Using XACML and BPEL. In: Das, V.V., Vijaykumar, R. (eds.) ICT 2010. CCIS, vol. 101, pp. 365–370. Springer, Heidelberg (2010)
Strembeck, M., Mendling, J.: Modeling process-related rbac models with extended uml activity models. Information & Software Technology 53, 456–483 (2011)
Wainer, J., Kumar, A., Barthelmess, P.: WRBAC a work-flow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems (IJCIS) 4, 455–486 (2003)
Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: A formal security model of delegation and revocation in workflow systems. Inf. Syst. 32(3), 365–384 (2007)
Wolter, C., Schaad, A., Meinel, C.: Deriving XACML Policies from Business Process Models. In: Weske, M., Hacid, M.-S., Godart, C. (eds.) WISE Workshops 2007. LNCS, vol. 4832, pp. 142–153. Springer, Heidelberg (2007)
Wolter, C., Weiss, C., Meinel, C.: An xacml extension for business process-centric access control policies. In: IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, pp. 166–169, July 2009
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Alissa, K., Reid, J., Dawson, E., Salim, F. (2015). BP-XACML an Authorisation Policy Language for Business Processes. In: Foo, E., Stebila, D. (eds) Information Security and Privacy. ACISP 2015. Lecture Notes in Computer Science(), vol 9144. Springer, Cham. https://doi.org/10.1007/978-3-319-19962-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-19962-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19961-0
Online ISBN: 978-3-319-19962-7
eBook Packages: Computer ScienceComputer Science (R0)