About the journal

• Home page
• Contact information
• Aims and scope
• Indexing information
• Editorial policies
• ComSIS consortium
• Journal boards
• Managing board

For authors

• Information for contributors
• Paper submission
• Article submission through OJS
• Copyright transfer form
• Download section

For readers

• Forthcoming articles
• Current issue
• Archive

For reviewers

• View and review submissions

News

• Journal's Facebook page
• Calls for special issues
• New issue notification

Context-sensitive Access Control Model for Business Processes

Goran Sladić¹, Branko Milosavljević¹ and Zora Konjović¹

1. Faculty of Technical Sciences, University of Novi Sad, Trg D. Obradovića 6
   21000 Novi Sad, Serbia
   {sladicg, mbranko, ftn_zora}@uns.ac.rs

Abstract

This paper focuses on problems of access control for business processes. The subject of the paper is a specification of the Contextsensitive access control model for business processes (COBAC). In order to efficiently define and enforce access control for different business processes, the COBAC model is based on the RBAC (Role-based Access Control) model which is extended with the following entities: context, business process, activity and resource category. By using a context-sensitive access control it is possible to define more complex access control policies whose implementation by existing access control models for business processes is not possible or is very complicated. The COBAC’s context model can describe rich context information and can be easily extended for specific cases. The introduction of business process and activity entities has facilitated the definition of access control policies for business processes. The categorization of resources enables the definition of access control policies for whole resource categories, and thus, potentially, reduces the number of policies which need to be defined. The COBAC model is applicable in different business information systems, and supports the definition of access control policies for both simple and complex business processes. The model is verified by a case study on a real business process.

Key words

access control, RBAC, context-sensitive, workflow, business process

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS110907042S

Publication information

Volume 10, Issue 3 (June 2013)
Year of Publication: 2013
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

Available in PDF
Portable Document Format

How to cite

Sladić, G., Milosavljević, B., Konjović, Z.: Context-sensitive Access Control Model for Business Processes. Computer Science and Information Systems, Vol. 10, No. 3, 940-972. (2013), https://doi.org/10.2298/CSIS110907042S