Please use this identifier to cite or link to this item: http://hdl.handle.net/1959.14/149769
5 Visitors8 Hits1 Downloads
BPEL4RBAC : an authorisation specification for WS-BPEL
International Conference on Web Information Systems Engineering (9th : 2008) (1 - 3 September 2008 : Auckland)
Bailey, James; Maier, David; Schewe, Klaus-Dieter; Thalheim, Bernhard and Wang, Xiaoyang Sean. Web information systems engineering--WISE 2008 : 9th international conference, Auckland, New Zealand, September 1-3, 2008 : proceedings, p.381-395
Business process management is designed to make business activities and trade easier and more cost effective. The increasing business integration and legal requirements raise the need for secure business processes. However, the openness and distribution nature of inter-organisational business processes may result in more security breaches. As a widely accepted standard, WS-BPEL does not support for business process security protection even if the participating organisations already have working security policies. To address this problem, we have developed an authorisation specification BPEL4RBAC for WS-BPEL. Through BPEL4RBAC access control model, with an extension for WS-BPEL, called BPEL4RBAC policy language, the secure WS-BPEL is then achievable. The former introduces the access control capability into business process environment while the latter is used to represent the authorisation information in WS-BPEL.