Identity business processes

  title={Identity business processes},
  author={Jens M{\"u}ller and Klemens B{\"o}hm},
  journal={Int. J. Trust. Manag. Comput. Commun.},
To facilitate information-system security, e.g., access control or audit, the entities involved play a key role. This makes identity management an important task. The success of service-oriented architectures (SOA) has lead to the development of federated identity management (FIM), to deal with the dynamic nature of SOA and to achieve economies of scale. Business processes in SOA are a composition of services provided by IT systems and manual actions performed by humans. Such compositions… 
1 Citations

Figures from this paper

Security Mechanisms for Workflows in Service-Oriented Architectures
Eine Architektur fur die sichere Ausfuhrung von Workflows and the Integration with Identitatsmanagement-Systemen entwickelt, die neue Anwendungen mit verbesserter Sicherheit and Privatsphare ermoglicht.


The Architecture of a Secure Business-Process-Management System in Service-Oriented Environments
The core contribution of this paper is to propose how to extend the WfMC reference architecture for BPMS to accomplish this, and the resulting architecture is generic and integrates with existing SOA technologies like federated identity management.
Security Requirements Specification in Service-Oriented Business Process Management
This paper introduces security elements for business process modelling which allow to evaluate the trustworthiness of participants based on a rating of enterprise assets and to express security intentions such as confidentiality or integrity on an abstract level.
An integrated approach for identity and access management in a SOA context
An approach for identity and access management (IAM) in the context of (cross-organizational) service-oriented architectures (SOA) that enables (non-technical) domain experts to participate in defining and maintaining IAM policies in a SOA context is presented.
Identity Attribute-Based Role Provisioning for Human WS-BPEL Processes
RBAC-WS-BPEL is extended with an identity attribute-based role provisioning approach that preserves the privacy of the users who claim the execution of human activities and uses Pedersen commitments, aggregated zero knowledge proof of knowledge, and Oblivious Commitment-Based Envelope protocols to achieve privacy of user identity information.
Attributed based access control (ABAC) for Web services
  • E. Yuan, Jin Tong
  • Computer Science
    IEEE International Conference on Web Services (ICWS'05)
  • 2005
The paper describes the ABAC model in terms of its authorization architecture and policy formulation, and makes a detailed comparison between ABAC and traditional role-based models, which clearly shows the advantages of ABAC.
A BPMN Extension for the Modeling of Security Requirements in Business Processes
The Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams is summarized and an approach to a typical health-care business process is applied.
Security for Web Services and Service-Oriented Architectures
Elisa Bertino and her coauthors provide a comprehensive guide to security for Web services and SOA, covering in detail all recent standards that address Web service security, including XML Encryption, XML Signature, WS-Security, and WS-SecureConversation.
The consistency of task-based authorization constraints in workflow
A model for constrained workflow systems that includes local and global cardinality constraints, separation ofduty constraints and binding of duty constraints is defined, and the notion of a workflow specification and of a constrained workflow authorization schema are defined.
Multi-session Separation of Duties (MSoD) for RBAC
This paper proposes multi-session SoD policies for business processes which include multiple tasks enacted by multiple users over many user access control sessions, and explores the means to define MSoD policies in RBAC via multi- Session mutually exclusive roles (MMER) and multi- session mutually exclusive privileges (MMEP).
Access Control and Authorization Constraints for WS-BPEL
The RBAC-WS-BPEL and BPCL languages are developed, which provide for the specification of authorization information associated with a business process specified in WS- BPEL, while BPCL provides for the articulation of authorization constraints.