PASOAC-net: A Petri-net model to manage authorization in service-based business process

Haiyang Sun*, Weiliang Zhao, Surya Nepal

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

1 Citation (Scopus)

Abstract

A successful execution of a Business Process (BP) is possible only if the proper coordination exists between (1) BP's execution policy, (2) BP's authorization policy, and (3) the authorization policies of BP's resources. Hence, there is a need of an effective authorization model that brings all types of policies together for a BP executing successfully without breaking any authorization and business rules. This paper proposes a Petri-Net process model, Process-Aware Service-Oriented Authorization Control Net (PASOAC-Net). PASOAC-Net is developed based on the conceptual model PASOAC, an extension of Role Based Access Control (RBAC), which takes both resources and users into account. A set of authorization constraints is designed in PASOAC to coordinate the user access and the resource support in a process environment.

Original languageEnglish
Title of host publicationService-Oriented Computing - 10th International Conference, ICSOC 2012, Proceedings
EditorsChengfei Liu, Heiko Ludwig, Farouk Toumani, Qi Yu
Place of PublicationHeidelberg
PublisherSpringer, Springer Nature
Pages566-573
Number of pages8
Volume7636 LNCS
ISBN (Print)9783642343209
DOIs
Publication statusPublished - 2012
Event10th International Conference on Service-Oriented Computing, ICSOC 2012 - Shanghai, China
Duration: 12 Nov 201215 Nov 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7636 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other10th International Conference on Service-Oriented Computing, ICSOC 2012
CountryChina
CityShanghai
Period12/11/1215/11/12

Fingerprint

Dive into the research topics of 'PASOAC-net: A Petri-net model to manage authorization in service-based business process'. Together they form a unique fingerprint.

Cite this