Affiliation:
1. Instituto Superior Técnico, Universidade de Lisboa, Portugal & Instituto de Engenharia de Sistemas e Computadores – Investigação e Desenvolvimento, Portugal
Abstract
Access control models (ACM) offers the guarantee that only the qualified users can gain access to the artifacts contained in business processes. Business processes are designed, implemented, and operated using many industrial standards that challenge the interoperation with access control standards. Enterprise engineering (EE) introduces rigorous capabilities to design and implement the essential concepts related with the dynamic of business processes. ACM deals with the systematic design and implementation of dynamic and static access control concepts to qualify the access of the users to the artifacts. This chapter proposes an ontological integration between EE and ACM concepts in order to enable the discussion of access control in the deep structure of the business processes. ACM integrated with EE allow the run-time qualification of the actors while they perform all the business process steps and not only at invocation time. The proposal encompasses business process designed with DEMO ontology and role-based access control concepts using a mathematical model logic description.