Aligning Access Rights to Governance Needs with the Responsability MetaModel (ReMMo) in the Frame of Enterprise Architecture

Research output: External Thesis Doctoral Thesis

376 Downloads (Pure)

Abstract

Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following a design science and action design based research method and the results have been evaluated through an extended case study at the Centre Hospitalier de Luxembourg.
Original languageEnglish
QualificationPh.D.
Awarding Institution
  • University of Namur
Supervisors/Advisors
  • Petit, Michaël, Supervisor
Thesis sponsors
Award date14 Mar 2014
Publication statusPublished - 14 Mar 2014

Fingerprint

Industry

Cite this

@phdthesis{aeca330393934870b6a7a176a5bc15b2,
title = "Aligning Access Rights to Governance Needs with the Responsability MetaModel (ReMMo) in the Frame of Enterprise Architecture",
abstract = "Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following a design science and action design based research method and the results have been evaluated through an extended case study at the Centre Hospitalier de Luxembourg.",
author = "Christophe Feltus",
year = "2014",
month = "3",
day = "14",
language = "English",
school = "University of Namur",

}

TY - THES

T1 - Aligning Access Rights to Governance Needs with the Responsability MetaModel (ReMMo) in the Frame of Enterprise Architecture

AU - Feltus, Christophe

PY - 2014/3/14

Y1 - 2014/3/14

N2 - Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following a design science and action design based research method and the results have been evaluated through an extended case study at the Centre Hospitalier de Luxembourg.

AB - Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following a design science and action design based research method and the results have been evaluated through an extended case study at the Centre Hospitalier de Luxembourg.

M3 - Doctoral Thesis

ER -