Enhancement of Business IT Alignment by Including Responsibility Components in RBAC

Christophe Feltus, Michaël Petit, Morris Sloman

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution

121 Downloads (Pure)

Abstract

Good corporate governance requires an improvement of the definition and the enforcement of the employees' responsibility throughout the companies' processes. In the field of information technology, one translation of this requirement targets a strict alignment of the access control policy with the permissions needed by the employees to achieve the obligations linked to their responsibilities. There has been much work related to access control over three decades and Role Based Access Control (RBAC) has emerged as a reference model in that discipline. Although its advantages have been largely recognized, when taking into account the new governance constraints, it appears that its mechanism of assignment of users' permissions is improvable. In this paper, we propose enhancements of RBAC by taking into account the concept of responsibility and explain it can be modeled using the OWL Web Ontology Language.
Original languageEnglish
Title of host publicationProceedings of the CAiSE 2010 Workshop Business/IT Alignment and Interoperability (BUSITAL2010)
Subtitle of host publicationHeld in conjunction with CAiSE 2010 Conference
EditorsM Petit, G Gal, A Castiaux, J Ralyté, P Plebani
Pages61-75
Number of pages15
Volume599
Publication statusPublished - 2010

Keywords

  • Accountability
  • Policy
  • Commitment
  • Role
  • Responsibility
  • Separation of Duty.
  • Access Control
  • Capability

Fingerprint

Dive into the research topics of 'Enhancement of Business IT Alignment by Including Responsibility Components in RBAC'. Together they form a unique fingerprint.

Cite this