TY - GEN
T1 - A rule-based framework using role patterns for business process compliance
AU - Kumar, Akhil
AU - Liu, Rong
PY - 2008
Y1 - 2008
N2 - In view of recent business scandals that prompted the Sarbanes-Oxley legislation, there is a greater need for businesses to develop systematic approaches to designing business processes that comply with organizational policies. Moreover, it should be possible to express the policy and relate it to a given process in a descriptive or declarative manner. In this paper we propose role patterns, and show how they can be associated with generic task categories and processes in order to meet standard requirements of internal control principles in businesses. We also show how the patterns can be implemented using built-in constraints in a logic-based language like Prolog. While the role patterns are general, this approach is flexible and extensible because user-defined constraints can also be asserted in order to introduce additional requirements as dictated by business policy. The paper also discusses control requirements of business processes, and explores the interactions between role based access control (RBAC) mechanisms and workflows.
AB - In view of recent business scandals that prompted the Sarbanes-Oxley legislation, there is a greater need for businesses to develop systematic approaches to designing business processes that comply with organizational policies. Moreover, it should be possible to express the policy and relate it to a given process in a descriptive or declarative manner. In this paper we propose role patterns, and show how they can be associated with generic task categories and processes in order to meet standard requirements of internal control principles in businesses. We also show how the patterns can be implemented using built-in constraints in a logic-based language like Prolog. While the role patterns are general, this approach is flexible and extensible because user-defined constraints can also be asserted in order to introduce additional requirements as dictated by business policy. The paper also discusses control requirements of business processes, and explores the interactions between role based access control (RBAC) mechanisms and workflows.
KW - Compliant business process
KW - Constraints
KW - Control policies
KW - Declarative approach
KW - Generic role patterns
KW - Internal control
KW - Rules
KW - Sarbanes-oxley
KW - Separation of duty
KW - Task categories
UR - http://www.scopus.com/inward/record.url?scp=57349133023&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=57349133023&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-88808-6_9
DO - 10.1007/978-3-540-88808-6_9
M3 - Conference contribution
AN - SCOPUS:57349133023
SN - 3540888071
SN - 9783540888079
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 58
EP - 72
BT - Rule Representation, Interchange and Reasoning on the Web - International Symposium, RuleML 2008, Proceedings
T2 - International Symposium on Rule Representation, Interchange and Reasoning on the Web, RuleML 2008
Y2 - 30 October 2008 through 31 October 2008
ER -