A rule-based framework using role patterns for business process compliance

Akhil Kumar, Rong Liu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

15 Scopus citations

Abstract

In view of recent business scandals that prompted the Sarbanes-Oxley legislation, there is a greater need for businesses to develop systematic approaches to designing business processes that comply with organizational policies. Moreover, it should be possible to express the policy and relate it to a given process in a descriptive or declarative manner. In this paper we propose role patterns, and show how they can be associated with generic task categories and processes in order to meet standard requirements of internal control principles in businesses. We also show how the patterns can be implemented using built-in constraints in a logic-based language like Prolog. While the role patterns are general, this approach is flexible and extensible because user-defined constraints can also be asserted in order to introduce additional requirements as dictated by business policy. The paper also discusses control requirements of business processes, and explores the interactions between role based access control (RBAC) mechanisms and workflows.

Original languageEnglish
Title of host publicationRule Representation, Interchange and Reasoning on the Web - International Symposium, RuleML 2008, Proceedings
Pages58-72
Number of pages15
DOIs
StatePublished - 2008
EventInternational Symposium on Rule Representation, Interchange and Reasoning on the Web, RuleML 2008 - Orlando, FL, United States
Duration: 30 Oct 200831 Oct 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5321 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Symposium on Rule Representation, Interchange and Reasoning on the Web, RuleML 2008
Country/TerritoryUnited States
CityOrlando, FL
Period30/10/0831/10/08

Keywords

  • Compliant business process
  • Constraints
  • Control policies
  • Declarative approach
  • Generic role patterns
  • Internal control
  • Rules
  • Sarbanes-oxley
  • Separation of duty
  • Task categories

Fingerprint

Dive into the research topics of 'A rule-based framework using role patterns for business process compliance'. Together they form a unique fingerprint.

Cite this