The Proviado Access Control Model for Business Process Monitoring Components

Abstract

Integrated process support is highly desirable in environments where data related to a particular business process are scattered over distributed, heterogeneous information systems. A business process monitoring component is a much-needed module in order to provide an integrated view on all these process data. Regarding process visualisation and process data integration, access control (AC) issues are very important but also quite complex to be addressed. A major problem arises from the fact that the involved information systems are usually based on heterogeneous AC components. For several reasons, the only feasible way to tackle the problem of AC at the process monitoring level is to define access rights for the process monitoring component, hence getting rid of the burden to map access rights from the information system level. This paper presents the Proviado process visualisation framework and discusses requirements for AC in process monitoring, which we derived from our case studies in the automotive domain. It then presents alternative approaches for AC: the view-based and the object-based approach. The latter is retained, and a core AC model is proposed for the definition of access rights that meet the derived requirements. AC mechanisms provided within the core model are key ingredients for the definition of model extensions.