{"title":"概念化一种基于责任的方法,用于详细说明和验证符合CobiT框架需求的RBAC策略","authors":"C. Feltus, E. Dubois, Michaël Petit","doi":"10.1109/RELAW.2010.5625355","DOIUrl":null,"url":null,"abstract":"The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.","PeriodicalId":222393,"journal":{"name":"2010 Third International Workshop on Requirements Engineering and Law","volume":"251 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Conceptualizing a responsibility based approach for elaborating and verifying RBAC policies conforming with CobiT framework requirements\",\"authors\":\"C. Feltus, E. Dubois, Michaël Petit\",\"doi\":\"10.1109/RELAW.2010.5625355\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.\",\"PeriodicalId\":222393,\"journal\":{\"name\":\"2010 Third International Workshop on Requirements Engineering and Law\",\"volume\":\"251 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-11-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Third International Workshop on Requirements Engineering and Law\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RELAW.2010.5625355\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Third International Workshop on Requirements Engineering and Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RELAW.2010.5625355","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Conceptualizing a responsibility based approach for elaborating and verifying RBAC policies conforming with CobiT framework requirements
The objective of this paper is to present the first results toward the definition of a two steps approach for aligning business level requirements issued from corporate framework such as CobiT down to technical policies such as the access rights modeled by RBAC. To achieve that, our approach is based on the concept of employees' responsibility. Using this concept is motivated by the importance and the omnipresence of the responsibility all along the company frameworks, from the CEO responsibilities such as in the financial sector as defined by Sarbanes-Oxley Act down to the responsibility at the operation layer such as the one of a trader who must follow stock quotes for private banking. The approach is illustrated based on an example, which highlights how access rights are assigned to employees having responsibilities defined at the CobiT framework layer.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
