Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation
Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology (IT) and enterprises operations. Dozens of different models of access control have been proposed. A...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Riga Technical University Press
2016-07-01
|
| Series: | Complex Systems Informatics and Modeling Quarterly |
| Subjects: | |
| Online Access: | https://csimq-journals.rtu.lv/article/view/1398 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849305372366471168 |
|---|---|
| author | Matus Korman Robert Lagerström Mathias Ekstedt |
| author_facet | Matus Korman Robert Lagerström Mathias Ekstedt |
| author_sort | Matus Korman |
| collection | DOAJ |
| description | Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology (IT) and enterprises operations. Dozens of different models of access control have been proposed. Although Enterprise Architecture as the discipline strives to support the management of IT, support for modeling access policies in enterprises is often lacking, both in terms of supporting the variety of individual models of access control nowadays used, and in terms of providing a unified ontology capable of flexibly expressing access policies for all or the most of the models. This study summarizes a number of existing models of access control, proposes a unified metamodel mapped to ArchiMate, and illustrates its use on a selection of example scenarios and two business cases. |
| format | Article |
| id | doaj-art-058babd2ece14e1b998c7460de00a0d0 |
| institution | Kabale University |
| issn | 2255-9922 |
| language | English |
| publishDate | 2016-07-01 |
| publisher | Riga Technical University Press |
| record_format | Article |
| series | Complex Systems Informatics and Modeling Quarterly |
| spelling | doaj-art-058babd2ece14e1b998c7460de00a0d02025-08-20T03:55:28ZengRiga Technical University PressComplex Systems Informatics and Modeling Quarterly2255-99222016-07-010712410.7250/csimq.2016-7.01811Modeling Enterprise Authorization: A Unified Metamodel and Initial ValidationMatus Korman0Robert Lagerström1Mathias Ekstedt2Software Systems Architecture and Security Research Group, Department of Electric Power and Energy Systems, Royal Institute of Technology, Osquldas väg 10 100 44, StockholmSoftware Systems Architecture and Security Research Group, Department of Electric Power and Energy Systems, Royal Institute of Technology, Osquldas väg 10 100 44, StockholmSoftware Systems Architecture and Security Research Group, Department of Electric Power and Energy Systems, Royal Institute of Technology, Osquldas väg 10 100 44, StockholmAuthorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology (IT) and enterprises operations. Dozens of different models of access control have been proposed. Although Enterprise Architecture as the discipline strives to support the management of IT, support for modeling access policies in enterprises is often lacking, both in terms of supporting the variety of individual models of access control nowadays used, and in terms of providing a unified ontology capable of flexibly expressing access policies for all or the most of the models. This study summarizes a number of existing models of access control, proposes a unified metamodel mapped to ArchiMate, and illustrates its use on a selection of example scenarios and two business cases.https://csimq-journals.rtu.lv/article/view/1398Access controlauthorizationenterprise architectureEA modeling |
| spellingShingle | Matus Korman Robert Lagerström Mathias Ekstedt Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation Complex Systems Informatics and Modeling Quarterly Access control authorization enterprise architecture EA modeling |
| title | Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation |
| title_full | Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation |
| title_fullStr | Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation |
| title_full_unstemmed | Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation |
| title_short | Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation |
| title_sort | modeling enterprise authorization a unified metamodel and initial validation |
| topic | Access control authorization enterprise architecture EA modeling |
| url | https://csimq-journals.rtu.lv/article/view/1398 |
| work_keys_str_mv | AT matuskorman modelingenterpriseauthorizationaunifiedmetamodelandinitialvalidation AT robertlagerstrom modelingenterpriseauthorizationaunifiedmetamodelandinitialvalidation AT mathiasekstedt modelingenterpriseauthorizationaunifiedmetamodelandinitialvalidation |