Enabling Fine-grained Access Control in Flexible Distributed Object-aware Process Management Systems

Universität Ulm

Presentation at the 21st IEEE Int'l Enterprise Distributed Object Computing Conference (EDOC 2017);

Kevin Andrews, Quebec City, Canada, 12 October 2017, 3:00 PM

To increase flexibility, object-aware process management systems enable data-driven process execution and dynamic generation of form-based tasks at run-time. Therefore, a powerful access control concept becomes necessary to define which data elements users may read or write at a given point in time during process execution. The access control concept we present in this paper has been realized in the context of the PHILharmonicFlows framework, which provides a distributed data-driven process execution engine. We present solutions that allow for complex as well as fine-grained permissions and roles, which are granted depending on the states of processes and data elements. We show how one can resolve authorization queries in real-time over multiple business objects and process instances. This constitutes a significant advantage over centralized access control systems.

Regard the corresponding publication available at: