Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation

Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology and  enterprises operations. Dozens of different models of access control have been proposed. Altho...

Full description

Saved in:
Bibliographic Details
Published inComplex systems informatics and modeling quarterly no. 7; pp. 1 - 24
Main Authors Korman, Matus, Lagerström, Robert, Ekstedt, Mathias
Format Journal Article
LanguageEnglish
Published Riga Technical University 29.07.2016
Subjects
Access control
authorization
EA modeling
Electrical Engineering
Elektro- och systemteknik
enterprise architecture
Online AccessGet full text

Cover

More Information
Summary:Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology and  enterprises operations. Dozens of different models of access control have been proposed. Although Enterprise Architecture as the discipline strives to support the management of IT, support for modeling access policies in enterprises is often lacking, both in terms of supporting the variety of individual models of access control nowadays used, and in terms of providing a unified ontology capable of flexibly expressing access policies for all or the most of the models.This study summarizes a number of existing models of access control, proposes an unified metamodel mapped to ArchiMate, and illustrates its use on a selection of example scenarios and two cases.
ISSN:2255-9922
2255-9922
DOI:10.7250/csimq.2016-7.01