University of Twente Student Theses

Login

Claims-based working: access to business activities

Shao, Herman (2010) Claims-based working: access to business activities.

[img] PDF
1MB
Abstract:In today’s dynamic business environment the success of an organization depends on its ability to react to various changes, like shifts in the attitudes of customers or the introduction of new laws. Changes in the business environment can have an impact on the business processes of an organization. The business processes will have to be able to cope with changes and unpredicted situations. Business processes can be seen as a collection of activities which are ordered in a particular fashion to achieve the goal of the business process. Imperative business processes explicitly state how activities are linked to each other. Thus every possible scenario is explicitly modeled in imperative business processes. Declarative business processes on the other hand describe the scenarios which are not allowed. The activities of a business process are not explicitly linked to each other. The flow through the business process is regulated by business rules. Many declarative business processes use action rules to determine the flow. Action rules determine which activities must (not) be carried out. When changes occur in a business process resulting in an addition or removal of an activity, these action rules have to be changed accordingly. We propose a way of organizing business processes which uses business rules which do not directly refer to activities. Instead we propose to put data constraints on the individual activities. The constraints that apply to an activity determine what input data an activity requires. In order to determine if an activity is allowed to be performed certain information is needed. The business process solutions we looked at state what kind of data needs to be available, but not where to get this data from. Some data might not be available to the parties directly involved in the business process. A mechanism is proposed that can retrieve that data. We will call our method of organizing business processes Claims Based Working. The goal of this research is to develop a reference architecture for Claims Based Working and to validate it using a demonstrator. The framework is roughly composed of two parts. The first part is concerned with the way business processes have to be organized and the second part is concerned with gathering information which is used in activities. In traditional workflows every activity is linked to another activity. This is modeled as a line in a workflow diagram. We want to remove those links between the activities and use constraints to determine when an activity is allowed to be performed. From a security point of view this can be seen as a form or access control. Access to an activity is granted or denied based on the constraints which apply to that activity. Activities have to be performed by entities which have to be authorized somehow to do so. There are a number of mechanisms which to authorize entities to activities.. We looked at a number of access control mechanisms and formulated an Access Control Meta‐model that we use in Claims Based Working. In our reference framework we combined the Access Control Meta‐model with our view on declarative business processes to form Business Activity Access Control (BAAC). In order to make a decision whether or not an activity is allowed to start the constraints concerning the activity are needed and also information about the terms that occur in the constraints. We use the Claims gathering mechanism of Claims Based Access Control to gather information which is necessary to make an access control decision. By combining the concepts of gathering decision making information using Claims with BAAC Claims Based Working is formed. To validate our reference architecture a demonstrator for Claims Based Working was made. The basic components of the demonstrator are:  a component which manages the business processes (Decorum), vii  a component which evaluates business rules,  a component which is able to generate a list of business rules for each request,  and a component which is able to deliver information which is required to evaluate the business rules. Two scenarios were used to validate Claims Based Working. The first scenario shows that it is possible to implicitly create a flow through a process by using constraints based on data requirements. The second scenario shows that using Claims certain decision making information can be gathered that otherwise was not available. Our research has shown that it is possible to create declarative business processes by using data based constraints. The added value of using these constraints is that activities can be added or replaced without changing the constraints that apply to other activities. The added value of Claim Based Working is that is provides an alternative view on organizing business processes. Claims Based Working enables business processes to be more dynamic. Business processes are easier to adapt, because the constraints for each business activity does not have explicit relations with other activities. Business activities can be added or removed without disrupting the constraints of the other activities. The declarativeness of Claims Based Working gives the users of the business process more freedom to work according their own insight. The constraints of the activities set the boundaries in which the users can operate. Using Claims has a number of benefits. The first is that the user of the system can partly decide where the Claims are gathered from. A second benefit is that the gathered Claims are authenticated. The system can assume that the Claims are truthful. A third benefit is that information can be gathered with is unknown by the system and by the user. If the type of Claim is known and the Identity Provider is able to deliver that type of Claim, information can be gathered which was otherwise unavailable to the user and the system. There are a number of limitations to the research done in this thesis. The scenarios used to validate Claims Based Working were “made up” and possibility to simple compared to existing business processes. Additional validation can be done using existing business processes with a relatively high number of activities. Another limitation concerns the constraint model that is used. In the current model of CBW only access constraints of business activities are specified. Additional research is needed to explore the usability of other constraints, like constraints on the post conditions of an activity and possibly constraints during the execution of an activity. Using Claims information can be gathered that can be used to make decision whether or not an activity is allowed to start. There are some limitations with the used mechanism. Claims cannot be used to gather all the decision making information. Some information can be provided by the user and other information is generated by the process itself. The information coming from these sources cannot be gathered using claims, therefore it is an important additional mechanism to gather information, but it is not the only mechanism that has to be used to gather information.
Item Type:Essay (Master)
Clients:
TNO ICT
Faculty:BMS: Behavioural, Management and Social Sciences
Subject:85 business administration, organizational science
Programme:Business Information Technology MSc (60025)
Link to this item:https://purl.utwente.nl/essays/59915
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page