SPCC: a security policy compliance checker plug-in for YAWL Online publication date: Wed, 04-Jul-2018
by Khalid Alissa; Jason Reid; Ed Dawson
International Journal of Business Process Integration and Management (IJBPIM), Vol. 9, No. 1, 2018
Abstract: YAWL provides a complete workflow system. It uses its own formal language to define the process model, which can then be translated by the YAWL engine into a working workflow system. The current structure of YAWL allows the process modeller to assign users/roles to perform tasks, but these assignments may not be in compliance with the organisation's authorisation policy. Violating the authorisation policy might lead to significant security risks. This paper introduces SPCC: an authorisation policy compliance checker for YAWL. SPCC is designed to help the process modeller to make sure the role-task assignments are in compliance with the organisation's authorisation policy. The paper describes the implementation of SPCC as a plug-in for YAWL.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Business Process Integration and Management (IJBPIM):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook