Top Banner

of 26

RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

Jun 03, 2018

Download

Documents

christophe feltus
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    1/26

    Conceptualizing a Responsibility based Approach for

    Elaborating and Verifying RBAC Policies Conforming

    with CobiT Framework Requirements

    Christophe Feltus, Eric Dubois, Michal Petit

    Third International Workshop on Requirements Engineering and Law

    (RELAW 10) - September 28th2010

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    2/26

    Motivation

    The concept of role Business role

    Application role

    Governance requirements

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    3/26

    Motivation

    Our approach The method that we target is a 2 steps approach

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    4/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    5/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    6/26

    Presentation of the Responsibility meta-

    model

    Elaboration of the model Employee, right, obligation, commitment and behavior

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    7/26

    Presentation of the Responsibility meta-

    model

    Elaboration of the model Employee, right, obligation, commitment and behavior

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    8/26

    Concept of obligation/accountability

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    9/26

    Concept of right

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    10/26

    Assignment/delegation process

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    11/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    12/26

    Building the responsibilities

    Responsibility in CobiT are represented using a RACIchart

    AI6:Manage Change

    160 possibilities

    Same rights and obligations to all employees ?

    Need more precisions

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    13/26

    Collect of tasks

    Responsibilities from CobiT

    Instantiation with CobiT informations :

    4 responsibilities, business role (from RACI) and tasks (partially)

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    14/26

    Responsibilities to tasks association

    From CobiT:

    From ITIL:

    From the company:

    is the employee who gets the action done

    is the employee, who provides direction and

    authorizes an action

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    15/26

    Rights to tasks association

    From CobiT:

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    16/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    17/26

    Role Based Access Control To simplify the management of granting permissions to

    users

    3 main elements :

    User, Role and Permission

    2 main functions :

    User-role

    assignment (URA)

    Permission-role

    assignment (PRA)

    RBAC :

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    18/26

    Mapping responsibility to RBAC role

    Business role from Cobit = RBAC concept of role ? No, because :

    Cobit Role (or Business role): an employee assigned to that role

    is not obligatory assigned responsible for all the task of therole.

    RBAC Role (or Application role): an employee assigned to that

    role gets all the permissions needed by that role.

    If Business role = applictaion role, some employees receives to

    much permissions.

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    19/26

    Mapping responsibility to RBAC role

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    20/26

    Mapping responsibility to RBAC role

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    21/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    22/26

    Example of assignment process

    Task : Prioritizing changes That task corresponds to one responsibility of being

    responsible of activityAssess impact and prioritizing changes

    Following RACI chart : that activity is assigned to the

    business roles : BPO, PMO, Head operation, Head development

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    23/26

    Example of assignment process

    Suppose Bob one BPO identified by the CobiT manager

    RBAC adminsitrator may assigned for that task:

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    24/26

    Outlines

    Presentation of the Responsibility meta-model Mapping with CobiT

    Mapping with RBAC

    Example of assignment process

    Conclusions and future works

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    25/26

    Conclusions and future works

    Business needs for a better alignement of the employeesresponsibility from the management frameworks down to

    the technical rules

    Our approach is to use the responibility as a pivite between

    high layer requirements down to techical rules. Step 1: Responsibility building :

    Business Role, Activities, Tasks, and Rights Responsibilities

    Step 2 : Responsibility assignment :

    Responsibilities, Employees, CommitmentApplication roles assigned to users

  • 8/12/2019 RELAW 2010 _ Conceptualizing a Responsibility Based Approach for Elaborating and Verifying RBAC Policies Conforming With CobiT Framework Requirements

    26/26

    Thank you ! Questions ?


Related Documents
K8s rbac-sso

K8s rbac-sso

Category: Technology
- RBAC - An Amateur Attempt

- RBAC - An Amateur Attempt

Category: Documents
Elaborating on Economic Diversification in Sustainable ...

Elaborating on Economic Diversification in Sustainable ...

Category: Documents
RBAC n° 154.pdf

RBAC n° 154.pdf

Category: Documents
NPR RBAC 61 11/9/2020 NPR: RBAC nº 61 - LICENÇAS ...€¦ · NPR: RBAC nº 61 - LICENÇAS, HABILITAÇÕES E CERTIFICADOS PARA PILOTOS – EMENDA 14 RBAC nº 61 Emenda 13 RBAC nº

NPR RBAC 61 11/9/2020 NPR: RBAC nº 61 - LICENÇAS...

Category: Documents
RBAC Framework Introduction

RBAC Framework Introduction

Category: Documents
RBAC vol 53-4 2021.indb - Revista RBAC

RBAC vol 53-4 2021.indb - Revista RBAC

Category: Documents
Nova RBAC - 43_02 - Miolo

Nova RBAC - 43_02 - Miolo

Category: Documents
Segundo nível - mundogeoconnect.com · REGULAMENTOS BRASILEIROS DE AVIAÇÃO CIVIL (RBAC) RBAC 01 - Definições, regras de redação e unidades de medida; RBAC 11 - Procedimentos

Segundo nível - mundogeoconnect.com · REGULAMENTOS...

Category: Documents
RH + Administration of RBAC - profsandhu.com · 1 Administration of RBAC ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Fall 2005 RBAC 3:

RH + Administration of RBAC - profsandhu.com · 1...

Category: Documents
Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC)

Category: Documents
RBAC 117 - Aeronautas

RBAC 117 - Aeronautas

Category: Documents