The invention relates to a method and system which provides access control and access control enforcement particularly in relation to business process data streams. Embodiments of the invention provide a method and a set of components (referred to as: Policy Administration Point, Policy Enforcement Point, Filter Updater, Log De-Multiplexer) for fast online filtering of process logs based on access rights. In one embodiment the method comprises a series of steps to (i) encode each user's access rights to the process log in a machine readable format (ii) use such encoding together with incoming process events to compute a custom online filter to be applied to the process log as it is being recorded (iii) execute logical log de-multiplexing, enabling each user to query, inspect and monitor a separate event flow. In specific embodiments, the four components are virtual devices, respectively in charge of policy encoding (Policy Administration Point), policy evaluation and enforcement (Policy Enforcement Point), computation of an online filter with enforcement of log integrity constraints (Filter Updater), and generation of virtual event flows and support for policy changes and rights' revocations (Log De-Multiplexer).
METHOD AND DEVICES FOR ACCESS CONTROL / M. Colombo, M. Leida, E. Damiani.
METHOD AND DEVICES FOR ACCESS CONTROL
E. Damiani
2015
Abstract
The invention relates to a method and system which provides access control and access control enforcement particularly in relation to business process data streams. Embodiments of the invention provide a method and a set of components (referred to as: Policy Administration Point, Policy Enforcement Point, Filter Updater, Log De-Multiplexer) for fast online filtering of process logs based on access rights. In one embodiment the method comprises a series of steps to (i) encode each user's access rights to the process log in a machine readable format (ii) use such encoding together with incoming process events to compute a custom online filter to be applied to the process log as it is being recorded (iii) execute logical log de-multiplexing, enabling each user to query, inspect and monitor a separate event flow. In specific embodiments, the four components are virtual devices, respectively in charge of policy encoding (Policy Administration Point), policy evaluation and enforcement (Policy Enforcement Point), computation of an online filter with enforcement of log integrity constraints (Filter Updater), and generation of virtual event flows and support for policy changes and rights' revocations (Log De-Multiplexer).Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.