%0 Journal Article
%T EVALUATING TOOLS FOR EXECUTION AND MANAGEMENT OF AUTHORIZATION BUSINESS RULES EVALUATING TOOLS FOR EXECUTION AND MANAGEMENT OF AUTHORIZATION BUSINESS RULES
%A Leonardo Guerreiro Azevedo
%A Diego Alexandre Aranha Duarte
%A Fernanda Baiˋo
%A Claudia Cappelli
%J Revista Eletrˋnica de Sistemas de Informaˋˋo
%D 2010
%I Facecla
%R 10.5329/resi.2010.0902009
%X Information security is an essential subject for commercial and government organizations, and its deployment should be supported by software tools, both at design time (when authorization business rules are planned and designed) and at run time (when authorization business rules are applied and monitored). An authorization business rule (or authorization rules, for short) is a rule that states which operations may be executed on each data item by each user. Therefore, information security supporting tools should include features for editing, managing, and assuring the application and monitoring of authorization rules. These features may be structured in a framework composed by rule management and rule execution components. In real scenarios, evaluating and selecting tools to support organization business processes is typically handled by prospecting activities that are conducted in an ad-hoc way, and therefore are very time-consuming and hard to track. However, the rapid evolution of business scenarios, the increasing demand for traceability in business-IT alignment and the great number of IT solutions available for being evaluated require prospecting activities to be more systematic, traceable and quickly adapted to different scenarios. This work proposes a set of criteria and a systematic method for evaluating tools for management and execution of authorization rules. We have applied our approach in a real scenario. The results demonstrated that BRMS (Business Rule Management Systems) tools can be used for authorization rule management, and Oracle DBMS is the most suitable tool for authorization rules storage and execution. Seguran a da informa  o 谷 um t車pico essencial para organiza  es privadas e governamentais, e sua disponibiliza  o deve ser apoiada por ferramentas de software, tanto em tempo de projeto (quando regras de neg車cio de autoriza  o s o planejadas e projetadas) como em tempo de execu  o (quando regras de neg車cio de autoriza  o s o aplicadas e monitoradas). Uma regra de neg車cio de autoriza  o (ou regra de autoriza  o, de forma resumida) 谷 uma regra que afirma quais opera  es podem ser executadas em cada item de dado por cada usu芍rio. Portanto, ferramentas para apoiar a seguran a da informa  o devem incluir caracter赤sticas como edi  o, gest o, e garantir a aplica  o e monitoramento de regras de autoriza  o. Estas caracter赤sticas podem ser estruturadas em um framework composto por componentes de gest o e execu  o de regras. Em cen芍rios reais, avaliar e selecionar ferramentas para apoiar processos de neg車cio da organiza  o 谷 em geral tratado
%K business rules
%K authorization rules
%K business rule management systems
%K IT enterprise architecture
%K tool evaluation.
%U http://revistas.facecla.com.br/index.php/reinfo/article/view/798