全部 标题 作者
关键词 摘要

OALib Journal期刊
ISSN: 2333-9721
费用:99美元

查看量下载量

相关文章

更多...

EVALUATING TOOLS FOR EXECUTION AND MANAGEMENT OF AUTHORIZATION BUSINESS RULES EVALUATING TOOLS FOR EXECUTION AND MANAGEMENT OF AUTHORIZATION BUSINESS RULES

DOI: 10.5329/resi.2010.0902009

Keywords: business rules , authorization rules , business rule management systems , IT enterprise architecture , tool evaluation.

Full-Text   Cite this paper   Add to My Lib

Abstract:

Information security is an essential subject for commercial and government organizations, and its deployment should be supported by software tools, both at design time (when authorization business rules are planned and designed) and at run time (when authorization business rules are applied and monitored). An authorization business rule (or authorization rules, for short) is a rule that states which operations may be executed on each data item by each user. Therefore, information security supporting tools should include features for editing, managing, and assuring the application and monitoring of authorization rules. These features may be structured in a framework composed by rule management and rule execution components. In real scenarios, evaluating and selecting tools to support organization business processes is typically handled by prospecting activities that are conducted in an ad-hoc way, and therefore are very time-consuming and hard to track. However, the rapid evolution of business scenarios, the increasing demand for traceability in business-IT alignment and the great number of IT solutions available for being evaluated require prospecting activities to be more systematic, traceable and quickly adapted to different scenarios. This work proposes a set of criteria and a systematic method for evaluating tools for management and execution of authorization rules. We have applied our approach in a real scenario. The results demonstrated that BRMS (Business Rule Management Systems) tools can be used for authorization rule management, and Oracle DBMS is the most suitable tool for authorization rules storage and execution. Seguran a da informa o é um tópico essencial para organiza es privadas e governamentais, e sua disponibiliza o deve ser apoiada por ferramentas de software, tanto em tempo de projeto (quando regras de negócio de autoriza o s o planejadas e projetadas) como em tempo de execu o (quando regras de negócio de autoriza o s o aplicadas e monitoradas). Uma regra de negócio de autoriza o (ou regra de autoriza o, de forma resumida) é uma regra que afirma quais opera es podem ser executadas em cada item de dado por cada usuário. Portanto, ferramentas para apoiar a seguran a da informa o devem incluir características como edi o, gest o, e garantir a aplica o e monitoramento de regras de autoriza o. Estas características podem ser estruturadas em um framework composto por componentes de gest o e execu o de regras. Em cenários reais, avaliar e selecionar ferramentas para apoiar processos de negócio da organiza o é em geral tratado

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133