SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management

8/16/2019 SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management

1/25

Enhancing the ArchiMate® Standard with aResponsibility Modeling Language for Access Rights

Management

Christophe Feltus, Eric Dubois, Erik ProperIver Band, Michaël Petit

[email protected]

5 th International Conference on Security of Information and Networks (SIN 2012)22-27 October 2012, Jaipur, India


2/25

Plan of the presentation

ArchiMate and access rights

Responsibility modelling

Integration of Responsibility in ArchiMate

Access rights management implemented with EAM

Case study in Hospital


3/25

ArchiMate metamodel and the access rights

16/06/2014 5th International Conference on Security of

Information and Networks (SIN 2012)3

• ArchiMate metamodel

• ArchiMate allows engineering theaccess right management andthis management may berepresented by ArchiMate

• But we have seen in practice that

providing access right tobusiness role, in smallcompanies, is not enoughprecise. Connection betweenbusiness role and permission isin practice not automatically true.

(1) Analyze and model theresponsibility.

(2) Integrate the responsibilityin ArchiMate


4/25

Responsibility analyze and model



The responsibility is a charge assigned to anemployee to signify his accountabilitiesconcerning a business task, and the rightand capacity required to perform thoseaccountabilities.

The accountability represents the obligation ofwhat have to be done concerning abusiness task and the justification that it is

done to someone else, under threat ofsanction

The capability represents the qualities, the skillsor the resources intrinsic to the employeeand required to perform accountability.

The right represents the resources provided bythe company to the employee and requiredto perform accountability.

The assignment is the action of linking an agentto a responsibility. Delegation process is thetransfer of an agent’s responsibilityassignment to another agent .


5/25

Integrate the responsibility in ArchiMate

16/06/2014 5

Integration of 2 metamodels [Petit]3 steps approach:

1. Preparation for integration2. Investigation and definition ofthe correspondences3. Integration of both models

[Petit] M. Petit. Some methodological clues for defining

a unified enterprise modelling language. ICEIMT '01,pages 359-369, Deventer, The Netherlands, 2003

2. The business role and the

business process/function /interaction

3. The business object and thebusiness process/function

/interaction

The integration has allowedimproving the connectionbetween:

1. The business actor and thebusiness role


6/25

Access right management modellingwith ArchiMate

access right management (RBAC model) is a

process that may also be modelled with EAM


7/25

Implementing RBAC using ArchiMate previous work

16/06/2014 7

Previous work [Band]1. The data object Userscorresponds to theBusiness Actor

2. The data object RolesCorresponds to theBusiness Role3. The data objectPermissionscorresponds to the

access to data object

[Band] I. Band, Modeling RBAC with SABSA, TOGAF and ArchiMate, Creating a Foundation for Understanding and Action, Open Group Conference, Austin, Texas, 2011

7

Business ActorBusiness

object

Business

Role

Businessprocess /function /

interaction

Business Role =(RBAC) Role at the

application layer


8/25

Implementing RBAC-Responsibility in ArchiMate



Based on our Responsibility metamodel,

we have 2 possible assignments:(1) Business actor to responsibility(2) Business actor to Business role

At the application layer, the 3 businessconcepts are represented through

application objects

To manage the assignment of access rightsto business actor, we also consider theemployees’ responsibilities and wedefine a permission object at the

application layer.


9/25

Access rights with ArchiMate/Responsibility



At the application layer, 3 applicationobjects are created:- “Business role” application object - “Business actor” application object - “Responsibility” application object

And 4 application functions:- Compose Bus.Roles with Respons.

- Assign Bus.Actors to Bus.Roles- Assign Bus.Actors to Respons.- Assign Permissions to Respons.


10/25

Access rights with ArchiMate/Responsibility



At the application layer, 3 applicationobjects are created:- “Business role” application object - “Business actor” application object - “Responsibility” application object

And 4 application functions:- Compose Bus.Roles with Respons.

- Assign Bus.Actors to Bus.Roles- Assign Bus.Actors to Respons.- Assign Permissions to Respons.


11/25

Optimization of the assignment



In practice: large amount ofpermissions to roles assignment

At this application layer, in order tooptimize the access rightmanagement, we have introduced:

• an application Role data object• 2 application functions.


12/25

CASE STUDY AT THE HOSPITAL


13/25

Context of the case studyOne of the main Luxembourg hospitals,more than 2000 employees,

600 beds,27000 patients in 2011+ high security requirements such as the confidentiality

Specialized in : serious pathologies, emergency and intensive care.

Problem: No formal alignment between:- the application layer where employees are provisioned with access rights- the business layer where business roles are assigned to the employees

Objective of the case study is to illustrate:

(1) the integrated ArchiMate with Responsibility at the business layer,and(2) the enhancement of the provisioning of access rights to the employees.




14/25

What we have done

The case study is illustrated with the reception department from the hospital.

The case study has been conducted between January 2011 and January 2012, tothe rhythm of one meeting a month.

During those meetings, the following persons have participated:•

the Application support manager,• the Reception department manager and• the Competences manager.

The steps of the case study are the following :1. Analyse of the Business roles2. Analyse of the Application roles3. Analyse of the Responsibilities




15/25

Business rolesEmployees are categorized based on their roles defined in the Job description

The job descriptions describe the tasks to be performed by a role, as well as thenecessary knowledge required to be assigned to this role.

The job descriptions, however, do not specify the access rights required onprofessional software

An organization chart for the reception department structures the activities intoeight Business sub-roles:

SR1: Receptionist at the municipal hospital.SR2: Receptionist at the pediatric clinic and the maternitySR3: Phone reception

SR4: Info deskSR5: Human resources managementSR6: Department managementSR7: Room operatorSR8: Outsourced guardian


Information and Networks (SIN 2012)


16/25

Business roles

For instance :

The job description of the receptionist sub-role formalizes the five mainactivities to be performed by this role:

- Welcome and inform the patient,- Perform the various technical and administrative tasks,

• encode and control the data relating to the admission of ambulatoryor hospital patients,

• print and give the admission form to the patients,• manage daily access to the parking,• receive deposits,• issue invoices,

- Contribute to the enhancement and evolution of professional practices,- Train and mentor new employees,- Train and supervise trainees.


Information and Networks (SIN 2012)


17/25

Application roles ?Software architecture

• Vertical software are applicationswhich are used by well defined andwell specified healthcarebusinesses.

Eg.:• management of the

laboratory,• endoscopy software,• management of the polyclinic .

• Transversal software are thoseused together by all healthcarebusinesses. Eg.: the dispatching ofthe laboratory's results or themedical imaging.

16/06/2014 Enhancing the ArchiMate® Standard with a ResponsibilityModeling Language for Access Rights Management

17


18/25

Application rolesSoftware architecture

• With the ERP, the access rightmanagement is realized usingAuthor i tyObjec t .

• Author i tyObjec t is composed of zone(s)from 1 to n based on what authority

check is performed.

• Practically, Author i tyObjec t corresponds to ERP transactions andfor each transaction, a set ofauthorizations are defined such as

create, modify, delete, view historic,and so forth.

16/06/2014 18

≈ ERP transaction

≈ Application role

5 th International Conference on Security ofInformation and Networks (SIN 2012)


19/25

Application rolesSoftware architecture

5 Func t ional_roles are:

1. Patient's basic data encoding, that means Add or create, modify, display,delete patient's basic data and entry, transfer or leaving data related to thepatient

2. Entry, transfer or leaving patient's data encoding

3. Management of the beds status at the hospital4. Medical delivery encoding5. Patient invoices creation and modification

1 Reference_us er (REFRECEP) sum of Funct ional_roles 1 3

16/06/2014 195 th International Conference on Security ofInformation and Networks (SIN 2012)


20/25

ID Responsibility Required Access Right Compose Sub-Roles

1 Perform the entry record Add or create, modify, display, delete patient’s basic dataand entry, transfer, or leave data related to the patient

SR1, SR2, SR5

2 Perform the transfer management Display entry, transfer or leave data related to the patientand all rights related to the statistic software

SR1,SR2, SR5

3 Perform the beds statusmanagement

All rights related to the beds status management SR1,SR2, SR5

4 Perform equipment ordering All rights related to the equipment ordering software SR8 5 Perform the medical encoding for

billing All right related to the medical delivery encoding SR2

6 Perform the creation and demodification of patient invoices(billing)

All rights related to the patient invoices creation andmodification

SR2

7 Inform about the beds status Display rights related to the beds status SR1, SR2, SR3,SR4

8 Perform the realization of workplans

Read and write access to the Excel file: Timetable planning SR5

9 Perform the control of the monthlyworksheets


10 Perform the management of HRindicators: Overtime, Days off,Hours of recovery


11 Perform the management of theroom

Read access related to the room agenda in Groupwise multi-users

SR7

12 Perform the verification of theinfrastructure

Write access to the reporting software SR8

13 Fix defective infrastructure All rights related to equipment ordering software SR8 14 Perform the management of the

receptionists All the rights provided to the sub-roles SR1, SR2, SR3, SR4,SR5, SR7 and SR8

SR6

15 Inform about the doctor on duty Rights to read the doctors on duty planning SR3 16 Perform the statistical analysis to

follow up the daily business All rights related to the statistical software SR5, SR7

Responsibility to sub_Role to access rights


21/25

Existing mapping:Application roles to Business sub_RoleSR1: REFRECEP , all rights related to equipment ordering softwareSR2: REFRECEP , medical delivery encoding, patient invoices creation and

modification, all rights related to equipment ordering softwareSR3: REFRECEP , all rights related to equipment ordering software, right to read the

planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5: REFRECEP , medical delivery encoding, patient invoices creation and

modification, all rights related to equipment ordering software, read and writeaccess to the Excel file: Timetable planning

SR6: All rights provided to the other sub-rolesSR7: Read access related to the room agenda in GroupWise multi-users, read access

to the ticketing tool.SR8: Write access to the reporting software, all rights related to equipment ordering

software

16/06/2014 215 th International Conference on Security ofInformation and Networks (SIN 2012)


22/25

SR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and


planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and




software

Existing mapping:Application roles to Business sub_RoleSR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and


planning of doctors on dutySR4: REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and




software

16/06/2014 22

SR1, SR2, SR5 do not have to perform equipment ordering, although theyhave the right to do it.



23/25

Existing mapping:Application roles to Business sub_RoleSR1 : REFRECEP , all rights related to equipment ordering softwareSR2 : REFRECEP , medical delivery encoding, patient invoices creation and

modification, all rights related to equipment ordering softwareSR3 : REFRECEP , all rights related to equipment ordering software, right to read the

planning of doctors on dutySR4 : REFRECEP , all rights related to equipment ordering softwareSR5 : REFRECEP , medical delivery encoding, patient invoices creation and




software

16/06/2014 23

SR1, SR2, SR5 do not have to perform equipment ordering, although theyhave the right to do it.

SR3 and SR4 have too many rights.

The employees assigned to the Phone reception and Infodesk role areauthorized to add or create, modify, display, delete patient's basic data

and entry, transfer, or leaving data related to the patient, although they donot require these rights.

They possess all rights related to the beds status management, although,only some of them are required to display information related to the bedsstatus.



24/25

CONCLUSIONS


25/25

Conclusions

16/06/2014 Presentation Tudor 25

Two objectves :(1) Analyze and model what the responsibility is.(2) Integrate the responsibility in ArchiMate

Results:

Case studies:• Using responsibility allows a finer assignment of rights to the employees• Check the alignment between the Business Role and the Application Role

Future Works/complementary validations:Applicability with other EAM ECA

Business/IT alinmentAccess

rightmanagement

Documents

SINCONF 2012 _ Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for Access Rights Management