6 Sigrid Schefer, Mark Strembecka) Process model <strong>in</strong>clud<strong>in</strong>g Bus<strong>in</strong>essActions, <strong>Duties</strong>, <strong>and</strong> Compensation ActionsCredit application processReassign Duty[Time constra<strong>in</strong>texpired]Checkapplication <strong>for</strong>mcreditapplication[Formok][else]Check creditworth<strong>in</strong>essBDuty: Check applicantrat<strong>in</strong>g[Checkpassed][else]NegotiatecontractBDuty: Fulfill precontractualdutiescontractcontractApprovecontractBDuty: Review f<strong>in</strong>alcontract[else]Rejectapplication[approved]CreditapplicationBankClerkR{t...t+3}Checkapplicant rat<strong>in</strong>gCA: Reassign DutyDSM. MeyerTask: Check credit worth<strong>in</strong>ess,Negotiate contract,Approve contractDuty: Check applicant rat<strong>in</strong>g,Fulfill precontractual duties,Review f<strong>in</strong>al contractb) Detailed modelof a Dutyc) Responsibility<strong>and</strong> delegationSJ. SmithSummerIntern DRTask: Check credit worth<strong>in</strong>essDuty: Check applicant rat<strong>in</strong>gFig. 2: Extended credit application processcompleted with<strong>in</strong> three time units (e.g. days) after the correspond<strong>in</strong>g Bus<strong>in</strong>ess-Action has been started. Otherwise, the Compensation Action Reassign Duty isexecuted.The responsibility <strong>for</strong> the <strong>Duties</strong> is illustrated <strong>in</strong> Figure 2c) show<strong>in</strong>g the RoleBankClerk which is assigned to the three Bus<strong>in</strong>essActions <strong>and</strong> the associated <strong>Duties</strong>def<strong>in</strong>ed <strong>in</strong> the credit application process. Thus, a Subject assigned to theBankClerk role is responsible <strong>for</strong> per<strong>for</strong>m<strong>in</strong>g these <strong>Duties</strong> <strong>and</strong> related Bus<strong>in</strong>essActions.In this example, the Subject M. Meyer is assigned to the BankClerkrole <strong>and</strong> there<strong>for</strong>e also needs to discharge the associated <strong>Duties</strong>. M. Meyer decidesto delegate her Duty Check applicant rat<strong>in</strong>g to her summer <strong>in</strong>tern J. Smith.For this purpose, she creates a permanent DelegationRole SummerIntern <strong>and</strong>assigns the Duty to the DelegationRole. Subsequently, she assigns the SubjectJ. Smith to her DelegationRole SummerIntern. J. Smith is now authorized <strong>and</strong>responsible <strong>for</strong> discharg<strong>in</strong>g the Duty Check applicant rat<strong>in</strong>g when per<strong>for</strong>m<strong>in</strong>g theBus<strong>in</strong>essAction Check credit worth<strong>in</strong>ess, until either the Duty is revoked fromthe DelegationRole or he loses his assignment to the DelegationRole.4 Related WorkTo the best of our knowledge, this work represents the first attempt to addressdelegation of duties from a bus<strong>in</strong>ess process model<strong>in</strong>g context. Other approachesusually concentrate on the model<strong>in</strong>g of authorization constra<strong>in</strong>ts. As each dutyholder also needs sufficient authority to per<strong>for</strong>m the assigned duties [13, 15],
<strong>Model<strong>in</strong>g</strong> <strong>Support</strong> <strong>for</strong> <strong>Delegat<strong>in</strong>g</strong> <strong>Roles</strong>, <strong>Tasks</strong>, <strong>and</strong> <strong>Duties</strong> 7our approach complements exist<strong>in</strong>g approaches. In recent years, there has beenmuch work on various aspects of delegation (see, e.g., [2, 19, 20]), especially <strong>in</strong>a bus<strong>in</strong>ess process context. In [1], the notion of delegation is extended to allow<strong>for</strong> conditional delegation. Different types of constra<strong>in</strong>ts, such as authorizationconstra<strong>in</strong>ts, are addressed <strong>in</strong> the context of delegation. The effects of some delegationoperations on three workflow execution models are described <strong>in</strong> [7]. In [5],the satisfiability problem of workflows while support<strong>in</strong>g user delegation mechanismsis addressed. Moreover, duties/obligations may also be subject to delegation.However, the delegation of duties has received little attention <strong>in</strong> literatureso far, although it has been identified as important phenomenon, e.g., <strong>in</strong> [4],where different ways of delegat<strong>in</strong>g obligations are discussed. In [13], some issues<strong>for</strong> delegation of obligations are considered, ma<strong>in</strong>ly address<strong>in</strong>g the reasons <strong>for</strong>delegat<strong>in</strong>g obligations <strong>and</strong> the balance between authorizations <strong>and</strong> obligations.5 ConclusionOur UML2 extension can help organizations to <strong>in</strong>tegrate the specification ofprocesses <strong>and</strong> related access control, obligation, <strong>and</strong> delegation policies. An <strong>in</strong>tegratedmodel<strong>in</strong>g approach yields a number of advantages, such as support<strong>in</strong>ga proper mapp<strong>in</strong>g of models to software systems, facilitat<strong>in</strong>g communication betweendifferent stakeholders, mak<strong>in</strong>g responsibility <strong>for</strong> tasks <strong>and</strong> duties explicit,<strong>and</strong> detect<strong>in</strong>g task- or duty-related conflicts. Moreover, it allows <strong>for</strong> trac<strong>in</strong>g policyrules to the (regulatory) reasons they exist <strong>and</strong> to trace them to the softwarecomponents that have to ensure their monitor<strong>in</strong>g <strong>and</strong> en<strong>for</strong>cement. This facilitatesthe report<strong>in</strong>g on a company’s fulfillment of compliance requirements. Wechose to def<strong>in</strong>e an extension to the UML2 st<strong>and</strong>ard to enable a complete <strong>and</strong>correct mapp<strong>in</strong>g between policies, models, <strong>and</strong> the respective software system.This mapp<strong>in</strong>g assures consistency between model<strong>in</strong>g-level specifications <strong>and</strong> thesoftware system en<strong>for</strong>c<strong>in</strong>g respective policies <strong>and</strong> process <strong>in</strong>stances.References1. V. Atluri <strong>and</strong> J. Warner. <strong>Support</strong><strong>in</strong>g conditional delegation <strong>in</strong> secure workflowmanagement systems. In Proceed<strong>in</strong>gs of the tenth ACM symposium on Accesscontrol models <strong>and</strong> technologies (SACMAT), 2005.2. E. Barka <strong>and</strong> R. S<strong>and</strong>hu. A Role-Based Delegation Model <strong>and</strong> Some Extensions. InProceed<strong>in</strong>gs of the 23rd National In<strong>for</strong>mation Systems Security Conference (NIS-SEC), 2000.3. E. Barka <strong>and</strong> R. S<strong>and</strong>hu. Framework <strong>for</strong> Role-Based Delegation Models. In Proceed<strong>in</strong>gsof the 16th Annual Computer Security Applications Conference, 2000.4. J. Cole, J. Derrick, Z. Milosevic, <strong>and</strong> K. Raymond. Author Obliged to SubmitPaper be<strong>for</strong>e 4 July: Policies <strong>in</strong> an Enterprise Specification. In Proceed<strong>in</strong>gs of theInternational Workshop on Policies <strong>for</strong> Distributed Systems <strong>and</strong> Networks (POL-ICY), 2001.