enhancing the archimate® standard with a responsibility modeling language for access rights...

Enhancing the ArchiMate® Standard with a

Responsibility Modeling Language for Access Rights

Management

Christophe Feltus, Eric Dubois, Erik Proper

Iver Band, Michaël Petit

[email protected]

5th International Conference on Security of Information and Networks (SIN 2012)

22-27 October 2012, Jaipur, India

Plan of the presentation

ArchiMate and access rights

Responsibility modelling

Integration of Responsibility in ArchiMate

Access rights management implemented with EAM

Case study in Hospital

ArchiMate metamodel and the access rights

16/06/2014 5th International Conference on Security of

Information and Networks (SIN 2012) 3

• ArchiMate metamodel

• ArchiMate allows engineering the

access right management and

this management may be

represented by ArchiMate

• But we have seen in practice that

providing access right to

business role, in small

companies, is not enough

precise. Connection between

business role and permission is

in practice not automatically true.

(1) Analyze and model the

responsibility.

(2) Integrate the responsibility

in ArchiMate

Responsibility analyze and model



The responsibility is a charge assigned to an

employee to signify his accountabilities

concerning a business task, and the right

and capacity required to perform those

accountabilities.

The accountability represents the obligation of

what have to be done concerning a

business task and the justification that it is

done to someone else, under threat of

sanction

The capability represents the qualities, the skills

or the resources intrinsic to the employee

and required to perform accountability.

The right represents the resources provided by

the company to the employee and required

to perform accountability.

The assignment is the action of linking an agent

to a responsibility. Delegation process is the

transfer of an agent’s responsibility

assignment to another agent.

Integrate the responsibility in ArchiMate

16/06/2014 5

Integration of 2 metamodels [Petit]

3 steps approach:

1. Preparation for integration

2. Investigation and definition of

the correspondences

3. Integration of both models

[Petit] M. Petit. Some methodological clues for defining

a unified enterprise modelling language. ICEIMT '01,

pages 359-369, Deventer, The Netherlands, 2003

2. The business role and the

business process/function

/interaction

3. The business object and the

business process/function

/interaction

The integration has allowed

improving the connection

between:

1. The business actor and the

business role

Access right management modelling

with ArchiMate

access right management (RBAC model) is a

process that may also be modelled with EAM

Implementing RBAC using ArchiMate

previous work

16/06/2014 7

Previous work [Band]

1. The data object Users

corresponds to the

Business Actor

2. The data object Roles

Corresponds to the

Business Role

3. The data object

Permissions

corresponds to the

access to data object

[Band] I. Band, Modeling RBAC with SABSA, TOGAF and

ArchiMate, Creating a Foundation for Understanding and

Action, Open Group Conference, Austin, Texas, 2011

7

Business

Actor

Business

object

Business

Role

Business

process /

function /

interaction

Business Role =

(RBAC) Role at the

application layer

Implementing RBAC-Responsibility in ArchiMate



Based on our Responsibility metamodel,

we have 2 possible assignments:

(1) Business actor to responsibility

(2) Business actor to Business role

At the application layer, the 3 business

concepts are represented through

application objects

To manage the assignment of access rights

to business actor, we also consider the

employees’ responsibilities and we

define a permission object at the

application layer.

Access rights with ArchiMate/Responsibility



At the application layer, 3 application

objects are created:

- “Business role” application object

- “Business actor” application object

- “Responsibility” application object

And 4 application functions:

- Compose Bus.Roles with Respons.

- Assign Bus.Actors to Bus.Roles

- Assign Bus.Actors to Respons.

- Assign Permissions to Respons.

Optimization of the assignment



In practice: large amount of

permissions to roles assignment

At this application layer, in order to

optimize the access right

management, we have introduced:

• an application Role data object

• 2 application functions.

CASE STUDY AT THE HOSPITAL

Context of the case study One of the main Luxembourg hospitals,

more than 2000 employees,

600 beds,

27000 patients in 2011

+ high security requirements such as the confidentiality

Specialized in : serious pathologies, emergency and intensive care.

Problem: No formal alignment between:

- the application layer where employees are provisioned with access rights

- the business layer where business roles are assigned to the employees

Objective of the case study is to illustrate:

(1) the integrated ArchiMate with Responsibility at the business layer,

and

(2) the enhancement of the provisioning of access rights to the employees.



What we have done

The case study is illustrated with the reception department from the hospital.

The case study has been conducted between January 2011 and January 2012, to

the rhythm of one meeting a month.

During those meetings, the following persons have participated:

• the Application support manager,

• the Reception department manager and

• the Competences manager.

The steps of the case study are the following :

1. Analyse of the Business roles

2. Analyse of the Application roles

3. Analyse of the Responsibilities



Business roles

Employees are categorized based on their roles defined in the Job description

The job descriptions describe the tasks to be performed by a role, as well as the

necessary knowledge required to be assigned to this role.

The job descriptions, however, do not specify the access rights required on

professional software

An organization chart for the reception department structures the activities into

eight Business sub-roles:

SR1: Receptionist at the municipal hospital.

SR2: Receptionist at the pediatric clinic and the maternity

SR3: Phone reception

SR4: Info desk

SR5: Human resources management

SR6: Department management

SR7: Room operator

SR8: Outsourced guardian

16/06/2014 15

5th International Conference on Security of

Information and Networks (SIN 2012)

Business roles

For instance :

The job description of the receptionist sub-role formalizes the five main

activities to be performed by this role:

- Welcome and inform the patient,

- Perform the various technical and administrative tasks,

• encode and control the data relating to the admission of ambulatory

or hospital patients,

• print and give the admission form to the patients,

• manage daily access to the parking,

• receive deposits,

• issue invoices,

- Contribute to the enhancement and evolution of professional practices,

- Train and mentor new employees,

- Train and supervise trainees.

16/06/2014 16 5th International Conference on Security of


Application roles ? Software architecture • Vertical software are applications

which are used by well defined and

well specified healthcare

businesses.

Eg.:

• management of the

laboratory,

• endoscopy software,

• management of the polyclinic.

• Transversal software are those

used together by all healthcare

businesses. Eg.: the dispatching of

the laboratory's results or the

medical imaging.

16/06/2014 Enhancing the ArchiMate® Standard with a Responsibility

Modeling Language for Access Rights Management 17

Application roles Software architecture

• With the ERP, the access right

management is realized using

AuthorityObject.

• AuthorityObject is composed of zone(s)

from 1 to n based on what authority

check is performed.

• Practically, AuthorityObject

corresponds to ERP transactions and

for each transaction, a set of

authorizations are defined such as

create, modify, delete, view historic,

and so forth.

16/06/2014 18

≈ ERP transaction

≈ Application role



Application roles Software architecture

5 Functional_roles are:

1. Patient's basic data encoding, that means Add or create, modify, display,

delete patient's basic data and entry, transfer or leaving data related to the

patient

2. Entry, transfer or leaving patient's data encoding

3. Management of the beds status at the hospital

4. Medical delivery encoding

5. Patient invoices creation and modification

1 Reference_user (REFRECEP) sum of Functional_roles 1 3



ID Responsibility Required Access Right Compose Sub-

Roles

1 Perform the entry record Add or create, modify, display, delete patient’s basic data

and entry, transfer, or leave data related to the patient

SR1, SR2, SR5

2 Perform the transfer management Display entry, transfer or leave data related to the patient

and all rights related to the statistic software

SR1,SR2, SR5

3 Perform the beds status

management

All rights related to the beds status management SR1,SR2, SR5

4 Perform equipment ordering All rights related to the equipment ordering software SR8

5 Perform the medical encoding for

billing

All right related to the medical delivery encoding SR2

6 Perform the creation and de

modification of patient invoices

(billing)

All rights related to the patient invoices creation and

modification

SR2

7 Inform about the beds status Display rights related to the beds status SR1, SR2, SR3,

SR4

8 Perform the realization of work

plans

Read and write access to the Excel file: Timetable planning SR5

9 Perform the control of the monthly

worksheets


10 Perform the management of HR

indicators: Overtime, Days off,

Hours of recovery


11 Perform the management of the

room

Read access related to the room agenda in Groupwise multi-

users

SR7

12 Perform the verification of the

infrastructure

Write access to the reporting software SR8

13 Fix defective infrastructure All rights related to equipment ordering software SR8

14 Perform the management of the

receptionists

All the rights provided to the sub-roles SR1, SR2, SR3, SR4,

SR5, SR7 and SR8

SR6

15 Inform about the doctor on duty Rights to read the doctors on duty planning SR3

16 Perform the statistical analysis to

follow up the daily business

All rights related to the statistical software SR5, SR7

Responsibility to sub_Role to access rights

Existing mapping:

Application roles to Business sub_Role

SR1: REFRECEP, all rights related to equipment ordering software

SR2: REFRECEP, medical delivery encoding, patient invoices creation and

modification, all rights related to equipment ordering software

SR3: REFRECEP, all rights related to equipment ordering software, right to read the

planning of doctors on duty



modification, all rights related to equipment ordering software, read and write

access to the Excel file: Timetable planning

SR6: All rights provided to the other sub-roles

SR7: Read access related to the room agenda in GroupWise multi-users, read access

to the ticketing tool.

SR8: Write access to the reporting software, all rights related to equipment ordering

software
















software

Existing mapping:















software

16/06/2014 22

SR1, SR2, SR5 do not have to perform equipment ordering, although they

have the right to do it.



Existing mapping:















software

16/06/2014 23

SR1, SR2, SR5 do not have to perform equipment ordering, although they

have the right to do it.

SR3 and SR4 have too many rights.

The employees assigned to the Phone reception and Infodesk role are

authorized to add or create, modify, display, delete patient's basic data

and entry, transfer, or leaving data related to the patient, although they do

not require these rights.

They possess all rights related to the beds status management, although,

only some of them are required to display information related to the beds

status.



CONCLUSIONS

Conclusions

16/06/2014 Presentation Tudor 25

Two objectves :

(1) Analyze and model what the responsibility is.

(2) Integrate the responsibility in ArchiMate

Results:

Case studies:

• Using responsibility allows a finer assignment of rights to the employees

• Check the alignment between the Business Role and the Application Role

Future Works/complementary validations:

Applicability with other EAM ECA

Business/IT alinment Access

right

management

enhancing the archimate® standard with a responsibility modeling language for access rights...

Documents

archimate responsibility

business role access

business task

archimate metamodel

presentation archimate

archimate standard

archimate previous work

hospital archimate metamodel