Hallé Sylvain, Khoury Raphaël, Betti Quentin, El-Hokayem Antoine et Falcone Yliès. (2017). Decentralized enforcement of document lifecycle constraints. Information Systems, p. 1-19.
Prévisualisation |
PDF
911kB |
URL officielle: http://dx.doi.org/doi.org/10.1016/j.is.2017.08.002
Résumé
Artifact-centric workflows describe possible executions of a business process through constraints expressed from the point of view of the documents exchanged between principals. A sequence of manipulations is deemed valid as long as every document in the workflow follows its prescribed lifecycle at all steps of the process. So far, establishing that a given workflow complies with artifact lifecycles has mostly been done through static verification, or by assuming a centralized access to all artifacts where these constraints can be monitored and enforced. We present in this paper an alternate method of enforcing document lifecycles that requires neither static verification nor single-point access. Rather, the document itself is designed to carry fragments of its history, protected from tampering using hashing and public-key encryption. Any principal involved in the process can verify at any time that the history of a document complies with a given lifecycle. Moreover, the proposed system also enforces access permissions: not all actions are visible to all principals, and one can only modify and verify what one is allowed to observe. These concepts have been implemented in a software library called Artichoke, and empirically tested for performance and scalability.
Type de document: | Article publié dans une revue avec comité d'évaluation |
---|---|
Pages: | p. 1-19 |
Version évaluée par les pairs: | Oui |
Date: | 2017 |
Sujets: | Sciences naturelles et génie Sciences naturelles et génie > Sciences mathématiques > Informatique |
Département, module, service et unité de recherche: | Départements et modules > Département d'informatique et de mathématique |
Mots-clés: | business artifact, business process, document lifecycle, lifecycle policy, UML statechart, Business Process Modelling Language, Linear Temporal Logic, finite-state automata, trace validation, policy enforcement, public-key encryption, hash functions, tamper-proof history, confidentiality, distributed enforcement, runtime monitoring, smart cards, Portable Document Format, Artichoke-X |
Déposé le: | 24 oct. 2017 00:22 |
---|---|
Dernière modification: | 09 févr. 2023 19:56 |
Éditer le document (administrateurs uniquement)