Date Added: Apr 2011
Process-aware information systems sup-port the execution of business processes. In this con-text, organizations require the precise specification of security policies that govern the behavior of subjects in the systems. Obligation policies specify duties to be fulfilled by certain subjects. In organizational contexts, duties are often associated with a certain task in a business process. In this paper, the authors further elaborate two UML2 extensions which provide modeling support for roles, tasks, and duties in a business process context. In particular, they introduce the notion of mutual exclusion and binding constraints for duties in process-related RBAC models. Furthermore, they formally define respective consistency checks for design-time and run-time models.