University of Udine
Despite the increasing maturity of contemporary Workflow Management Systems (WfMS), there still exist numerous process-aware application systems with more or less hard-coded process logic. This does not only cause high maintenance efforts (e.g. costly code adaptions), but also results in hard-coded rules for controlling the access to business processes, business functions, and business data. In particular, the assignment of users to process activities needs to be compliant with the rights granted for executing business functions and for accessing business data. A major reason for not using WfMS in a broader context is the in flexibility provided by their activity-centered paradigm, which also limits the access control strategies offered by them.