Patrick Gaubatz scite author profile

Patrick Gaubatz

5Publications

41Citation Statements Received

281Citation Statements Given

How they've been cited

How they cite others

200

276

Affiliations

University of Vienna

Publications

Order By: Most citations

An integrated approach for identity and access management in a SOA context

Hummer

Gaubatz

Strembeck

et al. 2011

View full text Add to dashboard Cite

In this paper, we present an approach for identity and access management (IAM) in the context of (cross-organizational) serviceoriented architectures (SOA). In particular, we defined a domainspecific language (DSL) for role-based access control (RBAC) that allows for the definition of IAM policies for SOAs. For the application in a SOA context, our DSL environment automatically produces WS-BPEL (Business Process Execution Language for Web services) specifications from the RBAC models defined in our DSL. We use the WS-BPEL extension mechanism to annotate parts of the process definition with directives concerning the IAM policies. At deployment time, the WS-BPEL process is instrumented with special activities which are executed at runtime to ensure its compliance to the IAM policies. The algorithm that produces extended WS-BPEL specifications from DSL models is described in detail. Thereby, policies defined via our DSL are automatically mapped to the implementation level of a SOA-based business process. This way, the DSL decouples domain experts' concerns from the technical details of IAM policy specification and enforcement. Our approach thus enables (non-technical) domain experts, such as physicians or hospital clerks, to participate in defining and maintaining IAM policies in a SOA context. Based on a prototype implementation we also discuss several performance aspects of our approach.

show abstract

Enforcement of entailment constraints in distributed service-based business processes

Hummer

Gaubatz

Strembeck

et al. 2013

Information and Software Technology

View full text Add to dashboard Cite

ContextA distributed business process is executed in a distributed computing environment. The service-oriented architecture (SOA) paradigm is a popular option for the integration of software services and execution of distributed business processes. Entailment constraints, such as mutual exclusion and binding constraints, are important means to control process execution. Mutually exclusive tasks result from the division of powerful rights and responsibilities to prevent fraud and abuse. In contrast, binding constraints define that a subject who performed one task must also perform the corresponding bound task(s).ObjectiveWe aim to provide a model-driven approach for the specification and enforcement of task-based entailment constraints in distributed service-based business processes.MethodBased on a generic metamodel, we define a domain-specific language (DSL) that maps the different modeling-level artifacts to the implementation-level. The DSL integrates elements from role-based access control (RBAC) with the tasks that are performed in a business process. Process definitions are annotated using the DSL, and our software platform uses automated model transformations to produce executable WS-BPEL specifications which enforce the entailment constraints. We evaluate the impact of constraint enforcement on runtime performance for five selected service-based processes from existing literature.ResultsOur evaluation demonstrates that the approach correctly enforces task-based entailment constraints at runtime. The performance experiments illustrate that the runtime enforcement operates with an overhead that scales well up to the order of several ten thousand logged invocations. Using our DSL annotations, the user-defined process definition remains declarative and clean of security enforcement code.ConclusionOur approach decouples the concerns of (non-technical) domain experts from technical details of entailment constraint enforcement. The developed framework integrates seamlessly with WS-BPEL and the Web services technology stack. Our prototype implementation shows the feasibility of the approach, and the evaluation points to future work and further performance optimizations.

show abstract

Supporting entailment constraints in the context of collaborative web applications

Gaubatz

Zdun

2013

View full text Add to dashboard Cite

Collaborative Web applications allow several users to collaboratively work on the same artifact. In addition to popular use cases, such as collaborative text editing, they can also be used for formbased business applications that often require forms to be filled out by different stakeholders or stakeholder roles. In this context, the different stakeholders often need to fill in different parts of the forms. For example, in an e-health application a nurse might fill in the details and a doctor needs to sign them. Role-based access control and entailment constraints provide means for defining such restrictions. So far entailment constraint have mainly been studied in the context of workflow-based architectures, but not for collaborative Web applications. We present a generic approach for the specification and enforcement of entailment constraints in collaborative Web applications that supports their real-time nature and the non-prescriptive order in which tasks can be performed. Further, we discuss a model-driven implementation approach of our concepts and lessons learned and limitations.

show abstract

Two controlled experiments on model-based architectural decision making

Lytra

Gaubatz

Zdun

2015

Information and Software Technology

View full text Add to dashboard Cite

Automatic enforcement of constraints in real-time collaborative architectural decision making

Gaubatz

Lytra

Zdun

2015

Journal of Systems and Software

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Patrick Gaubatz

An integrated approach for identity and access management in a SOA context

Enforcement of entailment constraints in distributed service-based business processes

Supporting entailment constraints in the context of collaborative web applications

Two controlled experiments on model-based architectural decision making

Automatic enforcement of constraints in real-time collaborative architectural decision making

Contact Info

Product

Resources

About