Vorgehensmodelle für die Rollenbasierte Autorisierung in Heterogenen Systemlandschaften

Abstract

The authors examine how an authorization architecture can be defined which spans various information systems and organizational units. After introducing authorization and architecture fundamentals, related work on authorization, architecture management and role definition is discussed. In particular regarding procedure models for authorization architecture design, these approaches are not very detailed. Moreover they are neither theoretically well-founded nor transparently derived from current industry practices. Therefore two actual industry practices are presented as case studies. By consolidating these practices with findings from current research, a starting point for an improved procedure model for authorization is proposed.