Business Process Choreographer - Human Task Manager & Business Flow Manager
four eyes principle
Business Process Choreographer provides instance- and rule-based authorization for business processes and tasks enabling you to model sophisticated authorization scenarios based on process context, or the four-eyes principle: people are authenticated by WebSphere Application Server and then also authorized by Human Task Manager based on their user IDs. Be aware that authentication and authorization relies on WebSphere Application Server global security.
Architecture overview
1. Business Flow Manager navigates business processes. - WS-BPEL
2. Human Task Manager coordinates human interaction. - Web service
Authorization and staff resolution concepts
[b]Staff Verbs[/b] - The authorization rules are defined using so-called staff verbs (also known as people assignment criteria), which are authorization rule templates. Staff verbs are abstract authorization rules for a human task role that can be parameterized and bound to a specific staff repository during business process and human task modeling.
[b]Staff Queries[/b] - During deployment, the parameterized staff verbs are transformed into concrete staff queries (also known as people queries) that are specific to the staff repository used to perform the query.
[b]Staff Resolution[/b] - Querying a staff repository at run time for people, groups, and their attributes, to evaluate an authorization rule is called staff resolution (also known as people resolution).
[b]Staff Repository[/b] - A staff repository (also known as an enterprise, staff, or people directory) is the data store that actually contains the user and group information. The most popular staff repository is the LDAP directory, which is based on the standardized Lightweight Directory Access Protocol.
[b]Context Variables[/b] - Context variables are enclosed in percent signs.When staff query parameters contain context variables that are resolved at run time, authorization is then based on process and task instance data; therefore, even though authorization is based on the same rule, the data that determines authorization can be different for each instance of the business process or human task. Be aware that only inline human tasks have access to the process context.
[b]Work Items[/b] - Everybody, User, Group
[url]http://www.ibm.com/developerworks/websphere/techjournal/0710_lind/0710_lind.html[/url]
four eyes principle
Business Process Choreographer provides instance- and rule-based authorization for business processes and tasks enabling you to model sophisticated authorization scenarios based on process context, or the four-eyes principle: people are authenticated by WebSphere Application Server and then also authorized by Human Task Manager based on their user IDs. Be aware that authentication and authorization relies on WebSphere Application Server global security.
Architecture overview
1. Business Flow Manager navigates business processes. - WS-BPEL
2. Human Task Manager coordinates human interaction. - Web service
Authorization and staff resolution concepts
[b]Staff Verbs[/b] - The authorization rules are defined using so-called staff verbs (also known as people assignment criteria), which are authorization rule templates. Staff verbs are abstract authorization rules for a human task role that can be parameterized and bound to a specific staff repository during business process and human task modeling.
[b]Staff Queries[/b] - During deployment, the parameterized staff verbs are transformed into concrete staff queries (also known as people queries) that are specific to the staff repository used to perform the query.
[b]Staff Resolution[/b] - Querying a staff repository at run time for people, groups, and their attributes, to evaluate an authorization rule is called staff resolution (also known as people resolution).
[b]Staff Repository[/b] - A staff repository (also known as an enterprise, staff, or people directory) is the data store that actually contains the user and group information. The most popular staff repository is the LDAP directory, which is based on the standardized Lightweight Directory Access Protocol.
[b]Context Variables[/b] - Context variables are enclosed in percent signs.When staff query parameters contain context variables that are resolved at run time, authorization is then based on process and task instance data; therefore, even though authorization is based on the same rule, the data that determines authorization can be different for each instance of the business process or human task. Be aware that only inline human tasks have access to the process context.
[b]Work Items[/b] - Everybody, User, Group
[url]http://www.ibm.com/developerworks/websphere/techjournal/0710_lind/0710_lind.html[/url]
7864
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
