Enhancing the ArchiMate® Standard with a Responsibility Modeling Language for...Iver Band
In this paper, we describe an innovative approach for aligning the
business layer and the application layer of ArchiMate to ensure
that applications manage access rights consistently with enterprise
goals and risk tolerances. The alignment is realized by using the
responsibility of the employees, which we model using ReMoLa.
The main focus of the alignment targets the definition and the
assignment of the access rights needed by the employees
according to business specification. The approach is illustrated
and validated with a case study in a municipal hospital in
Luxembourg.
1) In 389 BC, barbaric Celtic tribes invaded the Roman Empire, looting and burning the city until paid ransom.
2) In 535 AD, the massive volcanic eruption of Krakatoa caused global climate catastrophe and stunted tree growth for years.
3) In 1532, 168 Spanish conquistadors led by Francisco Pizarro attacked and killed 7,000 Inca soldiers in Peru, conquering the vast Inca Empire with few casualties due to their technological advantages.
This document outlines the author Elly Sawicky's history including their hometown of Mission Viejo, California, travels to San Francisco, Kauai, Victoria, Lake Dillon and the Grand Canyon, their family consisting of their mother Kathy, father Richard, sister Hannah and brother Luke, education at Capistrano Valley High School and Saddleback College, job as a shift supervisor at Starbucks, and favorite things such as their dogs, being in the sun, the beach, hot chocolate, and Italian food.
Headway Chemicals presents its range of fire protection and sealing products for the construction industry. It distributes products from NPT Italy, including one-part polyurethane sealants for joints in concrete and buildings. It also offers polyurethane foam, passive fire protection products, and intumescent fire stopping materials like sealants, mortars, coatings, and putty. Headway has a 20-year production history, fully equipped laboratories for product development and testing, and distributes globally through partnerships like the one with NPT Italy.
This short document promotes fat loss and provides a link to more information, suggesting that fat loss does not have to be hard but is important for one's health. It encourages the reader to check out the link now and not wait to learn more about how simple fat loss can be for them.
The document lists various automobile models from 1900 to 1937, including brands such as Berliet, National, Cadillac, Ford, Packard, Rolls Royce, Locomobile, Simplex Crane, Isotta Fraschini, Minerva, McFarlan, Bentley, Stutz, Duesenberg, Cord, Willys-Knight, Mercedes Benz, Chrysler, Ford, Lagonda, and others. The models range from touring cars, roadsters, sedans, limousines, and convertibles. The listing includes both vintage and classic automobiles from early in the 20th century.
The document provides an overview of how search engines like Google work. It explains that search engines use web crawlers or spiders to index websites by following links and reading content and metadata. The spiders return this information to be indexed. When a user searches, the search engine checks its index rather than searching the entire web. Google in particular runs on thousands of computers to allow parallel processing. It uses Googlebot to fetch pages from the web and an indexer to store words and links from pages in a database. It then uses a query processor to match searches to relevant indexed pages based on factors like page popularity, position of search terms, and how pages link to each other.
"Outsourcing and globalization have numerous benefits, but they have a significant downside—the proliferation of counterfeits and sales through unauthorized channels."
The document discusses different types of sales approaches. It contrasts the traditional "vendor centric" approach where salespeople try to sell products to customers with a "customer centric" approach. The customer centric approach focuses on understanding customer needs and problems, allowing customers to define their own selection criteria and make their own decisions about whether and what to purchase based on evaluating alternatives themselves. The document advocates that sales processes should be adaptive to customers rather than manipulative.
The document provides an overview of Arduino labs and training. It discusses that Arduino is low-cost, easy to use, and open-source. The initial labs focus on basics like blinking LEDs and serial communication. Later labs introduce more complex devices and integrating multiple devices. The training covers basic programming, communication between devices, and creating real-life applications. Materials required include an Arduino board, computer, power supply and cables. Installation involves downloading the Arduino software and selecting the correct board and port.
This document describes an Arduino lab experiment to generate an SOS signal using LED blinks of different durations. It defines a pin for the LED, sets it as an output, and uses a for loop in the main loop function to blink the LED three times at 100ms intervals and three times at 300ms intervals to create the Morse code pattern for SOS. This pattern would be recognized as an SOS signal, most commonly associated with distress signals heard on radios and televisions for many years. The document provides contact information for the author to ask additional questions.
Impact of counterfeits on electronics companiesNEW Momentum
Outsourcing and globalization have numerous benefits, but there is a downside—the proliferation of counterfeits and sales through unauthorized channels. This paper demonstrates the impact of counterfeits on electronics companies and gives solutions for finding the violators as well as a four-step roadmap for recovering revenue lost to counterfeits.
The document summarizes that TBD Enterprises is committed to being a partner to customers and helping them succeed by providing the highest quality and cost-effective automation solutions and services. It presents TBD as offering complete solutions for robotic and non-robotic automation needs across various industries and processes, as well as related services from engineering to shipping. Customers are encouraged to contact TBD to have their production processes or products reviewed for potential optimizations.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
This document proposes a metamodel for modeling reputation-based multi-agent systems using an adaptation of the ArchiMate enterprise architecture modeling framework. It describes a case study applying this metamodel to model an electrical distribution critical infrastructure system. Key elements of the metamodel include:
- Representing agents and their behaviors through policies that integrate both behavior and trust components
- Modeling trust relationships between agents using a reputation-based trust model
- Illustrating the metamodel layers and components on a system that detects weather alerts and broadcasts messages to the public through various channels like SMS or social media
Generate rough cut capacity plan
Planner: Get planning parameters
Planning Parameters: Return planning parameters
Planner: Get product constraints
Product Constraints: Return constraints
Planner: Generate rough cut capacity plan
Planner: Send rough cut capacity plan to assistant
Assistant: Acknowledge receipt of rough cut capacity plan
Planner: Inform business partner of rough cut capacity plan
Business
Priorities
Priority 1: Improve forecast accuracy
Priority 2: Reduce inventory levels
Priority 3: Shorten order fulfillment lead time
The Role of the Enterprise Architect in Business Process ReengineeringRichard Freggi
Business Process Reengineering is often a challenging undertaking. This paper is a case study, sharing practical experience of how the enterprise architect can help in three ways:
• Provide a common language allowing different organizations, consultants and IT teams to communicate effectively
• Set the right level of abstraction to facilitate analysis and solution of complex questions
• Reconcile user’s wants and needs with the capabilities and constraints of IT systems
Reference is made to the Zachman Framework, especially the columns for “Data”, “Function” and “People”; and how these columns can be used to interact with stakeholders using UML (Unified Modeling Language).
The document discusses cloud computing models that could support the growing business needs of Falcon Security. It suggests that Falcon adopt cloud services like Amazon RDS for databases, Amazon S3 for storage, and Google Mail, Office 365, and Microsoft CRM online for software. The paper compares cloud computing to service-oriented architecture and discusses private, public, and hybrid cloud deployment models as well as platform as a service (PaaS), software as a service (SaaS), and service-oriented architecture (SOA).
Graph-Based Algorithm for a User-Aware SaaS Approach: Computing Optimal Distr...IJERA Editor
As a tool to exploit economies of scale, Software as a Service cloud models promote Multi-Tenancy which is the notion of sharing instances among a large group of tenants. However, Multi-Tenancy only satisfies requirements that are common to all tenants as well as the fact that tenants themselves hesitate about sharing. In a try to solve this problem, the present paper propose a User-Aware approach for Software as a Service models using Rich-Variant Components. The main contribution of this approach is a framework summarized in a graphbased algorithm enabling deduction of an optimal distribution of instances on application's tenants. To illustrate and evaluate the framework, the approach is applied on a Software as a Service Application for private school management
A Methodology For Large-Scale E-Business Project ManagementApril Smith
This document proposes an environment-based methodology for managing large-scale e-business projects. The methodology defines six working environments - development, integration, pre-production, production, demonstration, and software repository - that represent increasing stages of stability for a software product. It describes the tasks and migration processes between environments. The methodology aims to systematically guide e-business project management according to an organization's needs and resources.
Web Services-Enhanced Agile Modeling and Integrating Business ProcessesMustafa Salam
We propose a model-driven approach, based on Web services standards, for modeling and integrating agile business processes using Web services. The choice of focusing on Web services technology was not arbitrary. The large and broad adoption of this technology by enterprises will lead most business processes to be performed using Web services. Besides, the added value of Web services and their great interest to business process management are beyond doubt. Web services produce, on the one hand, loosely coupled applicative components.
On the other hand, they are the most widely used implementation technology of SOA (Service-Oriented Architecture), which is based on the large experiences of software and distributed component technologies. Being founded on the XML (eXtensible Markup Language) language, the SOAP (Simple Object Access Protocol) protocol and the UDDI (Universal Description Discovery and Integration) repository, this technology can be considered as an appropriate mean to ensure interoperability, data exchange and the publication and discovery of business processes when they can be implemented as Web services.
This document discusses concurrent development of formal models and software implementations in an evolutionary development process. It proposes using formal models, such as those written in B or Z, to support iterative software development approaches. The document describes benefits like animation and model-checking that formal models enable through tool support. It then presents two case studies on e-business applications where teams attempted to develop models and implementations concurrently and evolve them together. The case studies aimed to evaluate how well formal modeling techniques could be integrated into an evolutionary development process.
Process perspective is valuable, but far too much time is wasted in detailed process modelling with too little benefit. Presents an approach that delivers high benefits for less effort.
In the 1990s, many companies implemented packaged software solutions like SAP and Oracle ERP, but these systems were difficult to integrate. Each system stored redundant customer data, requiring manual updates when data changed. This led to inconsistent data across systems. To address this, companies sought to integrate their systems, giving rise to the field of enterprise application integration (EAI). EAI uses middleware to integrate disparate applications and data in a way that is flexible and isolates changes in one application from impacting others. Middleware provides generic interfaces that applications can use to communicate, replacing brittle point-to-point integration and improving manageability, scalability, and other benefits.
General Methodology for developing UML models from UIijwscjournal
The document presents a methodology for developing UML models from a user interface prototype. The methodology involves identifying user interface elements from the prototype, developing a flow diagram of the elements, creating an activity model, and developing a use case model. The methodology is demonstrated through a case study of developing UML models for the login page of the Amazon.com website. Key steps include identifying UI elements like workspaces and functions, creating a flow diagram to show the main and exception flows, developing an activity model of the login process, and specifying a use case for login and authentication.
General Methodology for developing UML models from UIijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may
be software development, mechanics, construction, psychology and so on. These demarcations work fine
as long as the requirements are within one discipline. However, if the project extends over several
disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature.
Predicting the performance of web services during early stages of software development is significant. In
Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for
predicting the performance from UML models is available. Hence, In this paper, a methodology for
developing Use Case model and Activity model from User Interface is presented. The methodology is
illustrated with a case study on Amazon.com
General Methodology for developing UML models from UIijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may
be software development, mechanics, construction, psychology and so on. These demarcations work fine
as long as the requirements are within one discipline. However, if the project extends over several
disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature.
Predicting the performance of web services during early stages of software development is significant. In
Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for
predicting the performance from UML models is available. Hence, In this paper, a methodology for
developing Use Case model and Activity model from User Interface is presented. The methodology is
illustrated with a case study on Amazon.com.
General Methodology for developing UML models from UI ijwscjournal
In recent past every discipline and every industry have their own methods of developing products. It may be software development, mechanics, construction, psychology and so on. These demarcations work fine as long as the requirements are within one discipline. However, if the project extends over several disciplines, interfaces have to be created and coordinated between the methods of these disciplines.
Performance is an important quality aspect of Web Services because of their distributed nature. Predicting the performance of web services during early stages of software development is significant. In Industry, Prototype of these applications is developed during analysis phase of Software Development Life
Cycle (SDLC). However, Performance models are generated from UML models. Methodologies for predicting the performance from UML models is available. Hence, In this paper, a methodology for developing Use Case model and Activity model from User Interface is presented. The methodology is illustrated with a case study on Amazon.com.
Similar to Enhancing the archimate® standard with a responsibility modeling language for access rights management (20)
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document discusses the NOEMI model, a collaborative management model for ICT processes in SMEs. The model was developed by the Centre Henri Tudor and tested with a cluster of 8 partner SMEs. Key aspects of the model include defining ICT activities across 5 domains, assessing each SME's capabilities, and having an operational team manage activities for the cluster under a coordination committee. The experiment showed improved cost control, management, and partner satisfaction compared to alternatives like outsourcing or hiring individual IT staff. The research is now ready for market transfer as the successful model is adopted long-term by participating SMEs.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
This document proposes a multi-agent architecture for incident reaction in information system security. The architecture has three layers - low level interacts directly with the infrastructure, intermediate level correlates alerts and deploys reaction actions using multi-agent systems, and high level provides supervision and manages business policies. The architecture was tested for data access control and aims to quickly and efficiently react to attacks while ensuring policy compliance. The document discusses requirements like scalability, autonomy, and global supervision. It also describes the key components of alert management, reaction decision making, and policy definition/deployment to implement the architecture using a multi-agent approach.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
More from Luxembourg Institute of Science and Technology (20)
This an presentation about electrostatic force. This topic is from class 8 Force and Pressure lesson from ncert . I think this might be helpful for you. In this presentation there are 4 content they are Introduction, types, examples and demonstration. The demonstration should be done by yourself
Molecular biology of abiotic stress tolerence in plantsrushitahakik1
### Molecular Biology of Abiotic Stress Tolerance in Plants
Abiotic stress refers to the non-living environmental factors that can cause significant harm to plants, including drought, salinity, extreme temperatures, heavy metals, and oxidative stress. Understanding the molecular biology underlying abiotic stress tolerance is crucial for developing crops that can withstand these conditions, ensuring food security in the face of climate change and environmental degradation. Here, we explore the key molecular mechanisms, pathways, and genetic strategies plants use to cope with abiotic stress.
#### 1. Signal Perception and Transduction
**1.1. Signal Perception:**
Plants possess various sensors and receptors to detect abiotic stress signals. For instance, membrane-bound receptors such as receptor-like kinases (RLKs) and ion channels play critical roles in sensing changes in environmental conditions.
**1.2. Signal Transduction Pathways:**
Upon sensing abiotic stress, plants activate complex signal transduction pathways that involve:
- **Calcium Signaling:** Changes in cytosolic calcium levels act as secondary messengers. Calcium-binding proteins, such as calmodulins (CaMs) and calcineurin B-like proteins (CBLs), decode these signals and activate downstream responses.
- **Reactive Oxygen Species (ROS) Signaling:** ROS are produced under stress and function as signaling molecules. Controlled ROS production is crucial for activating defense mechanisms, while excessive ROS can cause cellular damage.
- **Mitogen-Activated Protein Kinase (MAPK) Cascades:** These cascades amplify the stress signal and regulate the expression of stress-responsive genes.
#### 2. Transcriptional Regulation
**2.1. Transcription Factors (TFs):**
TFs are pivotal in regulating the expression of genes involved in stress responses. Key TF families include:
- **AP2/ERF (APETALA2/ETHYLENE RESPONSE FACTOR):** Involved in drought and salinity tolerance.
- **NAC (NAM, ATAF, and CUC):** Play roles in responding to dehydration and high salinity.
- **bZIP (Basic Leucine Zipper):** Associated with responses to various stresses, including drought and oxidative stress.
- **WRKY:** Participate in the regulation of genes involved in stress responses and pathogen defense.
**2.2. Epigenetic Regulation:**
Epigenetic modifications, such as DNA methylation, histone modifications, and chromatin remodeling, influence gene expression without altering the DNA sequence. These modifications can lead to the activation or repression of stress-responsive genes.
#### 3. Stress-Responsive Genes and Proteins
**3.1. Osmoprotectants:**
Plants accumulate osmoprotectants like proline, glycine betaine, and sugars (e.g., trehalose) to maintain cellular osmotic balance under stress conditions.
**3.2. Antioxidant Defense:**
To mitigate oxidative stress, plants enhance the production of antioxidants, such as superoxide dismutase (SOD), catalase (CAT), and peroxidases, which scavenge harmful ROS.
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
Probing the northern Kaapvaal craton root with mantle-derived xenocrysts from...James AH Campbell
"Probing the northern Kaapvaal craton root with mantle-derived xenocrysts from the Marsfontein orangeite diatreme, South Africa".
N.S. Ngwenya, S. Tappe, K.A. Smart, D.C. Hezel, J.A.H. Campbell, K.S. Viljoen
Possible Anthropogenic Contributions to the LAMP-observed Surficial Icy Regol...Sérgio Sacani
This work assesses the potential of midsized and large human landing systems to deliver water from their exhaust
plumes to cold traps within lunar polar craters. It has been estimated that a total of between 2 and 60 T of surficial
water was sensed by the Lunar Reconnaissance Orbiter Lyman Alpha Mapping Project on the floors of the larger
permanently shadowed south polar craters. This intrinsic surficial water sensed in the far-ultraviolet is thought to be
in the form of a 0.3%–2% icy regolith in the top few hundred nanometers of the surface. We find that the six past
Apollo Lunar Module midlatitude landings could contribute no more than 0.36 T of water mass to this existing,
intrinsic surficial water in permanently shadowed regions (PSRs). However, we find that the Starship landing
plume has the potential, in some cases, to deliver over 10 T of water to the PSRs, which is a substantial fraction
(possibly >20%) of the existing intrinsic surficial water mass. This anthropogenic contribution could possibly
overlay and mix with the naturally occurring icy regolith at the uppermost surface. A possible consequence is that
the origin of the intrinsic surficial icy regolith, which is still undetermined, could be lost as it mixes with the
extrinsic anthropogenic contribution. We suggest that existing and future orbital and landed assets be used to
examine the effect of polar landers on the cold traps within PSRs
Search for Dark Matter Ionization on the Night Side of Jupiter with CassiniSérgio Sacani
We present a new search for dark matter (DM) using planetary atmospheres. We point out that
annihilating DM in planets can produce ionizing radiation, which can lead to excess production of
ionospheric Hþ
3 . We apply this search strategy to the night side of Jupiter near the equator. The night side
has zero solar irradiation, and low latitudes are sufficiently far from ionizing auroras, leading to a lowbackground search. We use Cassini data on ionospheric Hþ
3 emission collected three hours either side of
Jovian midnight, during its flyby in 2000, and set novel constraints on the DM-nucleon scattering cross
section down to about 10−38 cm2. We also highlight that DM atmospheric ionization may be detected in
Jovian exoplanets using future high-precision measurements of planetary spectra.
Testing the Son of God Hypothesis (Jesus Christ)Robert Luk
Instead of answering the God hypothesis, we investigate the Son of God hypothesis. We developed our own methodology to deal with existential statements instead of universal statements unlike science. We discuss the existence of the supernaturals and found that there are strong evidence for it. Given that supernatural exists, we report on miracles investigated in the past related to the Son of God. A Bayesian methodology is used to calculate the combined degree of belief of the Son of God Hypothesis. We also report the testing of occurrences of words/numbers in the Bible to suggest the likelihood of some special numbers occurring, supporting the Son of God Hypothesis. We also have a table showing the past occurrences of miracles in hundred year periods for about 1000 years. Miracles that we have looked at include Shroud of Turin, Eucharistic Miracles, Marian Apparitions, Incorruptible Corpses, etc.
Dalghren, Thorne and Stebbins System of Classification of AngiospermsGurjant Singh
The Dahlgren, Thorne, and Stebbins system of classification is a modern method for categorizing angiosperms (flowering plants) based on phylogenetic relationships. Developed by botanists Rolf Dahlgren, Robert Thorne, and G. Ledyard Stebbins, this system emphasizes evolutionary relationships and incorporates extensive morphological and molecular data. It aims to provide a more accurate reflection of the genetic and evolutionary connections among angiosperm families and orders, facilitating a better understanding of plant diversity and evolution. This classification system is a valuable tool for botanists, researchers, and horticulturists in studying and organizing the vast diversity of flowering plants.
Deploying DAPHNE Computational Intelligence on EuroHPC Vega for Benchmarking ...University of Maribor
Slides from talk:
Aleš Zamuda, Mark Dokter:
Deploying DAPHNE Computational Intelligence on EuroHPC Vega for Benchmarking Randomised Optimisation Algorithms.
2024 International Conference on Broadband Communications for Next Generation Networks and Multimedia Applications (CoBCom), 9--11 July 2024, Graz, Austria
https://www.cobcom.tugraz.at/
A slightly oblate dark matter halo revealed by a retrograde precessing Galact...Sérgio Sacani
The shape of the dark matter (DM) halo is key to understanding the
hierarchical formation of the Galaxy. Despite extensive eforts in recent
decades, however, its shape remains a matter of debate, with suggestions
ranging from strongly oblate to prolate. Here, we present a new constraint
on its present shape by directly measuring the evolution of the Galactic
disk warp with time, as traced by accurate distance estimates and precise
age determinations for about 2,600 classical Cepheids. We show that the
Galactic warp is mildly precessing in a retrograde direction at a rate of
ω = −2.1 ± 0.5 (statistical) ± 0.6 (systematic) km s−1 kpc−1 for the outer disk
over the Galactocentric radius [7.5, 25] kpc, decreasing with radius. This
constrains the shape of the DM halo to be slightly oblate with a fattening
(minor axis to major axis ratio) in the range 0.84 ≤ qΦ ≤ 0.96. Given the
young nature of the disk warp traced by Cepheids (less than 200 Myr), our
approach directly measures the shape of the present-day DM halo. This
measurement, combined with other measurements from older tracers,
could provide vital constraints on the evolution of the DM halo and the
assembly history of the Galaxy.
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptximansiipandeyy
This presentation, "Introduction to Forensic Science," offers a basic understanding of forensic science, including its history, why it's needed, and its main goals. It covers how forensic science helps solve crimes and its importance in the justice system. By the end, you'll have a clear idea of what forensic science is and why it's essential.
A mature quasar at cosmic dawn revealed by JWST rest-frame infrared spectroscopySérgio Sacani
The rapid assembly of the first supermassive black holes is an enduring mystery. Until now, it was not known whether quasar ‘feeding’ structures (the ‘hot torus’) could assemble as fast as the smaller-scale quasar structures. We present JWST/MRS (rest-frame infrared) spectroscopic observations of the quasar J1120+0641 at z = 7.0848 (well within the epoch of reionization). The hot torus dust was clearly detected at λrest ≃ 1.3 μm, with a black-body temperature of
K, slightly elevated compared to similarly luminous quasars at lower redshifts. Importantly, the supermassive black hole mass of J1120+0641 based on the Hα line (accessible only with JWST), MBH = 1.52 ± 0.17 × 109 M⊙, is in good agreement with previous ground-based rest-frame ultraviolet Mg II measurements. Comparing the ratios of the Hα, Paα and Paβ emission lines to predictions from a simple one-phase Cloudy model, we find that they are consistent with originating from a common broad-line region with physical parameters that are consistent with lower-redshift quasars. Together, this implies that J1120+0641’s accretion structures must have assembled very quickly, as they appear fully ‘mature’ less than 760 Myr after the Big Bang.
2. business layer of ArchiMate, what allows us defining employee’s
responsibility. In section 4, we adapt the application layer of
ArchiMate to support the provisioning of access right according to
business specification. In the fifth section, we illustrate the whole
with a case study of a municipal hospital from Luxembourg for
concluding the paper.
2. MODELING RESPONSIBILITY
The elaboration of the responsibility meta-model (Figure 1) has
been performed based on a literature overview. As explained in
previous papers [1,2], we have, in the first place, analyzed how
responsibility is included in information technology professional
frameworks, in the field of requirements engineering and role
engineering, and in the field of access right with the review of
access control models. Afterwards, this literature overview has
been completed by a literature review in the field of Human
Sciences (psychology, sociology, and management).
Figure 1. ReMoLa modeled in UML.
On figure 1, the most meaningful concepts of ReMoLa, are
defined in the following way:
• The responsibility is a charge assigned to an employee to
signify his accountabilities concerning a business task, and the
right and capacity required to perform those accountabilities.
• The accountability represents the obligation of what have to
be done concerning a business task and the justification that it is
done to someone else, under threat of sanction
• The capability represents the qualities, the skills or the
resources intrinsic to the employee and required to perform
accountability.
• The right represents the resources provided by the company to
the employee and required to perform accountability.
• The assignment is the action of linking an agent to a
responsibility. Delegation process is the transfer of an agent’s
responsibility assignment to another agent.
3. DEFINING RESPONSIBILITY AT THE
BUSINESS LAYER
In this section, we integrate ReMoLa with the business layer of the
ArchiMate enterprise architecture modeling language. This
integration allows defining the access rights provided to the
employees at the application layer according to their defined
responsibilities at the business layer.
The integration of ReMoLa with ArchiMate is achieved using a
three steps approach to integrate models defined by Petit in [6].
The first step is the preparation of the integration, the second step
is the investigation and the definition of the correspondences and
the third step is the integration of both meta-models.
3.1 Preparation for integration
As defined in [6], this first step of the integration of two meta-
models requires a certain preparation of the integration. Therefore,
an integration strategy is defined and provides the baselines for
the integration process such as the context of the integration, the
selection of a common language for the representation of the
meta-models being integrated, the expected abstraction layer of
the concepts represented in the integrated meta-model and so
forth.
The languages at our disposition are, e.g. Telos [7], UML, and so
forth. Telos has the advantages of being based on mathematical
foundations, of being expressive, and of using a limited number of
concepts. UML has the advantages of offering more
representation choices, of being less informal and, as a
consequence, might be more intuitive [6]. For the integration, we
have also selected UML as common representative language.
ArchiMate has been traduced in UML in [8].
Our integration aims at enhancing the alignment between the
business and the IT layer of ArchiMate and, thereby, enhancing
the definition of the access right. As a consequence, some
concepts of ArchiMate will not be considered such as e.g. those
from the technical layer, the value and so forth. Some concepts
from ReMoLa have also not been considered because they are not
of the appropriate abstraction layer like the sanction, the
commitment or the motivation.
3.2 Investigation and definition of the
correspondences
In [6], the author explains that this second step analyzes the
correspondences between the classes of the meta-models. Those
correspondences exist if correspondences between instances of
these classes, taken two by two, can be generalized. Therefore, it
is advisable to carry out one or more case study(ies) to model real
world elements with both languages and, to compare the
semantics of the obtained models. The correspondences between
the models' elements have been analyzed during complete case
study at the municipal hospital which is summarized in section 5.
During the investigation and definition of the correspondences,
we have model this case study with ArchiMate and with ReMoLa
first. Afterwards, we generalize the case modeling considering:
(1) Classes of both meta-models semantically equivalent:
• The business actor and the employee
• The business role (in ArchiMate) and the business role (in
ReMoLa)
• The business object and the information
• The business function and the association accountability–task
(2) Classes not existing in ArchiMate:
• The concept of capability. This concept exists explicitly in
ReMoLa and implicitly in ArchiMate that considers that a business
function groups behavior according to, for instance, the required
skill and knowledge [5]. This concept is explicitly introduced in
the integrated model.
• The concept of right. This concept exists explicitly in ReMoLa.
In ArchiMate, the business function also aims at grouping behavior
accord to the required resource [5] but the semantic of the resource
and its difference with the business object is not obvious.
(3) UML association between those classes that are equivalents:
• The UML association that assigns a business actor to a
business role
3. • The UML association that assigns a business role to business
function
• The UML association that associates a business function with
the business object which it accesses
3.3 Integration of ReMoLa in ArchiMate
The third step defined in [6] corresponds to the integration of the
meta-models. During analyze of the correspondences between the
classes and the UML associations between the classes, we have
observed some minor divergences. Notwithstanding the influence
of those divergences, to consider that a sufficient correspondence
exists between the elements and to consider them during this third
step of integration, we have to analyze that divergence in depth
and formalize the integration rules to consider for having a perfect
integration.
Our objective is to elaborate an integrated meta-model that
enriches the business layer of ArchiMate with the meta-model of
ReMoLa. Therefore, our integration strategy is as follows
regarding the classes of both meta-models: (1) when an exact
correspondence between one class from ArchiMate and one class
from ReMoLa exists, we preserve the name of the ArchiMate
class, (2) when the class of ReMoLa has no corresponding class in
ArchiMate, this class is integrated in the integrated meta-model
and it preserves its name from ReMoLa, (3) when a
correspondence with conflicts between the definition of the
classes exists, the classes are integrated in the integrated meta-
model and we preserve the name of the ArchiMate class but,
additionally, we includes integrations rules that need to be
followed in case of using the integrated meta-model. We observe
that, all the classes from ArchiMate have a corresponding class in
ReMoLa. The correspondence between the UML associations in
ArchiMate and in ReMoLa is also analyzed during the integration
of both meta-models. Two situations coexist: Firstly, one direct
association between two classes of ArchiMate corresponds to one
direct association between the equivalent classes of ReMoLa. In
this case, it can exist short semantic difference(s) between the
associations, and integration rule sometimes needs to be defined
to consider this difference. Furthermore, the name of the
association from ArchiMate is preserved. Secondly, one direct
association between two classes of ArchiMate corresponds to one
indirect association between the equivalent classes in ReMoLa. In
this case, the indirect UML associations are renamed.
1. Classes that correspond exactly
• The business role in ArchiMate and the business role in
ReMoLa
• The business object in ArchiMate and the information in
ReMoLa
2. Classes that only exist in ReMoLa
• Responsibility
• Right
• Capability
• Accountability
3. Classes that correspond under integration rules
• The business function and the task. The first integration rule is
that the definition of the business function in ArchiMate is
completed by a type of obligation for the business actor. As a
consequence, the ReMoLa's class of task corresponds to an
obligation concerning a business function being performed by the
business actor. This integration rule completes the business
function that have to be accurate enough to define what type of
obligation is expected by the business function, e.g. the business
function producing a rapport should be defined more precisely like,
for instance, make the report, review the report, manage the team
that produces it and so forth. Moreover, the business actor that
produces it must justify its realization.
• The business actor and the employee. The second integration
rule is that the ArchiMate class of business actor is limited to a
human actor. This integration rule exists due to the commitment
which is pledge by an employee, once he is assigned to a
responsibility. If the business actor is a machine, we assume there
is no question of commitment since a machine executes the
operation it is programmed for. If the business actor consists of a
group of humans, the commitment is not able to be check
individually and, by consequence, it is not possible to validate that
responsibility assigned to an employee from the group will be
fulfilled since no employee personally commits to it.
UML associations integration:
1. Equivalent associations between two classes of AchiMate and
the corresponding two classes of ReMoLa
• The business actor is assigned to the business role
2. Links from ReMoLa in the integrated meta-model complete or
replace the associations from ArchiMate
• The business actor is assigned to a responsibility that compose
a business role is an alternative association to the association that
associates the business actor with the business role.
• The business role is composed of responsibilities which are
composed of business function replace the direct association
between the business role and the business function.
• The association between the business function that composes a
responsibility and the rights concerning a business object that are
required to a responsibility replace the ArchiMate direct access
association from the business function to the business object.
3. New associations from ReMoLa, which do not exist in
ArchiMate, are integrated in the integrated meta-model.
• The responsibility required capability
• The capability is necessary for a business function
Figure 2. ReMoLa integrated with ArchiMate.
The integration of new classes from the responsibility meta-model
and the consideration of the above integration rules from the
analyze of the correspondence between the classes of business
object and information, and the business role in ArchiMate and in
ReMoLa permit to assemble both meta-models on a unique
schema in UML, which is afterwards represented with ArchiMate
symbols on Figure 2. To integrate responsibility in ArchiMate, we
used the symbols of full line hexagonal for responsibility, dash
line hexagonal for right and capability, and dot line hexagonal for
accountability.
4. ACCESS RIGHT MANAGEMENT
4.1 Previous work
RBAC is a model that facilitates the management of the access
rights to application component such as software or server. To
manage these access rights related to application components at
the application layer, it is necessary to be able to interpret the
business components such as the business role, the business actor
or the permission at the application layer.
4. Therefore, [4] introduces three data objects: the user, the role, and
the permission at the application layer (see Figure 3). The
interpretation of a concept from the business layer by a concept at
the technical layer in ArchiMate is only possible by using a
Realization link [5]. Unfortunately, this realization link only exists
between a data object that realizes a business data. Since this
realization does not formally exist in ArchiMate, [4] does not
explicitly consider that: 1) the role from the application layer
realizes the business role (or the concept of role from RBAC), 2)
the user from the application layer realizes the business actor (or
the concept of user from RBAC) and 3) the permission from the
application layer realizes a type of access to a business object (or
the permission concept from RBAC).
4.2 Realization link
Although it is not considered by [4], this realization link is
necessary, especially, in the field of the access right management.
Indeed, an access right management solution needs to be able to
consider an electronic representation of the business user to
calculate the access rights he needs. Therefore, we introduce a
new realization relationship in ArchiMate between Business and
Application layer concepts. This relationship specifies that a
concept at the application layer is an electronic representation of a
concept at the business layer.
This realization relationship is represented by using a double line
with a stealth arrow in Figures 3, 4, 7 and 9.
Figure 3. User-role and permission-role assignment.
Access rights management with RBAC is defined by a set of
functions such as the assignment of users to roles and the review
of this assignment, the assignment of permissions to roles and the
review of this assignment, the management of the roles hierarchy,
the management of the separation of duties constraint, the
management of the sessions, and the performance of access check.
[4] has explained all these functions. In Figure 3, we only
highlight the two functions that are important for our research: the
users to roles assignment and the permissions to roles assignment.
These functions are represented by using a horizontal chevron
symbol.
The users to roles assignment function requests the creation of a
new data object named User-Role Assignments and the
permissions to roles assignment function requires the creation of a
new data object named Permissions-Roles Assignment. These two
new data objects contain the list of the existing assignments. To
execute the assignment of users to roles, the user to role
assignment function reads the user and the role data objects, and
reads and writes the user-role assignment data object. To execute
the assignment of permissions to roles, the permission to role
assignment function reads the permission and the role data
objects, and reads and writes the permission-role assignment data
object. The integration of RBAC at the business layer and the
association of the RBAC role with ArchiMate's business role
seem appropriate. In this case, we have a RBAC role that
corresponds to a real role from the company such as the roles
encountered in the organizational chart (we have, for instance, the
business role of doctor, of medical secretary, of nurse, and so
forth). Accordingly, we have an exact correspondence between
the existing business roles of the company and the roles that are
used to manage the access rights. However, the problem with this
integration is that it requires a perfect alignment between the
permissions needed by the employees assigned to these roles and
the permissions really assigned to them. This is based on the
postulate: Mostly all users with the same role have exactly the
same tasks to perform and need exactly the same permissions.
In practice, this is slightly different since, although all users with
the same role globally achieved the same tasks, there always exist
some differences between the responsibilities of the employees
assigned to the same role. For instance, although all the doctors
from the role doctor, a priori, require the same access rights over
the information system, in practice, the doctors never exactly
perform the same tasks and never need access to the same
information, e.g. some doctors, additionally to their roles, manage
the unit and need access to financial software, while others are
members of ethical committee and need access to reporting tools,
others are specialized in specific professional in a specialty and
need access to dedicated software. The weaknesses related to the
roles’ definition have been demonstrated in [3, 9, 10].
4.3 Our approach
Our approach considers the assignment of rights to the employee
based on their responsibilities. Therefore, the responsibilities
integrated with the business layer of ArchiMate needs ultimately,
to be represented at the application layer.
4.3.1 Representation of responsibility, business role
and business actor
At the application layer, we introduce a data object responsibility
that realizes (according to [5]) the business concept of
responsibility and a data object business role which realizes the
business object of business role (see Figure 4). This data object of
business role is necessary for representing the composition of
business roles with responsibilities at the application layer.
Figure 4. Business role with responsibility composition.
We also introduce the data object of business actor that
corresponds to the computerized representation of the business
actor from the business layer. The business actor representation
corresponds to an electronic ID or to a unique identification. The
data object of business actor does not perform a behavior or an
application function, but it is used by some application functions
to calculate whether the business actor from the business layer
may access specific application functions or specific application
data used by this application function.
4.3.2 Responsibility to business role assignment
As explained in Section 3, a business role is composed of one or
more responsibilities. To administer this composition in
ArchiMate, we integrate, at the application layer, an application
function named Compose Business roles with Responsibilities,
5. and a data object named Responsibility-Business role
Compositions. This data object represents a set of Responsibilities
that compose a set of Business roles. As explained on Figure 5, to
compose the business roles with responsibilities, the application
function Compose Business roles with Responsibilities needs to
access the three following data objects: Responsibility, Business
role and Responsibility-Business role Compositions.
Figure 5. Business role administration.
4.3.3 Business actor assignment
To administer the assignment of a business actor to a
responsibility and/or to a business role, we integrate three new
data objects named (1) Business actor, that realizes the Business
actor from the business layer, (2) Business actor-Responsibility
Assignment, that represents a set of Responsibilities assigned to a
set of Business actors, and (3) Business actor-Business role
Assignment, that represents a set of Business actors assigned to a
set of Business roles (see Figure 6). We also integrate two new
application functions: Assign Business actors to Responsibilities
and Assign Business actor to Business role.
As explained in Figure 6, in order to assign responsibilities to
business actors, the application function Assign Business actors to
Responsibilities access the three following data objects: Business
actor, Responsibility and Business actor-Responsibility
Assignment. Equivalently, to assign a Business role to a Business
actor, the application function Assign Business actor to Business
role access the three following data objects: Business actor,
Business role and Business actor-Business role Assignment
Figure 6. Business actor assignment administration.
4.3.4 Representation of Permissions
At the business layer, a permission, corresponds to a type of
access right to a business object. The data object Permission
realizes the Permission from the business layer to the application
layer (see Figure 7).
4.3.5 Permissions to responsibilities
As explained in Section 2, a responsibility requires one or more
rights. Permission is a type of right to access a business object. To
administer this assignment of permissions too, we integrate an
application function named Assign Permissions to
Responsibilities, and a data object named Permission-
Responsibility Assignment at the application layer.
As explained in Figure 8, to assign permissions to responsibilities,
the application function Assign Permissions to Responsibilities
needs to access the three following data objects: Permission,
Responsibility, and Permission-Responsibility Assignment
Figure 7. Permission administration.
4.4 Permissions Assignment Optimization
Our approach used the concept of responsibility as a pivot
between the business layer and the application layer. Firstly, we
consider that a business role is composed of a set of
responsibilities (defined at the business layer) and secondly, we
consider that permissions provided with application functions at
the application layer are necessary to perform the responsibilities.
These permissions are calculated at the business layer but are
provided and managed at the application layer.
Regarding this second point, in practice, we are confronted at the
application layer with a large amount of responsibilities that need
a large amount of permissions and each permission may be
assigned to a set of different responsibilities. This situation is
close to the situation where a large amount of users are assigned
to a large amount of permissions and each permission may be
assigned to a large amount of users. Therefore, in the next
chapters, we analyze how it is possible to consider the RBAC
model to enhance the assignment of permissions to
responsibilities, at the application layer and we consider two
assignment functions: the responsibilities to roles assignment and
the permissions to roles assignment.
4.4.1 Representation of RBAC
At the application layer, we need to introduce a data object for the
RBAC role, such as realized in [4]. This data object facilitates not
the assignment of permissions to users, but the assignment of
permissions to responsibilities. It is only used at the application
layer, to optimize the management of the permissions, and has no
correspondences at the business layer. We keep the data object of
responsibility that realizes the business concept of responsibility
as explained in Figure 4 and, we keep the data object of
permission that corresponds to a type of access to a business data
as explained in Figure 8.
The data object of the RBAC role is a type of application role that
corresponds with a logical gathering of business actor
representations which have the same operations to perform on the
6. information system (IS) and therefore, request the same
permissions regarding the data objects. As a consequence, the
RBAC role is different to the business role such as defined in
ArchiMate.
Figure 8. Permission-responsibility assignment optimization.
4.4.2 RBAC role administration
To administer the assignments of responsibilities to the RBAC
role and the assignment of permissions to this role, we integrate,
at the application layer, two application functions named Assign
Responsibilities to RBAC role and Assign Permissions to RBAC
role.
Additionally, we also integrate two new data objects named
Responsibility-RBAC role Assignment, which represents a set of
responsibilities assigned to an RBAC role, and Permission-RBAC
role Assignment, which represents a set of permissions assigned
to an RBAC role. As explained in Figure 9, to assign
responsibilities to an RBAC role, the application function Assign
Responsibilities to RBAC role needs to access the three following
data objects: Responsibility, RBAC role and Responsibility-
RBAC role Assignment. Equivalently, to assign permission to an
RBAC role, the application function Assign Permission to RBAC
role needs to access the three following data objects: Permission,
RBAC role and Responsibility-RBAC role Assignment.
Figure 9. RBAC role administration.
4.4.3 Discussion
In our approach, we keep the use of the concept of a business role
that exists in the company and is consequently useful to manage
the business actors, as well as their responsibilities. In parallel, we
introduce and define the concept of Responsibility to improve the
definition of the responsibilities of the Business actors. Indeed,
although the business role offers a macro list of responsibilities to
be performed by the business actor, it does not allow managing
the responsibilities that are sporadically assigned to or removed
from the employees; it does not allow the management of
delegation of some responsibilities, etc. The access rights
provisioning using the RBAC model and using the mapping of the
RBAC role with the business role, as explained previously,
presents weaknesses, in terms of accuracy.
To face the question of accuracy, we have, considered providing
the access rights to the business actor according to these
responsibilities. In companies, access rights are managed with
application components at the application layer. Therefore, it was
necessary to translate business actor and responsibility at the
application layer, to define business roles to responsibility
assignment function and to define permissions to responsibility
assignment function.
Using responsibility to provide permissions is interesting, but it
reduces the advantage introduced by the role based access control
model to manage a large amount of users and permissions using
roles. As a result, after having introduced responsibility in
ArchiMate, we had to face the management of a large amount of
access rights to be provided to a large amount of responsibilities.
To provide a solution to this problem, we have considered using
the RBAC model and we have reintroduced the RBAC role at the
application layer.
5. CASE STUDY AT THE HOSPITAL
At the municipal hospital, there is no formal alignment, in terms
of access rights to professional software, between the business
layer where business roles are defined and assigned to the
employees, and the application layer where the access rights are
provided to these employees. Therefore, the objective of this case
study is to illustrate that the integrated ArchiMate with ReMoLa
meta-model at the business layer, as well as the enhancement of
the permissions to responsibilities assignment using RBAC at the
application layer, is a solution that improves the provisioning of
professional software access rights to the employees. All along
this section, the case study is illustrated with the reception
department from the hospital. The case study has been conducted
between January 2011 and January 2012, to the rhythm of one
meeting a month. During those meetings, the following persons
have participated: the Application support manager, the Reception
department manager and the Competences manager.
5.1 Hospital business roles analyze
At the municipal hospital, the employees are categorized based on
their roles. In the Human Resources (HR) department, the roles of
the employees are going to be formalized in the Job description.
These job descriptions aim to describe the tasks which are to be
performed by a role, as well as the necessary knowledge required
to be assigned to this role. The job descriptions, however, do not
specify the access rights required on professional software. In this
case study, we consider that the business role from ArchiMate
corresponds to the business roles from the hospital and that the
employees assigned to a role are accountable for doing the tasks
described in the job description. To illustrate this, let’s take the
job description of the receptionist role which is a thirteen page
document that formalizes the five main activities to be performed
by this role, i.e.: welcome and inform the patient, perform the
various technical and administrative tasks, contribute to the
enhancement and evolution of professional practices, train and
mentor new employees, and train and supervise trainees. Each of
these activities are described by a set of tasks and by the required
competences to perform them in terms of knowledge,
methodological and technical know-how and, relational ability.
The tasks to be performed for the activity: Perform the various
technical and administrative tasks, are eg.: encode and control the
data relating to the admission of ambulatory or hospital patients,
print and give the admission form to the patients, manage daily
access to the parking, receive deposits, issue invoices, and so
forth.
7. An organization chart for the reception department structures the
activities into eight sub-roles, as follows:
• SR1: Receptionist at the municipal hospital.
• SR2: Receptionist at the pediatric clinic and the maternity
• SR3: Phone reception
• SR4: Info desk
• SR5: Human resources management
• SR6: Department management
• SR7: Room operator
• SR8: Outsourced guardian
5.2 Analysis of the application layer
The architecture of the IS of the hospital is composed of:
1. Vertical software are applications which are used by well
defined and well specified healthcare businesses. These are for
instance: the management of the laboratory, the endoscopy
software, or the management of the polyclinic.
2. Transversal software are those used together by all healthcare
businesses. These are for instance: the dispatching of the
laboratory's results or the medical imaging. The hospital ERP is
the most important transversal software (see Figure 10).
Figure 10. Hospital municipal application layer.
The hospital ERP is a business management software that offers
the possibility to program specific application functions by the
owner of the application himself. Therefore, it has been decided to
use it, to manage the access rights to all the other software. As a
consequence there exists links between the ERP and the vertical
software and on the other hand links between the ERP and the
other transversal software using contextual calls. With the hospital
ERP, the access right management is realized using
AuthorityObject. AuthorityObject is composed of zone(s) from 1
to n based on what authority check is performed. Practically,
AuthorityObject correspondent to ERP transactions (see Figure
10) and for each transaction, a set of authorizations are defined
such as create, modify, delete, view historic, and so forth.
Figure 11. Hospital RBAC role equivalents.
To facilitate their management, AuthorityObject is assigned to
Functional roles like, for instance, the Functional role of Search
for a patient in the database, create a patient entry, create a
transaction, show a transaction, and so forth. Additionally, the
concept of Reference user has been created to gather a set of
Functional roles. In practice, one user may be assigned to one or
more Reference user or to one or more Functional role (See
Figure 11). The mapping between the application layer of the
hospital and the enhanced ArchiMate-ReMoLa meta-model allows
defining the correspondences between the AuthorityObject that
corresponds to the kind of right to perform an operation. In the
ReMoLa-ArchiMate meta-model, that permission corresponds to
the data object of permission. The Functional role corresponds to
a set of AuthorityObject which may be assigned to a business user.
Therefore, we consider that the Functional role component from
the hospital application architecture corresponds to the concept of
RBAC role of the application layer of the ArchiMate-ReMoLa
meta-model.
Finally, the Reference user corresponds to a set of Functional
roles and, on the second hand, is assigned to a set of business
user. Therefore, we consider that the Reference user component
from the hospital application architecture also corresponds to the
concept of RBAC role of the application layer of the meta-model.
Moreover, given that the Reference user is composed of
Functional role, we consider that there exists a role hierarchy
between both roles.
5.3 Illustration with the receptionist role
At the application layer, an authorization profile document is
defined and formalizes the five Functional roles that may be
assigned to the employees with the role of receptionist. These
Functional roles are:
• Patient's basic data encoding, that means Add or create,
modify, display, delete patient's basic data and entry, transfer or
leaving data related to the patient
• Entry, transfer or leaving patient's data encoding
• Management of the beds status at the hospital
• Medical delivery encoding
• Patient invoices creation and modification
The three first Functional roles are aggregated in the Reference
user of REFRECEP. For each of these Functional roles, a set of
AuthorityObjects is defined. These AuthorityObjects are managed
using an application interface that allows formalization of the
concerned rights. In practice, the Functional roles and Reference
user, as well as other rights to specific software, are assigned to
the sub-roles as follows:
• SR1: REFRECEP, all rights related to equipment ordering
software
• SR2: REFRECEP, medical delivery encoding, patient invoices
creation and modification, all rights related to equipment ordering
software
• SR3: REFRECEP, all rights related to equipment ordering
software, right to read the planning of doctors on duty
• SR4: REFRECEP, all rights related to equipment ordering
software
• SR5: REFRECEP, medical delivery encoding, patient invoices
creation and modification, all rights related to equipment ordering
software, read and write access to the Excel file: Timetable
planning
• SR6: All rights provided to the other sub-roles
• SR7: Read access related to the room agenda in GroupWise
multi-users, read access to the ticketing tool.
• SR8: Write access to the reporting software, all rights related to
equipment ordering software
8. 5.4 Enhanced permission assignment
As explained in Section 4.4, to align the business role with the
application role, we have introduced the concept of responsibility
as an intermediary and pivot component. Responsibility composes
a business role at the business layer and is assigned with
permissions (or with an RBAC role) at the application layer. The
analysis of the receptionist job description has allowed defining
sixteen responsibilities that required access rights on the IS.
Table 1: Responsibility – Access Rights – Sub-Roles.
ID Responsibility Required Access Right Compose
Sub-Roles
1 Perform the entry record Add or create, modify, display, delete
patient’s basic data and entry, transfer,
or leave data related to the patient
SR1, SR2,
SR5
2 Perform the transfer
management
Display entry, transfer or leave data
related to the patient and all rights
related to the statistic software
SR1,SR2,
SR5
3 Perform the beds status
management
All rights related to the beds status
management
SR1,SR2,
SR5
4 Perform equipment
ordering
All rights related to the equipment
ordering software
SR8
5 Perform the medical
encoding for billing
All right related to the medical
delivery encoding
SR2
6 Perform the creation and
de modification of patient
invoices (billing)
All rights related to the patient
invoices creation and modification
SR2
7 Inform about the beds
status
Display rights related to the beds status SR1, SR2,
SR3, SR4
8 Perform the realization of
work plans
Read and write access to the Excel file:
Timetable planning
SR5
9 Perform the control of the
monthly worksheets
Read and write access to the Excel file:
Timetable planning
SR5
10 Perform the management
of HR indicators:
Overtime, Days off,
Hours of recovery
Read and write access to the Excel file:
Timetable planning
SR5
11 Perform the management
of the room
Read access related to the room agenda
in Groupwise multi-users
SR7
12 Perform the verification
of the infrastructure
Write access to the reporting software SR8
13 Fix defective
infrastructure
All rights related to equipment
ordering software
SR8
14 Perform the management
of the receptionists
All the rights provided to the sub-roles
SR1, SR2, SR3, SR4, SR5, SR7 and
SR8
SR6
15 Inform about the doctor
on duty
Rights to read the doctors on duty
planning
SR3
16 Perform the statistical
analysis to follow up the
daily business
All rights related to the statistical
software
SR5, SR7
The definitions and analysis of the responsibilities of the
receptionists have permitted to refine the required access rights
for each sub-role recovered in the organization chart of the
receptionist department (Table 1). By formalizing the
responsibilities, we have isolated the tasks to be performed by
each sub-role from the receptionist job description and we have
analyzed the access rights they need.
Thereby, we have observed the following differences:
• SR3 and SR4 have too many rights. The employees assigned to
the Phone reception and Infodesk role are authorized to add or
create, modify, display, delete patient's basic data and entry,
transfer, or leaving data related to the patient, although they do not
require these rights. They possess all rights related to the beds
status management, although, only some of them are required to
display information related to the beds status.
• SR1, SR2, SR5 do not have to perform equipment ordering,
although they have the right to do it.
6. CONCLUSIONS
We have proposed an approach for enhancing the alignment of the
business layer with the application layer, and in particular the
enhancement of the access right management and provisioning to
employees according to business specifications. This approach
takes responsibility as a link between both layers into account.
Therefore, responsibility has been modeled in a responsibility
modeling language named ReMoLa and has been integrated in
ArchiMate using the methodology defined in [5].
To illustrate the approach, a case study in a municipal hospital in
Luxembourg has been conducted with people in a variety of IT
and non-IT roles. We have defined and used the responsibilities of
the employees from the receptionist department to align the
business role, and sub-roles, defined at the business layer with
RBAC role defined at the application layer. At the application
layer, the business role and sub-roles, as well as the tasks to be
performed, have been recovered from the job description
document and from an organizational chart. At the application
layer, the RBAC roles have been analyzed in an authorization
profile document that defines a set of Functional roles, sometimes
aggregated in a Reference user.
We have observed that using responsibility allows a finer
assignment of rights to the employees. For instance, responsibility
16 does not compose any business role or sub-roles, but it may be
directly assigned to employees that are assigned to SR1 or SR2.
This direct assignment allows the provisioning of some
employees, who are responsible for making business analysis,
from the SR1 and SR2 sub-role, but not all of them.
This case study has allowed validating the usability of
responsibility to perform this alignment. Since the receptionist
department was already existing and functioning, the case study
did not engineer the access rights without relying on existing
resources, but it allows confronting the existing access rights with
those calculated by the modeling of the responsibilities. The
results of these confrontations were that the employees of five
sub-roles (over eight) were assigned to more permissions than
they really required in practice.
7. ACKNOWLEDGMENTS
This work is partially supported by the Fond National de la
Recherche in Luxembourg on the PEARL program ASINE.
8. REFERENCES
[1] C. Feltus, M. Petit, and M. Sloman, Enhancement of Business IT
Alignment by Including Responsibility Components in RBAC, 5th
Busital workshop, 2010, Hammamet, Tunisia.
[2] C. Feltus, M. Petit, and E. Dubois, Strengthening employee's
responsibility to enhance governance of IT: COBIT RACI chart case
study. 1st
ACM Workshop on Information Security Governance.
ACM, New York, NY.
[3] D. Richard Kuhn, Edward J. Coyne, Timothy R. Weil. Adding
attributes to role-based access control. Computer, 43(6):79-81, 2010.
[4] I. Band, Modeling RBAC with SABSA, TOGAF and ArchiMate,
Creating a Foundation for Understanding and Action, Open Group
Conference, Austin, Texas, 2011.
[5] M. Lankhorst. Archimate language primer, 2004.
[6] M. Petit. Some methodological clues for defining a unified enterprise
modelling language. ICEIMT '01, pages 359-369, Deventer, The
Netherlands, 2003.
[7] J. Mylopoulos, A. Borgida, M. Jarke, M. Koubarakis. Telos:
representingknowledge about information systems. ACM Trans. Inf.
Syst., 8:325-362, October 1990..H. Jonkers, M.-E.Iacob, M.
Wiering. Towards a uml profile for the archimate language, 2004
[8] B. Lang, I. Foster, F. Siebenlist, R. Ananthakrishnan, T. Freeman. A
exible attribute based access control method for grid computing.
Journal of Grid Computing, 7(2): 169-180, 2008.
[9] M. Covington and M. R. Sastry. A contextual attribute-based access
control model. On the Move to Meaningful Internet Systems 2006
OTM 2006 Workshops, pages 1996-2006.