Figure 1 - uploaded by Thomas Bauer
Content may be subject to copyright.
Source publication
Integrated process support is highly desirable in environments where data related to a particular business process are scattered over distributed, heterogeneous information systems. A business process monitoring component is a much-needed module in order to provide an integrated view on all these process data. Regarding process visualization and pr...
Contexts in source publication
Context 1
... et al., 2008). As discussed by Bobrik et al. (2005), an integrated process support is highly desirable in such an environment where data (e.g., business data, audit trails and reports) related to a particular process (instance), and with different degrees of sensitivity, are often scattered over heterogeneous information systems (IS) (cf. Fig. 1). A process monitoring component is a much-needed module in order to provide an integrated and abstracted view on all these data (Junginger et al., 2004;Muehlen, 2001;Polyvyanyy et al., 2009). Despite its importance, many existing process-aware information systems do not offer such component. For example, a process monitoring component ...
Context 2
... part of the PP process we considered, for example, comprises a large number of activities for planning production facilities and resources. Furthermore, it defines the flow of about 50 relevant documents. When studying this case we got access to a large model that was plotted on a 1,5 m x 5 m wallpaper -a fragment of this process is depicted in Fig. XX1. Altogether, the PP process comprises several hundreds activities with complex inter-dependencies. Furthermore, there exists a process handbook with detailed descriptions of each activity. This handbook mainly serves for training purposes and provides detailed task descriptions. -From interviews with process owners we have learned that ...
Context 3
... process view can be realized by simple graph transformations, in other scenarios this necessitates a more complex restructuring of the proc- ess graph. Generally, aggregated process views are more difficult to realize than reduced ones. In particu- lar, relations to satellite objects (e.g., data elements, org. roles) have to be preserved (cf. Fig. 1) and attrib- ute values for the abstract activity node resulting from the aggregation have to be calculated. Finally, aggrega- tion operations are provided for all process aspects including data flow, and actor ...
Context 4
... specified explicitly, and open policy where negative rights need to be specified explicitly. The closed policy approach is known to ensure better protection than open policy. In the latter, the need for protection is not strong: by default, access is to be granted. Intuitively, we may also suppose that a specific operation prevails on another (cf . Fig. 10); e.g., whenever it is allowed to read the value of an attribute, this implies that it is also allowed to read another form of the value, and to check the existence of the attribute. Note that positive rights prevail on negative ones, i.e., positive rights are on bottom of the scale in Fig. 10. This is because of the closed policy ...
Context 5
... that a specific operation prevails on another (cf . Fig. 10); e.g., whenever it is allowed to read the value of an attribute, this implies that it is also allowed to read another form of the value, and to check the existence of the attribute. Note that positive rights prevail on negative ones, i.e., positive rights are on bottom of the scale in Fig. 10. This is because of the closed policy adopted. AC rights being clearly defined, we present now a mechanism consisting of two functions that respectively return (1) whether or not an attribute is associated with an object, (2) the exact value or an abstraction of the value of an attribute. In the given context, a number of conflict ...
Context 6
... 13. Consider Process P from Fig. 12a) and its activities. Each of these activities is associated with a set of attributes for which AC rights need to be defined. Fig. 12c) depicts respective AC rights for roles r1 = "manager" and r2 = "engineer" respectively. For role r1 access to the values of all attributes of activities A, C and E shall be granted, while users with ...
Context 7
... 13. Consider Process P from Fig. 12a) and its activities. Each of these activities is associated with a set of attributes for which AC rights need to be defined. Fig. 12c) depicts respective AC rights for roles r1 = "manager" and r2 = "engineer" respectively. For role r1 access to the values of all attributes of activities A, C and E shall be granted, while users with role r2 may access the values of attributes Att1 and Att3 of all activities. When applying Definition 2 we obtain the AC rights as ...
Context 8
... AC rights for roles r1 = "manager" and r2 = "engineer" respectively. For role r1 access to the values of all attributes of activities A, C and E shall be granted, while users with role r2 may access the values of attributes Att1 and Att3 of all activities. When applying Definition 2 we obtain the AC rights as depicted on the right hand side of Fig. 12c); a graphical illustration is given in Fig. 13a). While Fig. 13a) only depicts positive AC rights, Fig. 13b) implicitly adds negative ones as well. Assume now that a user u plays both roles r1 and r2. Then the question emerges what rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative ...
Context 9
... respectively. For role r1 access to the values of all attributes of activities A, C and E shall be granted, while users with role r2 may access the values of attributes Att1 and Att3 of all activities. When applying Definition 2 we obtain the AC rights as depicted on the right hand side of Fig. 12c); a graphical illustration is given in Fig. 13a). While Fig. 13a) only depicts positive AC rights, Fig. 13b) implicitly adds negative ones as well. Assume now that a user u plays both roles r1 and r2. Then the question emerges what rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative AC rights), conflicts derive from the applied ...
Context 10
... For role r1 access to the values of all attributes of activities A, C and E shall be granted, while users with role r2 may access the values of attributes Att1 and Att3 of all activities. When applying Definition 2 we obtain the AC rights as depicted on the right hand side of Fig. 12c); a graphical illustration is given in Fig. 13a). While Fig. 13a) only depicts positive AC rights, Fig. 13b) implicitly adds negative ones as well. Assume now that a user u plays both roles r1 and r2. Then the question emerges what rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative AC rights), conflicts derive from the applied closed policy. In ...
Context 11
... all attributes of activities A, C and E shall be granted, while users with role r2 may access the values of attributes Att1 and Att3 of all activities. When applying Definition 2 we obtain the AC rights as depicted on the right hand side of Fig. 12c); a graphical illustration is given in Fig. 13a). While Fig. 13a) only depicts positive AC rights, Fig. 13b) implicitly adds negative ones as well. Assume now that a user u plays both roles r1 and r2. Then the question emerges what rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative AC rights), conflicts derive from the applied closed policy. In this simple scenario, they can be ...
Context 12
... 2 we obtain the AC rights as depicted on the right hand side of Fig. 12c); a graphical illustration is given in Fig. 13a). While Fig. 13a) only depicts positive AC rights, Fig. 13b) implicitly adds negative ones as well. Assume now that a user u plays both roles r1 and r2. Then the question emerges what rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative AC rights), conflicts derive from the applied closed policy. In this simple scenario, they can be automatically handled by defining the set of AC rights for a user having roles r1 and r2 as the union of the two sets of positve rights (see Fig. 13c) However, conflicts may also ...
Context 13
... rights shall be granted to u. Regarding Fig. 13b) (with explicit positive AC rights and implicit negative AC rights), conflicts derive from the applied closed policy. In this simple scenario, they can be automatically handled by defining the set of AC rights for a user having roles r1 and r2 as the union of the two sets of positve rights (see Fig. 13c) However, conflicts may also derive from explicitly defining negative AC rights. As example, consider Fig. 13d): for role r1 a positive right to access Att2 of activity A exists, while for role r2 a negative right diallowing access to Att2 of activity A has been explicitly assigned. Consequently, a conflict exists for users having both ...
Context 14
... rights), conflicts derive from the applied closed policy. In this simple scenario, they can be automatically handled by defining the set of AC rights for a user having roles r1 and r2 as the union of the two sets of positve rights (see Fig. 13c) However, conflicts may also derive from explicitly defining negative AC rights. As example, consider Fig. 13d): for role r1 a positive right to access Att2 of activity A exists, while for role r2 a negative right diallowing access to Att2 of activity A has been explicitly assigned. Consequently, a conflict exists for users having both roles. Then a conflict resolution policy needs to be applied (e.g., either permissions or denials taking ...
Context 15
... considering this example, we recognize the need for abstraction at the objects' level in order to compact the definition of AC rights reducing redundancy as much as possible. Therefore, one feasible way is to organize objects hierarchically (cf. Fig. 14): "All" at the top level, "Group of process models" at the next level down, "Process model" at the level just after, etc., and to propagate AC rights top-down. This allows us to meet the AC rights usability and maintainability requirement (cf. R3 in Table ...
Context 16
... This was particularly challenging for large process models as in the case of product planning. Basically, the described context-based approach, which allows to specify AC rights in respect to a certain level within an objects' hierarchy, helped us to avoid an inflation of AC rights. More precisely, we applied the objects' hierarchy as depicted in Fig. 15 in our evaluation. Regarding the product planning process we explicitly defined additional views using the framework sketched in Section 2. We then assigned AC rights on the level of these views as well. -Overall, Requirements R1, R2 and R3 were satisifed by our AC ...
Similar publications
Role-based access control (RBAC) is commonly used to implement authorization procedures in Process-aware information systems (PAIS). Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control flow mining, some techniques focus...
Integrated process support is highly desirable in environments where data related to a particular (business) process are scattered over distributed, heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these process data. Regarding process data integration, acce...
Citations
... A process view is generated by applying specific transformations to a workflow model and is intended to abstract from unnecessary details and make complex workflows easier to understand. In addition to these abstractions, process views can also provide a personalized perspective on the workflow for a specific user [66,69]. The generation of such personalized process views might include summarizing information, as well as hiding or filtering them. ...
... Furthermore, they introduce various properties to evaluate whether a process view is suitable or not. Reichert et al. [66] focus on the monitoring of workflows and how to properly visualize the process views using the Proviado framework. This includes defining abstract process view definitions by the user, which are then instrumented with collected data and visualized. ...
Quantum applications are hybrid, i.e., they comprise quantum and classical programs, which must be orchestrated. Workflows are a proven solution for orchestrating heterogeneous programs while providing benefits, such as robustness or scalability. However, the orchestration using workflows can be inefficient for some quantum algorithms, requiring the execution of quantum and classical programs in a loop. Hybrid runtimes are offered to efficiently execute these algorithms. For this, the quantum and classical programs are combined in a single hybrid program, for which the execution is optimized. However, this leads to a conceptual gap between the modeling benefits of workflow technologies, e.g., modularization, reuse, and understandability, and the efficiency improvements when using hybrid runtimes. To close this gap, we introduce a method to model all tasks explicitly in the workflow model and analyze the workflow to detect parts of the workflow that can benefit from hybrid runtimes. Furthermore, corresponding hybrid programs are automatically generated based on the quantum and classical programs, and the workflow is rewritten to invoke them. To ease the live monitoring and later analysis of workflow executions, we integrate process views into our method and collect related provenance data. Thus, the user can visualize and monitor the workflow in the original and rewritten form within the workflow engine. The practical feasibility of our approach is validated by a prototypical implementation, a case study, and a runtime evaluation.
... An AC model aimed at process logs has been described in the framework of the Proviado project for process data visualization [55,56]. The Proviado access control model expresses access rights on specific process aspects called objects. ...
Business process logs are composed of event records generated, collected and analyzed at different locations, asynchronously and under the responsibility of different authorities. Their analysis is often delegated to auditors who have a mandate for monitoring processes and computing metrics but do not always have the rights to access the individual events used to compute them. A major challenge of this scenario is reconciling the requirements of privacy and access control with the need to continuously monitor and assess the business process. In this paper, we present a model, a language and a software toolkit for controlling access to process data where logs are made available as streams of RDF triples referring to some company-specific business ontology. Our approach is based on the novel idea of dynamic enforcement: we incrementally build dynamic filters for each process instance, based on the applicable access control policy and on the current prefix of the event stream. The implementation and performance validation of our solution is also presented.
... One of the techniques in which process management and provenance are more highly intertwined is business process monitoring [4,13,15,36], which sometimes falls under the slightly more general term business activity monitoring [12,16]. Business process monitoring scrutinizes the status of process instances, by providing an integrated view on process and application data, or enabling business performance supervision [38]. In order to achieve these goals, business applications must be endowed with infrastructure and resources that allow the effect of a given process on the business objects to be recorded. ...
... Background: the occurrence-based approachBusiness process monitoring is concerned with recording information about the actual execution of processes to then extract valuable knowledge that can be utilized for business process quality improvement[6,25,26,38]. Process execution information is primarily perceived as a one-dimensional linear sequence of events (ignoring other aspect of the system) and stored ...
In recent years, research on provenance has increased exponentially, and such studies in the field of business process monitoring have been especially remarkable. Business process monitoring deals with recording information about the actual execution of processes to then extract valuable knowledge that can be utilized for business process quality improvement. In prior research, we developed an occurrence-centric approach built on our notion of occurrence that provides a holistic perspective of system dynamics. Based on this concept, more complex structures are defined herein, namely Occurrence Base (OcBase) and Occurrence Management System (OcSystem), which serve as scaffolding to develop business process monitoring systems. This paper focuses primarily on the critical provenance task of extracting valuable knowledge from such systems by proposing an Occurrence Query Framework that includes the definition of an Occurrence Base Metamodel and an Occurrence Query Language based on this metamodel. Our framework provides a way of working for the construction of business process monitoring systems that are provenance aware. As a proof of concept, a tool implementing the various components of the framework is presented. This tool has been tested against a real system in the context of biobanks.
... User Access Information Space Linked Process Information Unlinked Process Information process participants may have different perspectives on a business process and related process information [5,6]. For example, consider the development of an ABS 2 control unit: ...
In order to provide information needed in knowledge-intense business processes, large companies often establish intranet portals, which enable access to their process handbook. Especially, for large busi-ness processes comprising hundreds or thousands of process steps, these portals can help to avoid time-consuming access to paper-based pro-cess documentation. However, business processes are usually presented in a rather static manner within these portals, e.g., as simple drawings or textual descriptions. Companies therefore require new ways of mak-ing large processes and process-related information better explorable for end-users. This paper picks up this issue and presents a formal navigation framework based on linear algebra for navigating in large business pro-cesses.
... However, stakeholder needs are not addressed by the PST notion. Another way to support stakeholders in understanding and modeling business processes is illustrated in [13,28,29]: a powerful approach is introduced to change the visual appearance of a process model by replacing its visual representation by another one, e.g., by changing colors and adding pictographs to selected activities. Furthermore, advanced concepts for abstracting complex process models through hiding and aggregating process fragments is introduced [13,30]. ...
The different stakeholders in Business Process Management have to deal with various process models in order to understand the business processes being relevant for them. Especially inexperienced stakeholders often have difficulties in comprehending large and complex process models. In this paper a stakeholder-centered approach for modeling, changing and visualizing business processes is introduced. It is based on the Concurrent Task Tree (CTT), which constitutes a task modeling language widely applied in the field of end-user development. In particular, CTT considers stakeholder needs in modeling the behaviour of
user interfaces. In the context of our work we apply CTT for modeling, changing and visualizing business processes. To evaluate whether CTT is appropriate for stakeholder-centered process modeling we compare it with imperative process modeling, and introduce a mapping between CTT process models and imperative process models expressed in terms of the Business Process Modeling Notation (BPMN). Finally, we provide an advanced stakeholder-centered visualization concept based on CTT.
... The work presented in [12] focuses on aggregation of activities by making use of part-of relations between activities. A work by Reichert et al. [13] discusses the application of process views to provide access control for process models. In Web service environments, process views can be applied to simplify Web service orchestrations specified in BPEL by omission of activities and aggregation of structures of a BPEL process, as discussed for example in [8]. ...
The increasing complexity of processes used for design and execution of critical business activities demands novel techniques
and technologies. Process viewing techniques have been proposed as means to abstract from details, summarize and filter out
information, and customize the visual appearance of a process to the need of particular stakeholders. However, composition
of process view transformations and their provisioning to enable their usage in various scenarios is currently not discussed
in research. In this paper, we present a lightweight, service-oriented approach to compose modular process view transformation
functions to form complex process view transformations which can be offered as a service. We introduce a concept and an architectural
framework to generate process view service compositions automatically with focus on usability. Furthermore, we discuss key
aspects regarding the realization of the approach as well as different scenarios where process view services and their compositions
are needed.
Business process compliance refers to the formalization, enactment, verification, and monitoring of constraints for one or multiple process models and one or multiple process instances. Such complex compliance scenarios crave for visualization support that fosters traceability and understandability during design and runtime. It must be clear, for example, which processes and process instances are subject to which compliance constraint and, especially during runtime, which compliance state (e.g., satisfied or violated) is active. This paper analyzes existing visualization approaches for compliance-related information and demonstrates their usability and feasibility through a prototypical implementation and the application to a logistics scenario. The focus is on constraints that span across multiple processes and process instances. The preferred visualizations are then implemented in a real-world process scenario from the manufacturing domain and evaluated through in-depth interviews with three stakeholders. The interviews narrow down the results of the technical evaluation, indicating that Color is best suited for obtaining a quick overview and Text for in-detail analysis of compliance states.
Due to exceptional or special situations occurring in the real world, a business process cannot be always executed as desired. This chapter deals with anticipated exceptions occurring during the execution of prespecified process models. These range from activity failures to deadline expirations to unavailable resources. For coping with such anticipated exceptions, exception handlers are typically provided by process designers at build-time. These handlers are automatically invoked by the process-aware information system (PAIS) during run-time when corresponding exceptions occur. This chapter describes selected exception handing patterns frequently applied in PAISs to deal with anticipated exceptions. Moreover, the chapter gives insights into the semantic rollback of process instances, which is especially important when handling semantic activity failures during run-time.
The success of commercial enterprises increasingly depends on their ability to flexibly and quickly react to changes in their environment. Businesses are therefore interested in improving the efficiency and quality of their business processes and in aligning their information systems in a process-centered way. This chapter deals with basic concepts related to business process automation and process-aware information systems (PAISs). Characteristic properties, perspectives, and components of a PAIS are presented based on real-world process scenarios.
