Objectives
The overall objective of the ORKA project is a symbiosis between organizational control, which is necessary e.g. in professional context for the implementation of workflows in IT systems, and access rights management. This includes the development and implementation of holistic and integrated security concepts based on role-based security policies and considering organizational control principles - the organizational control architecture.
Holistic consideration of security policies
ORKA looks at security policies in a holistic and integrated way, i.e. from specification and administration of a security policy over continuous validation of protection goals to its enforcement in connected systems.
Secure workflows and organizational control principles
ORKA aims to increase security of workflow-based systems by bringing organizational control principles into security policy specifications. The ORKA authorization architecture will support and automatic enforce a variety of organizational control principles, such as permissions, obligations, restrictions, delegations.
Specification, administration and validation
ORKA's rights management approach features integration of organizational control principles in security policy specification. For that, an appropriate policy description language will be developed, that allows modeling of organizational control principles by means of authorization constraints. Advanced user interfaces allow administrators to get all necessary information about the security policy and context-dependent access to operations. Tools for policy analysis help administrator in finding and solving failures and inconsistencies in policy specification.
Flexibility in policy enforcement
ORKA develops a generic architecture for easy integration into existing (ERP- ) systems. Here, the main focus is on flexibility. The enforcement component will be designed in a way to cope with rapid changes of the policy specification and the application context due to support for worksflows and organizational control principles.
Who should be interested in ORKA?
ORKA will demonstrate companies that tools for rights management on the basis of organizations can increase IT security. Through simplification of security policy specification and administration by means of advanced tools the number of failures and inconsistencies in security policies may be reduced. This leads to a positive Return of Security Invest (ROSI).