2018年4月10日学术报告（Paul de Vrieze, Bournemouth University）
报告题目： Process Based Authorization
报告时间： 4月10日 上午10:00（周二）
报告人： Paul de Vrieze, Principal Academic
报告人简介：Dr. Paul de Vrieze is a principal academic in the Faculty of Science and Technology (SciTech) of Bournemouth University and co-coordinator of the EU H2020 FIRST project, a 1.2 million project Euros with 7 international partners. Previously he was a Senior Researcher at SAP research, Switzerland, and worked as a Postdoctoral Research Fellow at CSIRO ICT Centre, Australia. He received his Ph.D. in Information Systems from Radboud University Nijmegen, The Netherlands in 2006.
Dr. de Vrieze has published over 60 papers in the international journals and conferences such as Future Generation Computer Systems, International Journal of Computer Integrated Manufacturing, CoopIS, PRO-VE, etc. He is the guest editor of Service Oriented Computing and Applications (Springer). He has been general chair and program committee chair of several international conferences such as PRO-VE. He is also a regular reviewer for journals such as Future Generation Computer Systems, IEEE Transactions on Service Computing, etc. His main research interests are in enterprise information system integration, user modeling, systems modeling, semantics integration, virtual factory, and smart factory.
报告摘要：With the introduction of the general data protection regulation (GDPR) in Europe and the general increasing scrutiny of what happens with data the way data is managed in information systems has become important. Common approaches are often role based where people with the correct role get access to all data in a particular category.
The GDPR introduces the requirement that all for all data access this is performed for a clear reason and that unneeded access to data is prevented through technical and organizational measures. Process based authorization is based on the view that activity requiring data access generally is part of some process. The need to access this data is based upon that process, as is the reason for access. Given that the process often determines the data access needed, the access is not only limited to the process, or the staff members involved in the relevant activities, but also only the data needed.
- 上一篇：3月28日学术报告（邓水光 浙江大学；王尚广 北京邮电大学）