Conceptual foundations for a model of task-based authorizations

We describe conceptual foundations to address integrity issues in computerized information systems from the enterprise perspective. The motivation for this effort stems from the recognition that existing models are formulated at too low a level of abstraction, to be useful for modeling organizational requirements, policy aspects, and internal controls, pertaining to maintenance of integrity in information systems. In particular, these models are primarily concerned with the integrity of internal data components within computer systems, and thus lack the constructs necessary to model enterprise level integrity principles. The starting point in the investigation is the notion of authorization functions and tasks associated with business activities carried out in the enterprise. These functions identify the authorization requirements while the authorization tasks embody the concepts required to carry out such authorizations. We believe a model of task-based authorizations will bridge the existing gap between low-level models and very high level ones looking at integrity from a purely organizational and sociological perspective devoid of any direct links to computerized systems. The work described is preliminary and conceptual in nature, but is a necessary prerequisite for the eventual development of a formal model.>