<div dir="ltr">Hi Boer,<div style>This is a developer list, and usually we redirect the question here to the jBPM User Forum.</div><div style>Your questions in this case are targeted to development team, so I think that is ok.</div>
<div style>jBPM is a lightweight framework that you can embed in your applications, so most of the time all the security aspects are delegated to the application that is embedding jbpm. All the users and roles will be coming from the application, so the application is the one that should check authorizations and authentications of the users and their actions.</div>
<div style><br></div><div style>The process engine itself make sure that the data is kept in a consistent state at all times, so you don't need to worry about that.</div><div style><br></div><div style>Cheers</div></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 23, 2013 at 3:05 PM, Boer (J31), Jan de <span dir="ltr"><<a href="mailto:jan.de.boer@capgemini.com" target="_blank">jan.de.boer@capgemini.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="NL" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">Hello jBPM community,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Capgemini is planning to implement jBPM for a large customer.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">My role in this project is security advisor, but unfortunately I’m not familiar with jBPM.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Could someone from the community please inform me (or send documents) about the security aspects of jBPM. Anything will help.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Security aspects more in detail:<u></u><u></u></span></p>
<p><u></u><span lang="EN-US"><span>-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Confidentiality<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Access control mechanism<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Administrator’s roles<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Access to storage<u></u><u></u></span></p>
<p><u></u><span lang="EN-US"><span>-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Integrity<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Ensure data not to be changed without permission by “owners” of data or process<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Ensure data not to be changed due to system problems<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Change of data will be detected<u></u><u></u></span></p>
<p><u></u><span lang="EN-US"><span>-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Availablity<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Ensure access to data when needed<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Features to ensure no data loss<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Features to prevent data loss<u></u><u></u></span></p>
<p><u></u><span lang="EN-US"><span>-<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Non Repudiation<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Proof of access to documents and processes<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Secure logging (tamper free)<u></u><u></u></span></p>
<p style="margin-left:72.0pt">
<u></u><span lang="EN-US" style="font-family:"Courier New""><span>o<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span lang="EN-US">Tampering of logfiles should be detected<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Please feel free to inform me about other aspects of security.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Please contact me on <a href="mailto:jan.de.boer@capgemini.com" target="_blank">
jan.de.boer@capgemini.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Best regards and lots of thanks in advance.<u></u><u></u></span></p>
<p class="MsoNormal">Jan<u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#003366">_____________________________________________________________<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#003366">Jan de Boer MSIT<u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:14.0pt;font-family:"Times New Roman","serif";color:navy">Cap</span></b><b><span style="font-size:14.0pt;font-family:"Times New Roman","serif";color:aqua">gemini</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#003366">
/ NL-Utrecht</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#003366">Master of Security in the Information Technology<br>
</span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#003366">Managing Consultant Information Security<br>
T. <a href="tel:%2B31%C2%A030%20689%2002%2076" value="+31306890276" target="_blank">+31 30 689 02 76</a> / Mob. <a href="tel:%2B31%206%2015%2003%2002%2076" value="+31615030276" target="_blank">+31 6 15 03 02 76</a><br>
<a href="http://www.nl.capgemini.com/" title="http://www.nl.capgemini.com/" target="_blank">www.nl.capgemini.com</a><u></u><u></u></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#003366">Don’t think network security and firewalls will protect your information.<br>
The vulnerability lies in your employees.</span></b><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"><br>
</span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#003366">_____________________________________________________________<br>
</span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#1f497d">Please consider the environment and only print this email if absolutely
<br>
necessary. Capgemini encourages environmental awareness.</span><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman","serif";color:#1f497d"><u></u><u></u></span></p>
</div>
<span style="font-size:9px;line-height:10px">This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.</span></div>
<br>_______________________________________________<br>
jbpm-dev mailing list<br>
<a href="mailto:jbpm-dev@lists.jboss.org">jbpm-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/jbpm-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/jbpm-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"> - MyJourney @ <a href="http://salaboy.wordpress.com" target="_blank">http://salaboy.com</a><div>
- Co-Founder @ <a href="http://www.jugargentina.org" target="_blank">http://www.jugargentina.org</a><br> - Co-Founder @ <a href="http://www.jbug.com.ar" target="_blank">http://www.jbug.com.ar</a><br> <br> - Salatino "Salaboy" Mauricio -</div>
</div>
</div>