Hello jBPM community,
Capgemini is planning to implement jBPM for a large customer.
My role in this project is security advisor, but unfortunately I’m not familiar with jBPM.
Could someone from the community please inform me (or send documents) about the security aspects of jBPM. Anything will help.
Security aspects more in detail:
-
Confidentiality
o
Access control mechanism
o
Administrator’s roles
o
Access to storage
-
Integrity
o
Ensure data not to be changed without permission by “owners” of data or process
o
Ensure data not to be changed due to system problems
o
Change of data will be detected
-
Availablity
o
Ensure access to data when needed
o
Features to ensure no data loss
o
Features to prevent data loss
-
Non Repudiation
o
Proof of access to documents and processes
o
Secure logging (tamper free)
o
Tampering of logfiles should be detected
Please feel free to inform me about other aspects of security.
Please contact me on
jan.de.boer@capgemini.com
Best regards and lots of thanks in advance.
Jan
_____________________________________________________________
Jan de Boer MSIT
Capgemini
/ NL-Utrecht
Master of Security in the Information Technology
Managing Consultant Information Security
T. +31 30 689 02 76 / Mob. +31 6 15 03 02 76
www.nl.capgemini.com
Don’t think network security and firewalls will protect your information.
The vulnerability lies in your employees.
_____________________________________________________________
Please consider the environment and only print this email if absolutely
necessary. Capgemini encourages environmental awareness.