Engineering access control for distributed enterprise applications

Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. ^ In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. ^ In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications. ^

The impact of information technology on organizations: A study of enterprise resource planning system influences on job design and organizational culture

The primary purpose of this research is to study the linkage between perceived job design characteristics and information system environment characteristics before and after the replacement of a legacy information system with a new type of information system (referred to as an Enterprise Resource Planning or ERP system). A public state University implementing an academic version of an ERP system was selected for the study. Three survey instruments were used to examine the perception of the information system, the job characteristics, and the organizational culture before and after the system implementation. The research participants included two large departments resulting in a sample of 130 workers. Research questions were analyzed using multivariate procedures including factor analysis, path analysis, step-wise regression, and matched pair analysis. ^ Results indicated that the ERP system has introduced new elements into the working environment that has changed the perception of how the job design characteristics and organization culture dimensions are viewed by the workers. The understanding of how the perceived system characteristics align with an individual's perceived job design characteristics is supported by each of the system characteristics significantly correlated in the proposed direction. The stronger support of this relationship becomes visible in the causal flow of the effects seen in the path diagram and in the step-wise regression. The perceived job design characteristics aligning with dimensions of organizational culture are not as strong as the literature suggests. Although there are significant correlations between the job and culture variables, only one relationship can be seen in the causal flow. ^ This research has demonstrated that system characteristics of ERP do contribute to the perception of change in an organization and do support organizational culture behaviors and job characteristics. ^

Framework for enterprise systems engineering

This research aimed at developing a research framework for the emerging field of enterprise systems engineering (ESE). The framework consists of an ESE definition, an ESE classification scheme, and an ESE process. This study views an enterprise as a system that creates value for its customers. Thus, developing the framework made use of system theory and IDEF methodologies. This study defined ESE as an engineering discipline that develops and applies systems theory and engineering techniques to specification, analysis, design, and implementation of an enterprise for its life cycle. The proposed ESE classification scheme breaks down an enterprise system into four elements. They are work, resources, decision, and information. Each enterprise element is specified with four system facets: strategy, competency, capacity, and structure. Each element-facet combination is subject to the engineering process of specification, analysis, design, and implementation, to achieve its pre-specified performance with respect to cost, time, quality, and benefit to the enterprise. This framework is intended for identifying research voids in the ESE discipline. It also helps to apply engineering and systems tools to this emerging field. It harnesses the relationships among various enterprise aspects and bridges the gap between engineering and management practices in an enterprise. The proposed ESE process is generic. It consists of a hierarchy of engineering activities presented in an IDEF0 model. Each activity is defined with its input, output, constraints, and mechanisms. The output of an ESE effort can be a partial or whole enterprise system design for its physical, managerial, and/or informational layers. The proposed ESE process is applicable to a new enterprise system design or an engineering change in an existing system. The long-term goal of this study aims at development of a scientific foundation for ESE research and development.

A methodology to select an enterprise resource planning system for a small or medium sized enterprise

Enterprise Resource Planning (ERP) systems are software programs designed to integrate the functional requirements, and operational information needs of a business. Pressures of competition and entry standards for participation in major manufacturing supply chains are creating greater demand for small business ERP systems. The proliferation of new offerings of ERP systems introduces complexity to the selection process to identify the right ERP business software for a small and medium-sized enterprise (SME). The selection of an ERP system is a process in which a faulty conclusion poses a significant risk of failure to SME’s. The literature reveals that there are still very high failure rates in ERP implementation, and that faulty selection processes contribute to this failure rate. However, the literature is devoid of a systematic methodology for the selection process for an ERP system by SME’s. This study provides a methodological approach to selecting the right ERP system for a small or medium-sized enterprise. The study employs Thomann’s meta-methodology for methodology development; a survey of SME’s is conducted to inform the development of the methodology, and a case study is employed to test, and revise the new methodology. The study shows that a rigorously developed, effective methodology that includes benchmarking experiences has been developed and successfully employed. It is verified that the methodology may be applied to the domain of users it was developed to serve, and that the test results are validated by expert users and stakeholders. Future research should investigate in greater detail the application of meta-methodologies to supplier selection and evaluation processes for services and software; additional research into the purchasing practices of small firms is clearly needed.^

Hydro-physical characterization of media used in agricultural systems to develop the best management practices for operation of an environmentally sustainable agricultural enterprise

Florida is the second leading horticulture state in the United States with a total annual industry sale of over $12 Billion. Due to its competitive nature, agricultural plant production represents an extremely intensive practice with large amounts of water and fertilizer usage. Agrochemical and water management are vital for efficient functioning of any agricultural enterprise, and the subsequent nutrient loading from such agricultural practices has been a concern for environmentalists. A thorough understanding of the agrochemical and the soil amendments used in these agricultural systems is of special interest as contamination of soils can cause surface and groundwater pollution leading to ecosystem toxicity. The presence of fragile ecosystems such as the Everglades, Biscayne Bay and Big Cypress near enterprises that use such agricultural systems makes the whole issue even more imminent. Although significant research has been conducted with soils and soil mix, there is no acceptable method for determining the hydraulic properties of mixtures that have been subjected to organic and inorganic soil amendments. Hydro-physical characterization of such mixtures can facilitate the understanding of water retention and permeation characteristics of the commonly used mix which can further allow modeling of soil water interactions. The objective of this study was to characterize some of the locally and commercially available plant growth mixtures for their hydro-physical properties and develop mathematical models to correlate these acquired basic properties to the hydraulic conductivity of the mixture. The objective was also to model the response patterns of soil amendments present in those mixtures to different water and fertilizer use scenarios using the characterized hydro-physical properties with the help of Everglades-Agro-Hydrology Model. The presence of organic amendments helps the mixtures retain more water while the inorganic amendments tend to adsorb more nutrients due to their high surface area. The results of these types of characterization can provide a scientific basis for understanding the non-point source water pollution from horticulture production systems and assist in the development of the best management practices for the operation of environmentally sustainable agricultural enterprise

Planning Buy-Sell Agreements In The Hospitality Industry

In the article - Planning Buy-Sell Agreements In The Hospitality Industry - by John M. Tarras, Assistant Professor, School of Hotel, Restaurant and Institutional Management at Michigan State University, the author initially observes: “The vast majority of hospitality firms (restaurants, hotels, etc.) would be considered closely-held corporations. As such, they have unique planning problems compared to large, publicly-traded hospitality firms. One area of special concern to the closely-held hospitality firm is the planning and adoption of a buy-sell agreement.” The above thesis statement outlines the heart of the article; the buy-sell agreement in regard to smaller [closely held, as Tarras calls them] corporations. The theory is narrow and pro-active, spanning the gap between personal-to-corporate stock manipulations. “The primary purpose of a buy-sell agreement is to contribute to the orderly transfer of a shareholder's stock in a hospitality firm upon some future incident [typically retirement, withdrawal of a shareholder, disability, or death], as Tarras defines the concept. “The hospitality firm or the other shareholders would be committed to purchase the departing shareholder's stock at an agreed upon price and method, and to ensure that ample cash will be obtainable for such an impending sale. The buy-sell agreement provides a market for the shareholder or the shareholder's estate for the sale of otherwise illiquid stock,” the author further provides as canons of buy-sell agreements. In defining the buy-sell agreement with restrictive clauses, Tarras demonstrates, “…many closely-held hospitality firms desire to limit ownership to those individuals, either family or principal corporate employees, who are essential to the well-being of the firm.” Tarras says, another element of the buy-sell agreement is to furnish the departing shareholder with liquidity. “…there typically is some form of cash down payment with the remainder denoted by an interest-bearing promissory note [usually 5 to 15 years],” he informs. “The departing shareholders may require that the hospitality firm pledge the assets of the firm and that the remaining shareholders personally guarantee the promissory note.” “…the most frequent reason for establishing buy-sell agreements is for estate planning purposes,” Tarras says. There are tax advantages and liabilities for both the seller and buyer of stock via the buy-sell agreement, and the author enumerates many of these. One, big advantage of the buy-sell agreement is that it provides for the running of the company with a minimum of disruption through the stock-cash transition process, Tarras offers.

Framework for Enterprise Systems Engineering

This research aimed at developing a research framework for the emerging field of enterprise systems engineering (ESE). The framework consists of an ESE definition, an ESE classification scheme, and an ESE process. This study views an enterprise as a system that creates value for its customers. Thus, developing the framework made use of system theory and IDEF methodologies. This study defined ESE as an engineering discipline that develops and applies systems theory and engineering techniques to specification, analysis, design, and implementation of an enterprise for its life cycle. The proposed ESE classification scheme breaks down an enterprise system into four elements. They are work, resources, decision, and information. Each enterprise element is specified with four system facets: strategy, competency, capacity, and structure. Each element-facet combination is subject to the engineering process of specification, analysis, design, and implementation, to achieve its pre-specified performance with respect to cost, time, quality, and benefit to the enterprise. This framework is intended for identifying research voids in the ESE discipline. It also helps to apply engineering and systems tools to this emerging field. It harnesses the relationships among various enterprise aspects and bridges the gap between engineering and management practices in an enterprise. The proposed ESE process is generic. It consists of a hierarchy of engineering activities presented in an IDEF0 model. Each activity is defined with its input, output, constraints, and mechanisms. The output of an ESE effort can be a partial or whole enterprise system design for its physical, managerial, and/or informational layers. The proposed ESE process is applicable to a new enterprise system design or an engineering change in an existing system. The long-term goal of this study aims at development of a scientific foundation for ESE research and development.

The emergence of a mass community-based ecotourism theme park : the case of Ejido Chacchoben, Quintana Roo, Mexico

In 1998, a dispute between a federal government agency and the local community of Chacchoben resulted in the emergence of a community-based ecotourism (CBE) enterprise to be fully owned and operated by the community in conjunction with a complex arrangement of agreements and partnerships with external actors. CBE is usually framed as a lower-impact, often small-scale alternative to mass tourism and as a conservation and development strategy that can hypothetically protect biologically diverse landscapes while improving the lives of marginalized peasant and indigenous communities through their participation. This case study analyzes the roles of common property land tenure and social capital and how the unique dilemma of a mass community-based ecotourism theme park emerged in Chacchoben. Findings indicate that local decisions and processes of development, conservation, and land use are affected by the complex interaction between local and external institutions and fluctuating levels of social capital.

Engineering access control for distributed enterprise applications

Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.