Behaviour v structure : Tribunal’s AGL Energy merger authorisation

Section 95AT of the Competition and Consumer Act 2010 (Cth) (CCA) provides that the Tribunal may grant an authorisation to acquire shares or assets that would otherwise contravene s 50. Section 95AT was inserted by the Trade Practices Legislation Amendment Act 2006 (Cth) and commenced on 1 January 2007. In Application for Authorisation of Macquarie Generation by AGL Energy Limited, (AGL Energy) the Tribunal has for the first time granted AGL Energy Limited (AGL) a conditional authorisation to acquire the assets of Macquarie Generation from the NSW Government.

Towards authorisation models for secure information sharing : a survey and research agenda

This article presents a survey of authorisation models and considers their ‘fitness-for-purpose’ in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a ‘virtual organisation’. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-based Access Control concept is presented.

Towards a game theoretic authorisation model

Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users’ access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users’ potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider.

BP-XACML: An authorisation policy language for business processes

XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task instance, which are important requirements in enforcing business process authorisation policies.

A longitudinal investigation of coping processes during a merger: Implications for job satisfaction and organizational identification

This study tested the utility of a stress and coping model of employee adjustment to a merger. Two hundred and twenty employees completed both questionnaires (Time 1: 3 months after merger implementation; Time 2: 2 years later). Structural equation modeling analyses revealed that positive event characteristics predicted greater appraisals of self-efficacy and less stress at Time 1. Self-efficacy, in turn, predicted greater use of problem-focused coping at Time 2, whereas stress predicted a greater use of problem-focused and avoidance coping. Finally, problem-focused coping predicted higher levels of job satisfaction and identification with the merged organization (Time 2), whereas avoidance coping predicted lower identification.

Authorisation management in business process environments: An authorisation model and a policy model

This thesis provides two main contributions. The first one is BP-TRBAC, a unified authorisation model that can support legacy systems as well as business process systems. BP-TRBAC supports specific features that are required by business process environments. BP-TRBAC is designed to be used as an independent enterprise-wide authorisation model, rather than having it as part of the workflow system. It is designed to be the main authorisation model for an organisation. The second contribution is BP-XACML, an authorisation policy language that is designed to represent BPM authorisation policies for business processes. The contribution also includes a policy model for BP-XACML. Using BP-TRBAC as an authorisation model together with BP-XACML as an authorisation policy language will allow an organisation to manage and control authorisation requests from workflow systems and other legacy systems.

The AOL Huffington Post merger

This article examines the merger between AOL and the Huffington Post. The broader issues around the merger will be investigated, especially the implication for rights, in particular free expression, and their conditions for exercise and actual exercise online. One major issue is that of the status of user-generated content and how the existing legal regime reflects the ethical concerns of users over how their content, data and information is used and commodified by the for-profit Internet intermediaries and platforms, especially when they start to merge and form concentrations. The extent to which the current legal regimes, especially human rights, deal with these problems in an adequate fashion will be assessed, along with the presentation of some suggestions of alternative approaches which may be more effective in practice.

On the discursive construction of success/failure in narratives of post-merger integration

This article concentrates on the discursive constmction of success and failure in narratives of post-merger integration. Drawing on extensive interview material from eight Finnish-Swedish mergers and acquisitions, the empirical analysis leads to distinguishing four types of discourse — 'rationalistic', 'cultural', 'role-bound' and 'individualistic' — that narrators employ in recounting their experiences. In particular, the empirical material illustrates how the discursive frameworks enable specific (di.scursive) strategies and moves for (re)framing the success/failure, justification/legitimization of one's own actions, and (re)constniction of responsibility when dealing with socio-psychological pressures associated with success/failtire. The analysis also suggests that, as a result of making use of these discursive strategies and moves, success stories are likely to lead to overly optimistic or, in the case of failure stories, overly pessimistic views on the management's ability to control these change processes. Tliese findings imply that we should take the discursive elements that both constrain our descriptions and explanations seriously, and provide opportunities for more or less intentional (re)interpretations of postmerger integration or other organizational change processes.