Existing Research Methodologies

The following provides a brief overview of the major existing research methodologies that have influenced the development of the Model, namely Business Process management, Service Oriented Architecture, Role Based Access Control, Generic Programming and Cloud Computing.

1.3.4.1 Business Process Management and Service Oriented Architecture

Business Process Management (BPM) and the Service Oriented Architecture (SOA) are two fields of research that focus on using IT systems to manage businesses. BPM stems from Business Management research where the focus is on examining existing business processes and then representing them in the IT system as “tasks”. SOA stems from IT research where the focus is to get functional software components, “services” to work together to perform business processes. While the methodologies of the two fields differ, the basic aims are similar.

Both fields are having an impact in the commercial world. In particular, the largest business software company in the world, SAP, bases its technology on SOA. However, SAP solutions are mainly aimed at large enterprises and do not at present scale down well for Small to Medium Enterprises (SMEs).

The Model utilises a service-based approach that is similar to that used in SOA. BPM functionalities are incorporated in the proposed System.

1.3.4.2 Role Based Access Control

Another relevant field of research, within the broader field of Computer Security, is that of Access Control. Access Control is fundamentally concerned with “who has access to what” in an IT system – the “who” being a user (or “subject”) and the “what” a file (or “object”). Role Based Access Control (RBAC) is the arguably the most relevant Access Control Model employed in current IT systems. The fundamental RBAC characteristic is to grant access to users on the basis of group membership where groups represent organisational “roles”. The major drawback to RBAC is inefficiency, as systems using it properly require considerable work to administer where, as is the norm, there are large numbers of users and roles.

The Model utilises a “Group” concept (see 1.6) to manage resources. By incorporating Groups into the service-based approach the objective is to overcome the inefficiencies of RBAC.

1.3.4.3 Generic Programming

Generic programs are written to be useful to many different users. Their major drawback, vis-à-vis programs tailored to individual needs, is that users may have to alter the way they do things in order to use these programs. However, this disadvantage is usually outweighed by various advantages. The most obvious advantage is that the cost of generic programs is usually a fraction of the cost of tailored programs. A second advantage is that of being able to exchange files with other users of the generic program. A third advantage is that users who have learned to use generic programs do not ordinarily require training to the same extent as users of tailored programs.

There are other, more hidden, advantages that generic programs tend to possess. These have to do with the ability to build security features into the programs and the ability to ensure regulatory compliance. It is generally only when a program becomes broadly used that it is economically feasible to build these complex features into programs.

The Model proposes that generic programs be utilised. These programs form the proposed IT-based business management System.

1.3.4.4 Cloud Computing

The “Cloud Computing” paradigm is based on the idea that the components in the “cloud” are unknown or not visible to the user. Accepting that the term “cloud computing” is somewhat vague, the following definition, from the US National Institute of Standards and Technology (NIST), is useful:

Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

The three service models mentioned in the definition are “Cloud Software as a Service” (SaaS), “Cloud Platform as a Service” (PaaS) and “Cloud Infrastructure as a Service” (IaaS). The idea of services being located within the cloud is evident. Indeed, there are manifold commonalities between the Cloud Computing and Service Oriented Architecture paradigms.

The Model incorporates the Cloud Computing paradigm, in that it assumes that System Components can be located remotely as well as locally. In fact, the requirement of remote access is a key requirement upon which the Model is designed. Nor are the Service and Group Components in the Model location specific. Services (that is, Service Templates or Service Components) are designed

to be imported from remote locations. Groups are designed to represent global entities.

Considerable technical work has been done to enable Cloud Computing systems to be functional. Indeed, the proportion of computing devices7 that are connected to networks is increasing; most are now designed to be “connected”.

While this increased connectivity has obvious benefits, it has generated many business management, security and legal issues. For example, when a customer uses a service that is offered by one organisation and components of the service are provided by any number of unknown (at least to the customer) remote organisations, legal concerns arise. The organisation offering the service may itself be remote from the customer. In a Cloud Computing environment it will often be the case that the only sense in which a service belongs to an organisation is in the legal sense. The Model seeks to address these legal concerns by incorporating a generic legal contract, which it terms the Service Contract (see 1.7), with every Service. And the Model utilises generic Services (see 1.5.3) and global Groups (see 1.6.3) to deal with the business management and security issues.