This invention relates to a method and apparatus for sharing and executing sensitive logic semantics.
The invention operates in the general environment of software support and maintenance. In this context, it is frequent that a software defect has been spotted and can be reproduced. However, the particular data instance and program logic involved cannot be communicated to the person responsible for analyzing the issue and solving it for confidentiality reasons.
In computer system tools for managing processes and decisions, some sensitive parts of decision and process logic (referred to henceforth as sensitive decision logic and sensitive process logic) are written by high level users and should not be made available to administrators, technical support, or developers. For instance, technical support personnel in charge of maintaining the whole program may be from a different company and/or not have the proper clearance for the sensitive decision logic and/or sensitive process logic.
A significant evolution of the past 10 years in software systems is the distribution of enterprise applications and the separation of concerns between software infrastructure and the decision and process logic that structure it. Exemplified by process and decision management tools, enterprise applications are deployed in cloud environments or a variety of software systems, and embed or access decision services, which contain some specific subprograms that describe the sensitive decision and process logic. The sensitive logic may often be critical to the operation of the organization. It is condensed in relatively isolated and easily identifiable segments, which is convenient for maintenance and evolution, but represents a serious vulnerability, should it be made accessible beyond a contained perimeter.