{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2015:AANOEXFIUEVAZ7B64QEUBVSHXT","short_pith_number":"pith:AANOEXFI","canonical_record":{"source":{"id":"1512.06404","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-12-20T17:15:59Z","cross_cats_sorted":[],"title_canon_sha256":"ac07f6cafe945d8051b3516ec7d1fd585aad980df47351f06fdc49ad1df65e5e","abstract_canon_sha256":"304cfe9ce52ced6a487fc0ee4188212d448f49dfc3692ce85a9b69235776d5f1"},"schema_version":"1.0"},"canonical_sha256":"001ae25ca8a12a0cfc3ee40940d647bcd618ff75757b7f69b4451936de9f0c63","source":{"kind":"arxiv","id":"1512.06404","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1512.06404","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"arxiv_version","alias_value":"1512.06404v3","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1512.06404","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"pith_short_12","alias_value":"AANOEXFIUEVA","created_at":"2026-05-18T12:29:10Z"},{"alias_kind":"pith_short_16","alias_value":"AANOEXFIUEVAZ7B6","created_at":"2026-05-18T12:29:10Z"},{"alias_kind":"pith_short_8","alias_value":"AANOEXFI","created_at":"2026-05-18T12:29:10Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2015:AANOEXFIUEVAZ7B64QEUBVSHXT","target":"record","payload":{"canonical_record":{"source":{"id":"1512.06404","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-12-20T17:15:59Z","cross_cats_sorted":[],"title_canon_sha256":"ac07f6cafe945d8051b3516ec7d1fd585aad980df47351f06fdc49ad1df65e5e","abstract_canon_sha256":"304cfe9ce52ced6a487fc0ee4188212d448f49dfc3692ce85a9b69235776d5f1"},"schema_version":"1.0"},"canonical_sha256":"001ae25ca8a12a0cfc3ee40940d647bcd618ff75757b7f69b4451936de9f0c63","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:23:07.671342Z","signature_b64":"fcdWHUyQz2YZ9oP4WrzlipnfubBlmVY/tmfvI5+Z8yZvs/8eBO0nD7VGTn7Zbrlw9+kTPnhfI+sLodWXYeFDAw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"001ae25ca8a12a0cfc3ee40940d647bcd618ff75757b7f69b4451936de9f0c63","last_reissued_at":"2026-05-18T01:23:07.670873Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:23:07.670873Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1512.06404","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:23:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"FRIRPln16j2FAIllIF8JHlDvQHAo+BTzjHA/PdFWYrm2pK8ddn1H03UkO9XZq4mXEXUfIoa/53SmsGubAtN8Bg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-22T22:50:43.792202Z"},"content_sha256":"b4864534dbf318bb73f0163a85d55ef0072e3b1cc1a6f87befdbbfec8a86585b","schema_version":"1.0","event_id":"sha256:b4864534dbf318bb73f0163a85d55ef0072e3b1cc1a6f87befdbbfec8a86585b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2015:AANOEXFIUEVAZ7B64QEUBVSHXT","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Security Constraints in Temporal Role-Based Access-Controlled Workflows (Extended Version)","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Carlo Combi, Luca Vigan\\'o, Matteo Zavatteri","submitted_at":"2015-12-20T17:15:59Z","abstract_excerpt":"Workflows and role-based access control models need to be suitably merged, in order to allow users to perform processes in a correct way, according to the given data access policies and the temporal constraints. Given a mapping between workflow models and simple temporal networks with uncertainty, we discuss a mapping between role temporalities and simple temporal networks, and how to connect the two resulting networks to make explicit who can do what, when. If the connected network is still executable, we show how to compute the set of authorized users for each task. Finally, we define securi"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1512.06404","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:23:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"hgZi/68TR7iB4xfiIqs3CMkfACgXdGbW7ONGUEbDOzqKOj2QX1JsVvMbuC25e+joM3zmnqMviSGnqrCkO6p5DA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-22T22:50:43.792611Z"},"content_sha256":"be6677caa5e395743fde505808852febe8a8adf4fd3348a4e6b405501d8b4754","schema_version":"1.0","event_id":"sha256:be6677caa5e395743fde505808852febe8a8adf4fd3348a4e6b405501d8b4754"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/bundle.json","state_url":"https://pith.science/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-22T22:50:43Z","links":{"resolver":"https://pith.science/pith/AANOEXFIUEVAZ7B64QEUBVSHXT","bundle":"https://pith.science/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/bundle.json","state":"https://pith.science/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/state.json","well_known_bundle":"https://pith.science/.well-known/pith/AANOEXFIUEVAZ7B64QEUBVSHXT/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2015:AANOEXFIUEVAZ7B64QEUBVSHXT","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"304cfe9ce52ced6a487fc0ee4188212d448f49dfc3692ce85a9b69235776d5f1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-12-20T17:15:59Z","title_canon_sha256":"ac07f6cafe945d8051b3516ec7d1fd585aad980df47351f06fdc49ad1df65e5e"},"schema_version":"1.0","source":{"id":"1512.06404","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1512.06404","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"arxiv_version","alias_value":"1512.06404v3","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1512.06404","created_at":"2026-05-18T01:23:07Z"},{"alias_kind":"pith_short_12","alias_value":"AANOEXFIUEVA","created_at":"2026-05-18T12:29:10Z"},{"alias_kind":"pith_short_16","alias_value":"AANOEXFIUEVAZ7B6","created_at":"2026-05-18T12:29:10Z"},{"alias_kind":"pith_short_8","alias_value":"AANOEXFI","created_at":"2026-05-18T12:29:10Z"}],"graph_snapshots":[{"event_id":"sha256:be6677caa5e395743fde505808852febe8a8adf4fd3348a4e6b405501d8b4754","target":"graph","created_at":"2026-05-18T01:23:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Workflows and role-based access control models need to be suitably merged, in order to allow users to perform processes in a correct way, according to the given data access policies and the temporal constraints. Given a mapping between workflow models and simple temporal networks with uncertainty, we discuss a mapping between role temporalities and simple temporal networks, and how to connect the two resulting networks to make explicit who can do what, when. If the connected network is still executable, we show how to compute the set of authorized users for each task. Finally, we define securi","authors_text":"Carlo Combi, Luca Vigan\\'o, Matteo Zavatteri","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-12-20T17:15:59Z","title":"Security Constraints in Temporal Role-Based Access-Controlled Workflows (Extended Version)"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1512.06404","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:b4864534dbf318bb73f0163a85d55ef0072e3b1cc1a6f87befdbbfec8a86585b","target":"record","created_at":"2026-05-18T01:23:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"304cfe9ce52ced6a487fc0ee4188212d448f49dfc3692ce85a9b69235776d5f1","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2015-12-20T17:15:59Z","title_canon_sha256":"ac07f6cafe945d8051b3516ec7d1fd585aad980df47351f06fdc49ad1df65e5e"},"schema_version":"1.0","source":{"id":"1512.06404","kind":"arxiv","version":3}},"canonical_sha256":"001ae25ca8a12a0cfc3ee40940d647bcd618ff75757b7f69b4451936de9f0c63","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"001ae25ca8a12a0cfc3ee40940d647bcd618ff75757b7f69b4451936de9f0c63","first_computed_at":"2026-05-18T01:23:07.670873Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:23:07.670873Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"fcdWHUyQz2YZ9oP4WrzlipnfubBlmVY/tmfvI5+Z8yZvs/8eBO0nD7VGTn7Zbrlw9+kTPnhfI+sLodWXYeFDAw==","signature_status":"signed_v1","signed_at":"2026-05-18T01:23:07.671342Z","signed_message":"canonical_sha256_bytes"},"source_id":"1512.06404","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:b4864534dbf318bb73f0163a85d55ef0072e3b1cc1a6f87befdbbfec8a86585b","sha256:be6677caa5e395743fde505808852febe8a8adf4fd3348a4e6b405501d8b4754"],"state_sha256":"ca90870fd1004fe190969955e9a4e1a1e14d067721d1cb30cecb9b1f54079f46"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"WrOSc4ZfKRv4JabI/6pLfxt8pscCEVz2EOUxy1eAB71nVOvsw4jf/yA7Akid1Ws24VLNPHifVL99EDCys4V5AA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-22T22:50:43.794599Z","bundle_sha256":"05d178ff81d78ddd74365795515be6a64f19a255d8a81d23128c5af192f517ee"}}