AW-RBAC: Access Control in Adaptive Workflow Systems

Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control (RBAC) models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a RBAC model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended RBAC model for adaptive workflow systems (AW-RBAC) that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the AW-RBAC model improves security during workflow changes and reduces administration costs. The AW-RBAC model is evaluated by means of practical examples and a proof-of-concept implementation.