DocumentCode :
2206034
Title :
A Role and Task-Based Workflow Dynamic Authorization Modeling and Enforcement Mechanism
Author :
Zu, Xiangrong ; Liu, Lianzhong ; Bai, Yan
Author_Institution :
Comput. Sci. & Tech. Dept., North China Electr. Power Univ., Beijing, China
fYear :
2009
fDate :
26-28 Dec. 2009
Firstpage :
1593
Lastpage :
1596
Abstract :
Current workflow products can support more complex modeling of business processes, workflow engine mechanism is well researched, but the link between organizational elements and process activities is less well understood. In access control, most products can only support fixed role-based task assignment, not enough in considering more complex security policies, such as DSOD, task binding of duties, and temporal constraints, that important in dynamic workflow system. This paper examines workflow access control requirement in practice, analyzes WFMC workflow meta-model, and adopts the R&TBAC approach to separate role-based organization and task-based authorization-step modeling, and especially designs an agent-based dynamic policy enforcement mechanism to bridge the gap. The intelligent task assigning agent to be defined as a virtual participant in workflow process definition, and creating within workflow engine controlled available task instance, acts as to evaluate task dynamic authorization policy to provide eligible task participant role-set based on its information model. This paper gives a formal specification of the workflow authorization model, and designs the agent information model, assigning policy model, and function model in detail. The modeling approach can widely adapt to various existing workflow systems and can automatically change policy as enterprise organization or business process definition need changing.
Keywords :
access control; authorisation; formal specification; workflow management software; access control; business processes; dynamic authorization policy; dynamic workflow system; enforcement mechanism; formal specification; workflow engine mechanism; Access control; Authorization; Automation; Computer networks; Engines; Information science; Information security; Intelligent agent; Power engineering and energy; Power engineering computing;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-4909-5
Type :
conf
DOI :
10.1109/ICISE.2009.153
Filename :
5454455
Link To Document :
بازگشت