Constraint-Based Authorization Management for Mobile Collaboration Services

With the fast development of high speed wireless technologies and the growing population of mobile portable devices, location information is potentially available for access control systems. Such applications are especially meaningful in emergency situations, where quick responses are urgently required for persons to be physically present in a certain place to perform sensitive tasks without conflicting with security policies. In this paper, we investigate this challenging problem and propose a novel constraint-based authorization management model, which takes the mobile execution of tasks with handheld devices into account. The authorizations are activated by means of location based execution binding to handle uncertain conditions such as flexible business processes and emergency situations, considering both the user´s location and attributes. With the introduced algorithms the model is capable of execution planning to detect and avoid inconsistencies in the security constraints of activities at design and runtime. Finally we propose a system architecture based on Web service technologies and a XACML based syntax for defining the security constraints.