Web services and role selection in support of separation of duties and binding of duties for composable process execution

Web services have become the de facto standard as component technologies for quickly composing a business process that satisfies the business goal of an organization. Nowadays, Web services have found its way into describing the functions of automatic tasks as well as human tasks. An important part in the specification of a business process, especially for human tasks, is the access control that constrains who can perform its tasks. This paper considers both types of tasks involved in a Web services-based process and the corresponding access control problem. We focus on two types of access control constraints, namely separation of duties (SoD) and binding of duties (BoD). Both role-level and participant-level of SoDs and BoDs are investigated in this paper. We propose an approach to dynamically choosing the performer for each task so as to satisfy all access control constraints. The proposed performer selection approach is evaluated based on a purchase order scenario and is shown to have the highest chance of satisfying all predefined access control constraints when compared to other methods.