Managing workflow authorization constraints through active database technology

Fabio Casati, Silvana Castano, MariaGrazia Fugini

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

The execution of workflow processes requires authorization models and tools for enforcing the assignment of tasks to (human or automated) agents according to the security policy of the organization. The paper presents an advanced role-based authorization model for workflow processes, extended with organizational levels and authorization constraints. Roles and organizational levels are organized into hierarchies, to facilitate the assignment of tasks to agents. In addition, constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules to be executed on top of the authorization base, where play and execute authorizations as well as role and level hierarchies are properly stored. Besides enforcing authorization constraints, active rules are used also for authorization management , to enforce authorization derivation along role/level hierarchies. The WfMS then determines authorized agents on the basis of the contents of the authorization base, suitably maintained by the active rules defined in the system. In order to better illustrate the model and concepts included in the paper and to demonstrate the feasibility of the approach, we also present the implementation of the proposed model within the WIDE workflow management system.

Original languageEnglish
JournalHP Laboratories Technical Report
Issue number156
Publication statusPublished - 29 Nov 2000
Externally publishedYes

Keywords

  • Active rules
  • Authorization constraints
  • Workflows

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Managing workflow authorization constraints through active database technology. / Casati, Fabio; Castano, Silvana; Fugini, MariaGrazia.

In: HP Laboratories Technical Report, No. 156, 29.11.2000.

Research output: Contribution to journalArticle

@article{73b6ce0dbe164291a37b705d4d0e955b,
title = "Managing workflow authorization constraints through active database technology",
abstract = "The execution of workflow processes requires authorization models and tools for enforcing the assignment of tasks to (human or automated) agents according to the security policy of the organization. The paper presents an advanced role-based authorization model for workflow processes, extended with organizational levels and authorization constraints. Roles and organizational levels are organized into hierarchies, to facilitate the assignment of tasks to agents. In addition, constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules to be executed on top of the authorization base, where play and execute authorizations as well as role and level hierarchies are properly stored. Besides enforcing authorization constraints, active rules are used also for authorization management , to enforce authorization derivation along role/level hierarchies. The WfMS then determines authorized agents on the basis of the contents of the authorization base, suitably maintained by the active rules defined in the system. In order to better illustrate the model and concepts included in the paper and to demonstrate the feasibility of the approach, we also present the implementation of the proposed model within the WIDE workflow management system.",
keywords = "Active rules, Authorization constraints, Workflows",
author = "Fabio Casati and Silvana Castano and MariaGrazia Fugini",
year = "2000",
month = "11",
day = "29",
language = "English",
journal = "HP Laboratories Technical Report",
number = "156",

}

TY - JOUR

T1 - Managing workflow authorization constraints through active database technology

AU - Casati, Fabio

AU - Castano, Silvana

AU - Fugini, MariaGrazia

PY - 2000/11/29

Y1 - 2000/11/29

N2 - The execution of workflow processes requires authorization models and tools for enforcing the assignment of tasks to (human or automated) agents according to the security policy of the organization. The paper presents an advanced role-based authorization model for workflow processes, extended with organizational levels and authorization constraints. Roles and organizational levels are organized into hierarchies, to facilitate the assignment of tasks to agents. In addition, constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules to be executed on top of the authorization base, where play and execute authorizations as well as role and level hierarchies are properly stored. Besides enforcing authorization constraints, active rules are used also for authorization management , to enforce authorization derivation along role/level hierarchies. The WfMS then determines authorized agents on the basis of the contents of the authorization base, suitably maintained by the active rules defined in the system. In order to better illustrate the model and concepts included in the paper and to demonstrate the feasibility of the approach, we also present the implementation of the proposed model within the WIDE workflow management system.

AB - The execution of workflow processes requires authorization models and tools for enforcing the assignment of tasks to (human or automated) agents according to the security policy of the organization. The paper presents an advanced role-based authorization model for workflow processes, extended with organizational levels and authorization constraints. Roles and organizational levels are organized into hierarchies, to facilitate the assignment of tasks to agents. In addition, constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules to be executed on top of the authorization base, where play and execute authorizations as well as role and level hierarchies are properly stored. Besides enforcing authorization constraints, active rules are used also for authorization management , to enforce authorization derivation along role/level hierarchies. The WfMS then determines authorized agents on the basis of the contents of the authorization base, suitably maintained by the active rules defined in the system. In order to better illustrate the model and concepts included in the paper and to demonstrate the feasibility of the approach, we also present the implementation of the proposed model within the WIDE workflow management system.

KW - Active rules

KW - Authorization constraints

KW - Workflows

UR - http://www.scopus.com/inward/record.url?scp=84862446349&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862446349&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84862446349

JO - HP Laboratories Technical Report

JF - HP Laboratories Technical Report

IS - 156

ER -