The execution of workflow processes requires authorization models and tools for enforcing the assignment of tasks to (human or automated) agents according to the security policy of the organization. The paper presents an advanced role-based authorization model for workflow processes, extended with organizational levels and authorization constraints. Roles and organizational levels are organized into hierarchies, to facilitate the assignment of tasks to agents. In addition, constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules to be executed on top of the authorization base, where play and execute authorizations as well as role and level hierarchies are properly stored. Besides enforcing authorization constraints, active rules are used also for authorization management , to enforce authorization derivation along role/level hierarchies. The WfMS then determines authorized agents on the basis of the contents of the authorization base, suitably maintained by the active rules defined in the system. In order to better illustrate the model and concepts included in the paper and to demonstrate the feasibility of the approach, we also present the implementation of the proposed model within the WIDE workflow management system.
|Journal||HP Laboratories Technical Report|
|Publication status||Published - 29 Nov 2000|
- Active rules
- Authorization constraints
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture