Task Delegation Based Access Control Models for Workflow Systems
نویسندگان
چکیده
e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.
منابع مشابه
Modelling task delegation for human-centric eGovernment workflows
The execution of cross-domain eGovernment applications is a challenging topic. eGovernment organisations are facilitated and conducted using workflow management systems. Workflows automates the management and coordination of organisational or business processes. In the context of eGovernment, what is in many cases described as collaboration appears, however, to be coordination and synchronisati...
متن کاملUne Approche Dynamique pour la Gestion des Politiques de Délégation dans les Systèmes de Contrôle d´Accès
Task delegation is a mechanism that supports organisational flexibility in the humancentric workflow systems, and ensures delegation of authority in access control systems. In this paper, we define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them...
متن کاملDynamic Authorisation Policies for Event-Based Task Delegation
Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specifi...
متن کاملA Workflow Instance-based Model-checking Approach to Analysing Organisational Controls in a Loan Origination Process1
Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from enterprise resource management (ERP) systems may require the implementation of seemingly contradictory requirements (e.g. tight access control but a...
متن کاملThe Delegation Authorization Model: A Model For The Dynamic Delegation Of Authorization Rights In A Secure Workflow Management System
A workflow is a coordinated arrangement of related tasks in an automated process, the systematic execution of which, ultimately achieves some goal. Tasks that comprise the workflow process are typically dependent on one another. Security, in a workflow context, involves the implementation of access control security mechanisms to ensure that task dependencies are coordinated and that tasks are p...
متن کامل