Dynamic Authorisation Policies for Event-Based Task Delegation
نویسندگان
چکیده
Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specific constraints. Constraints are defined from the delegation context implying the presence of a fixed set of delegation events to control the delegation execution. In this paper, we aim to reason about delegation events to specify delegation policies dynamically. To that end, we present an event-based task delegation model to monitor the delegation process. We then identify relevant events for authorisation enforcement to specify delegation policies. Moreover, we propose a technique that automates delegation policies using event calculus to control the delegation execution and increase the compliance of all delegation changes in the global policy.
منابع مشابه
Une Approche Dynamique pour la Gestion des Politiques de Délégation dans les Systèmes de Contrôle d´Accès
Task delegation is a mechanism that supports organisational flexibility in the humancentric workflow systems, and ensures delegation of authority in access control systems. In this paper, we define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them...
متن کاملA Compositional Event & Time-Based Policy Model
Policies are increasingly used to govern the behaviour of complex distributed systems. Most policy models that allow policy composition, to address the complexity of policies, are only concerned with structural composition. In this paper we argue that it is natural to compose policies also along the temporal axis, i.e. express policies that can dynamically change over time or on the occurrence ...
متن کاملDelegation of Obligations
Obligation policies are one main means of exercising control within an organisation. They specify the actions that some subject has to perform. The authority over these actions needs to be specified in authorisation policies. Current policy notations provide us with the needed structure to represent authorisations and obligations as policy objects for distributed systems management. They suppor...
متن کاملRecognition of Authority in Virtual Organisations
A Virtual Organisation (VO) is a temporary alliance of autonomous, diverse, and geographically dispersed organisations, where the participants pool resources, information and knowledge in order to meet common objectives. This requires dynamic security policy management. We propose an authorisation policy management model called recognition of authority (ROA) which allows dynamically trusted aut...
متن کاملActive privilege management for distributed access control systems
The last decade has seen the explosive uptake of technologies to support true Internet-scale distributed systems, many of which will require security. The policy dictating authorisation and privilege restriction should be decoupled from the services being protected: (1) policy can be given its own independent language syntax and semantics, hopefully in an application independent way; (2) policy...
متن کامل