Applying traditional role-based or task-based access control model to workflow system enforces its security performance. However, these models merely using role to model enterprise'organization structure. This can not fulfill customer's requirement of mapping organization model in workflow system. Moreover, task role assignment in traditional access control is apt to result in ambiguity when there are same roles in different organization unit.This paper presents a new access control model to solve the issues as we mentioned above. Firstly, the workflow technology and traditional access control technologies are introduced, and then the main disadvantages of traditional workflow access control models are analyzed. Accordingly an organization and task based access control model is proposed. By introducing organization unit and organization hierarchy, the model can map enterprise'organization structure and distinguish the same roles in different organization units. This new model has been applied in an open source workflow engine and performed well in security. |