Study Of Role-Based Access Control Model In Migrating Workflow

According to Workflow Management Collation guidance, workflow is the automation of business process in whole or in part, documents, information or task transform among the participants (user and computer program) according to a serial of rules, in order to achieve the overall objectives of business process through the co-ordination among members of the organization. Workflow technology has been widely applied into those business process management areas, such as collaborative manufacturing, collaborative product commerce, cooperative office etc.Migrating workflow is a new technique which applies the mobile agent calculation model into the workflow management. According to the migrating workflow model advanced by Professor Zeng Guangzhou, the migrating workflow management system includes three elements, they are migrating instance, workplace and migrating workflow management engine. Wherein, migrating instance is the subject to performance tasks, accepts the commission from the business process manager, migrates within various workplace and makes use of services and resources to execute one or more tasks, and several migrating instances can cooperate to complete a business process. Workplace is the service provider of migrating workflow members (organization, institution and individual), providing runtime services and workflow services for the authorized migrating instance. Migrating workflow management engine is only used to define the process, creation, sending and monitoring of migrating instance in order to support the non-central features in mobile computing.Like other workflow management systems, migrating instance access control built on workplace is a key problem to construct the migrating workflow model, because migrating instances is users of workplace. In the workflow management system based on the WfMC’s standard the business process, source and the participants are known, so the workflow designer establishes the overall access control strategy beforehand, then the workflow management engine manage and execute them. Migration workflow is a decentralized, loosely coupled business process management system. Migrating instance and workplace are independent and autonomous entities. Therefore workplace must establish their own access control models according to local service rules and local security policy, including migrating instance identity authentication and migration instance authentication. The preliminary research applied the passport/Visa (P/V) model to the access control of migrating instance, which principal concept was that the creator issued the identity passport for migrating instance; the workplace issued the visa for the migration instance, including landing permission, access authorization and period of validity.Under the fund support of national nature science funding and the foundation of migrating workflow model framework, we focused on the migrating instance believability, ability, task and workplace service coalition RBAC (role-based access control) model expansion. RBAC is widely used in the access control model, which principal concept is to give the access subjects the controllable authorization according to the role of access subject. The paper mainly includes:1. RBAC model research based on the migrating instance trust constraintThe previous RBAC model researches mainly focused on the authorization constraints on the basis of the resource type and access queue, rarely considered the influence of role authorization carried out by the behavior of entity. In this paper, we introduced the trust into the access control of the immigrating instance and proposed B-RBAC model on the basis of migrating instance trust, in which MIB was used to measure the believability of migrating instance source access, such as the presence of unauthorized access or other malicious etc. The migrating instance’s MIB below the threshold would enter into the black list and the B-RBAC model would guide the workplace refuse to issue Visa. B-RBAC model would trigger the strong monitoring mechanism of the workplace for the migrating instance of low MIB value. The chapter2mainly discussed the B-RBAC model on the basis of migrating instance trust constraint, definition of migrating instance trust, authorization rule, and the migrating instance access control algorithm based on the trust constraint was given.2. RBAC model research based on the migrating instance ability constraintMostly the business process needs migrating instance collaborative execution to improve the workflow efficiency. Each migrating instance moves continually according to its own task and guidance, so it is inevitable to cause resource access conflict when multiple migrating instances land on the same workplace. The paper focused on the A-RBAC model on the basis of the migrating instance ability constraint. When multiple instances landed on the same workplace to cause the resource access conflict, A-RBAC model gave different priority level authorization according to the character abilities of migrating instance, and then built the queuing mechanism. The chapter3mainly discussed the A-RBAC model, definition of migrating instance role ability (RA), and RA-based authorization rule and the migrating instance access control algorithm based on the ability constraint was given.3. RBAC model research based on the migrating instance task constraintBusiness process designer and workflow service provider are the independent social entities in the migrating workflow model. Thus, for an un-central migrating flow management system, it is difficult to maintain a consistent between the authorization granularity (task granularity) requested by migrating instance and the authorization granularity (task granularity) provided by workplace. The paper focused on T-RBAC model based on the migrating instance task constraint. For migrating instance coarse-grained tasks request, T-RBAC model built the task-disassembling mechanism in the workplace, then assigned and licensed the role of fine-grained according to the sub-task demand. In the fine-grained roles assignment process, the workplace would refuse Visa if the migrating instance was found in the black list of one role. When the access conflict existed among the migrating instance, T-RBAC model would firstly assess the each subtask comprehensive abilities of migrating instance, and then determine the overall priority. The chapter4discussed the T-RBAC model, and the definition of role ability, role ability-based authorization rule. The task-disassembling and migrating instance access control algorithm on the basis of panel authorization were given.4. RBAC model research based on the workplace coalitionIn the opening of migrating workflow environment, there is one more than workplaces provide the same service for the same task, such as bank payment, tour booking and store shopping. If these workplaces trust each other, the reliability of migrating instance will improve through the redundant service mechanism. The paper focused on the C-RBAC model based on the workplace coalition under the hypotheses that the coalition member built the mutual trust mechanism and then shared the common assigned role. When migrating instance was forced to move other coalition member workplace because of unreachable destination or service failure, RBAC model would judge whether the migrating instance obtain the same service before from coalition member according to the role assignment system of the Visa authorization. If yes, the new coalition member provided service directly, or the migrating instance would obtain the access authorization according to the local rules. The chapter5discussed the C-RBAC model, the definition of the workplace service coalition and its authorization rule, and the migrating instance access control algorithm based on the sharing of role assignment was given.Innovation:1. Built B-RBAC model based on migrating instance trust constraint in the light of behavior monitoring problem of migrating instance.B-RBAC model extends the constraint function of role assignment in migrating instance trust compared with RBAC96model and its relative research, which can effectively prevent the role assignment of migrating instance and improve the safety control level of.2. Built A-RBAC model based on migrating instance ability constraint in the light of the access conflict problem in the same workplace among many migrating instance.A-RBAC model extends the constraint function of role assignment in migrating instance ability compared with RBAC96model and its relative research, which can dispel the access conflicts through access priority.3. Built the C-RBAC model based on the mutual-trust workplace service coalition in the light of the redundant service problem existed in the workflow environmentCompared with RBAC96model and its relative research, C-RBAC model extends the constraint function of redundant service and authorization sharing in role assignment. Authorization for sharing can simplify the role assignment process and redundant service can improve migrating workflow reliability.The migrating workflow is a developing research area; they are still not mature enough regardless of the access control theory and applied research. So this paper further work mainly includes:1. Migrating instance group signature and authentication method. Access control includes identity authentication and authorization differentiate. This paper didn’t discuss the passport certification issues in detail with the exception of the hypothesis that the founder signature the passport for migrating instance. But for a relatively stable business cooperation coalition, member of group signature is more conductive to improve the security level. Thus, this program will further learn the migrating instance group signature and authentication methods.2. Fine-grained Task constraint research. The premise of the T-RBAC model is the assumption that the task granularity requested by migrating instance is greater than the minimum permission service granularity in the workplace, so T-RBAC model was built on the basis of task-disassembling and panel authorization. In the practical applications, there may also occur that the task granularity requested by migrating instance is smaller than any service granularity in the workplace. Therefore, extending the T-RBAC model to fit the fine-grain task granularity constraint is the further work of this paper.3. Migrating instance group authorization and authentication method. This paper built C-RBAC model, provided that the workplace built the mutual trust in providing redundant services, even if one workplace in the service coalition authorized, will be inherited by other coalition member through the Visa logo, but don’t consider the intensity difference and the influence of authorization inheritance. Therefore, this program will further learn the migrating instance group authorization and authentication method because the intensity of location trust will influence the security level of access control.