Research & Design Of Distributed Secure Workflow Management System

The main purpose of workflow management system is arrange information and human resource properly to harmonize every activities in business process, and achieve the efficient accomplishment of business object. Today, as the increasingly wide use of computer and network, workflow management system is attracting more and more attention by research institute and industry field. The security services of workflow management system include authentication, authorization, access control, audit, data privacy, data integrity, anti-deny and secure management, among them, the most important parts are authorization and access control.Role-Based Access Control is a flexible access control policy, it's main idea is to associate privilege to role, and authorization of user is converted to authorization of role, thus greatly simplify the authorization management, so it can be easily used in workflow management system. Privilege Management Infrastructure is based on Public Key Infrastructure and allow authorization of authenticated user. The role model of Privilege Management Infrastructure defines role-assignment attribute certificate and role-specification attribute certificate, it is suitable to Role-Based Access Control in distributed environment.According to the characteristics of workflow technology, Role-Based Secure Workflow Model expands the Role-Based Access Control Model RBAC96, changes permission to privilege of task, combines role-based access control and task-based authorization control policy, achieves static privilege allocation and dynamic authorization control at the same time, thus ensures the mini-privilege principle of secure system.The Model of Distributed Secure Workflow Management System D-WfMS is an expansion of Role-Based Secure Workflow Model, it fits the management of role and authorization in distributed environment. The authorization and access control of D-WfMS use the attribute certificate policy of Privilege Management Infrastructure, the privilege allocate function and privilege verify function are implemented by role server and application gateway in the system.