| Workflow is a fast-developing technology and various kinds of trade are adopting it gradually. The main characteristic is: automated processing of working processes which consist of combination of people and machine based activities. One option is to use a WFMS as enterprise application integration (EAI) platform. A WFMS can be used to manage the overall process,and delivers high added value that is for the development of workflow software that has a lot of people-related tasks. A WFMS allows you to create automated support of the procedures that are modeled as process definitions. Workflow technology is not only used extensively for handling business in the official environment but also can be applied to some industry and manufacturing industry. Although there are a large number of domestic and international workflow products, workflow management systems are at the very initial phase of the technology hypecurve. There are wide research prospects both in the study of theory model and in the skills in realization. This paper analyses the organization model and the authorization of activity performing mechanism in detail,and I also put forward a new model: a dynamic organization model combined with double authorization of activity performing mechanism ——Role & Task Based Access Control(RTBAC). At the beginning of making the standard, WfMC relatively put a little less work into organizational model. But after these years'transition of workflow technology which is from laboratory to enterprises, people find the organizational model defined in the standard of WfMC is not strong enough. Then a lot of research institutions have launched corresponding research in this respect, they have propose some characteristic model. In organizational structure, there are WIDE model, Dynamic organizational model etc. In authorizing and controlling, there are Subject-Object access model, task based access control model (TBAC), role based access control model (RBAC) etc. The model of this paper consists of entity and the relationship between entities. Besides organizational model entities which include role entity, stuff entity etc. I introduce a privilege entity. There are six relationships between entities composing relation, competence relation, responsibility relation, assignment relation etc. The kernel of RTBAC model is the privilege entity that has two primary parts: one part is for realizing role based access control, which is called Role Part, and another is for task based access control, which is called Task Part. Task Part also consists of Activity,Permission State,Activity Dependencies,Related Activity . There are many activity dependencies: Existential Dependency, Temporal Dependency, Concurrency Dependency, Separation Dependency. We take process model as DAG (Directed Acyclic Graph), use an algorithm which is called "Create Privilege"to travel the graph, and so we can create privilege instance. Privilege entity can be defined as below: P=(A,RA,R,ST) A:activity which is controlled by the privilege RA:activity which is related with activity A. R:basic task relationship ST:state of privilege For example, if the privilege has "Existential Dependency", we can build several sets S to reveal this dependency: S = { Pi | ?P j ( Pi . A = Pj . RA) , i , j ∈N , i ≠j} We can dynamically adjust the elements in S according to the rule of "Existential Dependency", and change the access privilege of activities while process is running. -V -Our model has the merit of active security model, and safe and flexible mechanism of access control. In this model, we can dynamically assign the executing privilege to organizational entities during the processing of flow. As to this, my model have obvious advantages superior to other model. The common ground of access-control model in the past lay in that they protect resources in view of system. No matter Subject-Object model or RBAC model, their weakness that all lie in consider no environment in which operator execute the operation. Our model can combine with TBAC, build access control model from roles and process executing at the same time.In the process of dealing with task, we can provide both static and dynamic privilege management. Also because realize the logical separation of user and access privilege, it is convenient greatly to privilege management. Another work of this paper is analizing and realizing of Monitor Model (I call it Supervisal Model). System monitoring in the complicated software system can improve the dependability and robustness of the application system. Favorable system monitoring tools can improve the systematic adaptability to changes, and give play to users to deal with the dynamic role of the complicated problem. The system monitoring tools introduced in this paper can monitor the running of processes in the system and also provide a series of administration functions, then realize process control, activity-state management like below: 1) the instantiation of process model; 2) provide the data of running processes, activities and executer to administrator; 3) start, suspend, resume, and terminate processes; 4) manage the running process ,count and analyze the historical data of the process that finish normally or exceptional. Additionally using UML graphics, I exhaustively explain the detailed design of models in this paper. I have divided the related relation among organizational model entities into tree kind: 1)A many-to-many qualification relation between staff and roles, that is, every person can act as at least one role, and every role could be assigned to one more people.2)A many-to-many composing relation between staff and workgroup. 3) A many-to-one responsibility relation between staff and duty, i.e. one person could take on only one duty, but the same duty maybe corresponds to several persons. There are also three relations among entity of access control model, entities of organizational model, and activity entities of process model: 1)An one-to-many assignment relation between role and privilege, that is to say, one role could have many executive privileges, while a single privilege belongs to only one role. 2)An one-to-many assignment relation between workgroup and privilege. 3)An one-to-one executive... |
PDF Full Text Request