Role-hierarchy-based Task Delegation Model In Workflow

Extensive application of the workflow raises concerns for its security. Access control is an important aspect of workflow's security issues raised by the Workflow Management Coalition. Delegation is an important component of an access control model, and a complete access control model must have a complete delegation function. This paper carefully studied the existing delegation models. A workflow system is task- oriented. Therefore, the role-based delegation models represented by RBDM0 and RDM2000 and the permission-based delegation models represented by PBDM are not suitable for the application in the workflow system. The delegated user was appointed in all the existed user-user delegation modals. In workflow system, as a user delegates a task when he can not execute the task assigned to him because of illness or a business trip, he may probably not know whether other user is absent or not, and how much other user's workload is, what's more, the delegating user can not guarantee the legality of the delegation. To solve the above problem, a role hierarchy based task delegation modal (RH-TDM) is proposed in this paper.In RH-TDM model, tasks assigned to a role were separated into delegatable private tasks and undelegatable private tasks as well as public tasks. Delegating user only need to limit the role scope of delegated user instead of determining a specific delegated user in a delegation application. When the workflow process instance runs to the delegated task's instance, under the constraints of delegation rules, the delegation controller selected a legal delegated user dynamically according to role hierarchies in the limited role scope .In this model, the delegating user can avoid the trouble of selecting a right delegated user. RH-TDM delegation model can improve the safety and effectiveness of delegations in a workflow.This paper first introduces the system makeup of RH-TDM. Then, the formalization description and the delegation rules as well as the revocation of the modal are put forward. The modal's performance is analyzed subsequently. At the end of this article, the general designation and database designation and class designation of the modal are presented. A stock process in a corporation is taken as an example to show the high efficiency and reliability of the delegation modal as well as satisfying the least privileges and dynamical separation of duty.