Model Of Workflow Access Control Based On Role

Workflow technology has been a hotspot in the area of computer application since 1990. It is very important to study the technology in-depth, since it can significantly improve the information standard and operation efficiency of enterprises, hence make them more competitive. Because all of the information from workflow must be transmitted by internet, there are some security risks during the running of the workflow. So, the security of information is very important.This paper focuses on the access control service that is one part of security mechanism in workflow systems. First, This paper analyses the access control service's importance and speciality in the security of workflow systems, at the same time static features and dynamic features of workflow systems are pointed out.Based on these features, special access control requirements of workflow systems, such as least privilege, order of event, separation of duties (SoD), checking and adjust the task grant authorization and controlling the time of task's executing.Then, RBAC model and workflow technology are discussed. Through an example, the documents run workflow in the Official Automation System. Based on above issues and speciality of workflow system, this paper explains why DAC and MAC as access control models are not suitable for workflows. At the same time, drawbacks of RBAC applying for workflows are pointed out. The requirements imposed by workflows call for suitable access control mechanism that is more flexible and fine-grained.Based on above analysis, a model, WACBR (Workflow Access Control model Based on Role), is proposed to solve access control problems of the workflow system. The concept of task is introduced to WACBR. Tasks represent the smallest unit of work in the Workflow.Users and permissions are authorized by the task of workflow system, this model uses two kinds of roles which differ from granularity for each granting authorization.In the WACBR, The concepts of time and the sequence of time are put forward to describe order of tasks. The relationships of the Workflow's elements is classified to a relationship set, named DC (depend and conflict). To expressing the element of DC,...