Research On Workflow Instance's Secure Migrating Mechanism Based On Passport And Visa

A workflow was a transaction model that can be implemented by a workflow system. It was built to realize the integration and automation of the management process under the support of advanced computers. Implementing automation of the process was the characteristic of the workflow. It was to make human and all kinds of application tools to cooperate, so that a specific transaction process was finished. The appearance of mobile agent provided the more choices for workflow system design. Mobile agent had many advantages in workflow system design, such as reducing the network flux, suit the mobile user, helpful to data integration and possess parallel feature, etc. One characteristic of the distributing operating system was that it needed frequent data and service transfers. The migrating workflow manage system combined this characteristic with the mobile agent and introduced mobile agent to the tradition workflow system. The migrating workflow manage system highly increased the agility of the workflow system to adapt the active environment.The migrating workflow gave a new direction within the workflow management area, at the same time, it brought new security risk to the migrating workflow management system. The migrating workflow both had the characteristics of workflow and mobile agent. Its security issues can not be considered in only one side. To build the appropriate migrating workflow security system, both the workflow security points and the mobile agent security problems must be calculated.In migrating workflow, Each workplace acts as the abstraction of the business organization, provides running environment and workflow service for migrating instance. Migrating instance may create by different workplace, When mi found that workplace can't meet the requirements of task, mi with its task and results can migrate to another workplace resuming execution upon arrival. So migration of workflow instance is absolutely necessary. Identity authentication of migrating instance and authorization present some complicated features owning to roaming of migrating Instance between sites continuously. Furthermore, its access privilege is different to migrating instance about each workplace's service and resource.Migrating instance executes the business process by way of auto or interactive on behalf of user. According to the work characteristic of migrating instance, we need an effective access control mechanism to make sure that only required information can be accessed by legal participant involved and refuse the unauthorized access of illegal migrating instance.Combined with mobile feature of migrating instance, A Passport and Visa authentication and access control model(PV-AAC),which integrates Role Based Access Control (RBAC )models and incorporate the notation of Passport and Visa to provide a flexible solution for access control based on migrating instance ,is presented in this paper. PV-AAC applies the strategy by creator of migrating instance issuing passport for it and destination site issuing Visa which will endow some privilege with it, which can provide flexible privilege control which can use workplace's service and resource effectively and prevent illegal user's unauthorized access. Destination site can recognize the identity of migrating instance efficiently, and can make a decision whether permitting migrating instance entering the dock server. P/V mechanism applied in this paper presents a good solution for the authentication and access control problems on workplace's service in the migrating workflow.