Role & Task Based Collaborative Systems Access Control

Since entering the Technology Computer and Communications times, group cooperation goes deep into each field of society, and has a broad application prospect. Especially in today, the manage scale and produce scale expand gradually in modern enterprise, the mode of business operation in tradition enterprises can't satisfy the information request in modern enterprises, so in such application background, one of new research fields—Computer Supported Cooperative Work (CSCW) appears before the eyes. CSCW described that a group of users accomplish one mission in a shared work environment. In the CSCW systems, all information has been transmitted by network, this will be inevitable suffered illegal attack, so the security of information in the CSCW system which appears especially important. With the developing of CSCW system in large enterprise, the problem of information security becomes the critical factor in whether the CSCW system can stabilize work.ISO (International Organization for Standardization) has defined five- level security services as the network security standard (Authentication Service, Access Control Service, Confidentiality Service, Integrity Service and Non-repudiation Service). Access control is one of the important parts, which is the secure entrance of information. In the CSCW system, it appears especially important; the CSCW system takes the flow as the core, and completes a task through community's cooperation. Therefore user's safe access control affects in directly the overall system in data security and the uniformity. This article has conducted research and discussion to the question, and proposes a new model called RTBCSAC which is based on role and task collaborative systems access control.This article primarily divides into three parts, first we analyze two popular access control model: Role-based access control model (Role) and Task-based access control model (Task), then we summarize the superiority and the insufficiency which they are applied to the the CSCW system. Next we evaluates the good and bad points of the traditional access control model, and propose a new kind of access control model which is suitable to CSCW system—RTBCSAC (Role & Task based collaborative systems access control.). In detail introduce this model principle of design, the model architecture, authorization mechanism and its security analysis. This model has satisfied the least privilege principle and the responsibility separation principle effectively, and suits in the access control request in the CSCW system. Finally we have carried on the design realization to the RTBCSAC model, and develop a set of computer cooperative management system. We describe the system architecture, the design of workflow engine; emphatically introduce the system application and the realization mechanism in the RTBCSAC model. The stabilize operation of the system indicates that RTBCSAC model has a very high feasibility and validity in the CSCW system.This article formalization describes the relationship between data, operation, permission, role and user in RTBCSAC model. It absorbes the merit of traditional access control, according to the access control request in CSCW system, we design this model which suits to the CSCW system. This model includes that it provides the access control in user group (role), supports the role inherits and multiple inherits, simplifies the role management, facilitates management of the enterprise, supports the entrust mechanism in permission, that for the users who have a very role, they can entrust the related operation to another, which facilitate the daily work. This model provides dynamic authorize mechanism, only when the task is in execution, it can award the permission for the related user, if the task is completed, then revoke the permission immediately, divide the extent of authority size further, the permission has divided into the level of task, it suits in the CSCW system. In this article, the RTBCSAC model uses five tuple (OT, T, Wst, Rt Se) authorization mechanism, the workflow condition leads into the model, together with the task internal condition control the assignment of authorization, it satisfies the characteristic of cooperative work and interactives in CSCW system. The users exist in session and assignment task by the way of"push", this guarantees that the task can be executed immediately and the valid of authorization. We define the lifecycle of the task by the active time; this avoids the security problem in getting the permission time too long. This authorization mechanism is embarked from the cooperative characteristic in CSCW system, therefore it satisfies the demand of access control in CSCW system effectively, simultaneously this model has defined perfect principle of restriction and the task dependency relationship, and this can guarantee the system security further more.The computer cooperative management system in this article is aimed at in the design profession application domain which has certain pertinence. The computerization working enhances enterprise's working efficiency. According to the analysis of the system, it proves the RTBCSAC model suits the demand of access control in CSCW system.This article analysis the access control request in CSCW system, and proposes a kind of new access control model—RTBCSAC, it supports dynamic authorization mechanism in CSCW system environment, by the analysis in actual system, which proves the model has a widespread application in CSCW domain.