In the workflow system, when the data flow, the users who execute the operation changes, the authority of the users changes too, both of them are related to the context of the data processing. Traditional access control technologies, such as DAC, MAC, are difficult to do this; in RBAC, roles must be changed frequently, which is not suitable to the workflow operation. And nearly all the workflow management systems focus on how to correctly simulate the flow of operation, no, or very few, consider simulate operation constraints that will inevitably lead to hidden dangers. So, we need a new access control model.First, this paper describes a series of restraints rules and applies contract in formalization process of safe business to establish a secure, well-defined business processes.Second, we model the process by lane to form a contract-lane model. In this model, the rout relationships of the safe processes could be expressed visualization also in direct viewing by graphic.Then carries on the corresponding privilege according to migration of the task states, including dynamic warrant of the workflow, re-warrant, and adjust privilege, all these are based on contract-lane model. The method could reduce risk of data access without warranted and data misused, and provide certain guarantee for the warrant management of the workflow management system. |