Study On The Access Control In Workflow Management System

With the wide use of computer and network,workflow has become a critical technology for enterprise on coordinating business process, enhancing the abilities of meeting an emergency and of competitive power. Workflow technology has being gaining comprehensive attention recently. However, the research of workflow security is lacking comparing with the research of workflow technology. Because of this factor, there are many potential safety problems existing in workflow management system. This seriously limits the wider use of workflow management system. Therefore, it is very significant to study the security in workflow management system.Access control technology is one of the most important workflow security services. Various access control technology have been raised now, such as Discretionary Access Control(DAC),Mandatory Access Control(MAC),Role Based Access Control(RBAC),Task Based Access Control(TBAC) and etc, however, neither of them would completely meet the needs of access control in workflow management systems. This paper presents a role-based workflow dynamic access control model, named as RWDAC, based on the current research of access control in workflow management system. This model overcomes the weaknesses of the bad dynamic adoption and the fake constraint of the least privilege. It can enhance the security and practicability of the workflow system based on J2EE.First, the paper introduces relevant concept of workflow technology and workflow management system, discusses several traditional access control technology and the current research of access control in workflow management system. According to the characteristics of workflow technology, it does some work on the application of access control technology and analyzes the possibility and drawback when applying them to the workflow management system.Then, taking the characteristics of workflow management system and the requirement of real application into consideration, the paper presents a role-based workflow dynamic access control model which can meet the need of dynamic authorization in workflow management system. Based on the RBAC, it introduces the concept of task to realize synchronization between authorization flow and workflow. It presents the authorization constraint mechanism and authorization rule, and raises a new arithmetic to resolve the private privilege problem. The paper also does some work on task assignment strategy which is one element of the access control, and presents a task assignment strategy based on fuzzy synthetic judgment method. The utilization rate of resource and executing efficiency of workflow management system are improved effectively.In the following, the paper presents a workflow management system based on J2EE and realizes the RWDAC in it. The paper introduces the access control architecture, and describes the realization approach of each functional module in the architecture in detail. It also introduces the main sequences of the access control in the workflow management system. Finally, the paper summarizes its research work and prospects for the future work.