Study On Workflow Access Control Model Based On PKI/PMI

Workflow is a kind of business process which can perform automatically completely or partially, Workflow can be passed and executed during different executors by a series of process rules, documents, information or tasks. As the applying and developing of Workflow technique in informationization of enterprise, security problem of the Workflow management system becomes more and more acuity. The main security problem is concentrate on the authentication, data privacy, data integrity, non-repudiation, authorization, audit, security management and administration, PKI can solve the front four problems, the others can be solved by access control.Because of the characteristics of Workflow system itself, it requires special access control mechanism. The authorization and security management of Workflow system are different from general system. Generally, authorization and access control aim at the sensitive data in general software system, but in Workflow system, it also should authorize to the task of workflow. Tasks are executed by different roles, and data flow between the tasks, thus, one and the same role or user may execute different tasks with different privileges; Moreover, task's state should also be considered, because user's role or role's privileges are usually different in different task states. Therefore, security management of Workflow system is quite complicated.This dissertation presents an E-TRBAC model on the foundation of analysis of existing access control model and requirement of Workflow access control. The concept of task instance's state has been introduced in this model, and the role's privilege are authorized according to the task's different states in different times. It ensures the synchronization betweet authorization and workflow, so it satisfies the requirement of dynamic instantaneous authorization in the process of task, and enhances the data access security. At the same time, in order to solve the problem of traditional authorization management methods, we employ the PMI to accomplish the authorization management of E-TRBAC model. Moreover, we design a Workflow access control system (WACS) based on PKI/PMI, for the purpose of offering the consistent and authentic authentication, authorization, audit service for Workflow Management System. At last, by presenting an example of WACS's application, we certify the validity of WACS.