Research And Implementation Of An Improved RBAC Model In WFMS

With computer and network technology generalized and extended, research and development of workflow become an upsurge. However, since workflow is an emerging in the field, the research available to it is immature. Therefore, it becomes more and more important to the research of workflow security especially of access control. Role-based access control has become hotspot in the research of workflow access control. But the models available are not explicit in access control when applied into workflow, so the security of workflow reduces.According to the existed problems in workflow access control, we propose an improved RBAC model-ARBWAC. The model seperates the duties between common roles and administrative roles, describes the constraints formally, makes the distribution of permissions more flexible and enhances the security of the workflow"s access control.The paper analyzes RBAC96 model family in detail. We divide roles into two kinds-common roles and administrative roles-by the differences in duties between common users and administrators to implement the seperation of duties between them.To describe it more clearly and reasonably, constraints is defined according to exclusive roles, prerequsite roles, roles" cardinality and the limitations between privileges and roles. Meanwhile, we can define the relationships among activities, operations and roles dynamically when defining a workflow process, which makes the distribution of permissions more flexible. Therefore, we can enhance the security of the workflow' s access control when applying the points above.The paper designs and implements the workflow management system based on XML-JXFlow, and two of JXFlow's sub-systems: the organization definition tool and the workflow engine. The organization definition tool defines ARBWAC's components and their's relationships, while the workflow engine implements the model's authorization strategy. JXFlow solves the problems of traditional WFMS"s access control, increases the ability of secure access control and reaches the standard of secure access control policy. Finally, an application, Official Document Circulation, is introduced with its organization definition, process definition and execution of document transferring.