A Dynamic Workflow Authorization Model Based On Participant Expressions

Workflow management system is a software system, which is used to manage workflow process definition, schedule processes and other recourses. The execution of workflow processes requires authorizations for enforcing the assignment of tasks to participants according to the security, functionality and management policies of an organization. However, the existing workflow descriptions are most focus on the authorization to role and task. It cannot assign participants to tasks according to the context in workflow activities. Therefore, this method lacks flexible and dynamic allotment capability and cannot meet the requirements of complex business processes.The aspects of workflow security are studied against the above problems in this paper. The main contents of this theory are as follows. Firstly, according to the existent problem of the weak ability to describe workflows, this paper proposes the concept of workflow participant expression and develops a series of grammar rules. The elements in an organization such as a department, a team, a role and a user, could use an expression to describe, enhancing the description requirements of complex workflows; Secondly, The execution of task assignment needs to be in accordance with the scope of expressions. Therefore, on this basis concept, a dynamic workflow authorization method based on participants'expression rules is proposed. In the processing modeling, this method applies some expression rules into the participant of every activity. During the execution of process instances, the workflow engine could validate and parse the rules according some algorithm. And then, the suitable user set is obtained and the users in this set are authorized to execute tasks. This method can resolve the problem of dynamic authorization of the tasks during the runtime of workflow instances; support the least privilege policies and the policies of separation of duties. At last, this paper designs and implements a workflow system based on participant expressions. The practicability of this method is proved by concrete workflow processes.A workflow management system engine based on XML is designed and accomplished in this paper. The engine could parse process definition files which follow the XPDL standards and accomplish the execution of process instances through the interaction with other parts of workflow management system. By means of parsing workflow participant expression roles, the system extends the ability of task authorization and allocation, and solves many problems about task allocation in traditional workflow management systems.