Using a privilege management infrastructure to support business processes within the Department of National Defence and the Canadian Forces

The Government of Canada (GOC) is shifting its methods for the delegation and exercise of authority from paper-based to electronic-based means. There are no technical solutions presently employed by the GOC for electronic authorization of workflow in distributed processing environments. The aim of this thesis is to show how an authorization system, or privilege management infrastructure (PMI), can be used to support business processes within the Department of National Defence (DND) and the Canadian Forces (CF).; The thesis has two goals to support the aim. The first goal is to show how the X.509 standard can be used to support DND and CF responsibility and delegation models. This involves the use of attribute certificates to control the specification and delegation of privileges, and the provision of separate hierarchies of responsibility for the management and delegation of roles. A proposed architecture for the distribution and storage of these attribute certificates supports the separation of certificate verification from the application-specific use of privileges. The second goal is to provide an authority management support methodology for designers to follow when trying to support a business process with a privilege management infrastructure. The achievement of these goals involves the analysis of the key authorizations within in the problem domain through the use of process models and object collaboration diagrams. ITU-T standard X.509 and concepts from role-based access control form the basis of the PMI design.