Abstract
A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Kandala S, Sandhu R. Secure Role-Based Workflow Models.Proceeding of the 15th IFIPWG 11.3 Working Conference on Database Security. Dordrecht: Kluwer Academic Publishers, 2002. 45–58.
Sandhu R, Coyne E J, Feinstein H L,et al. Role based Access Control Models.IEEE Computer, 1996,29(2): 38–47.
Atluri V, Huang W K. An Authorization Model for Work-flows.Proc. of the Fifth European Symposium on Research in Computer Security, Lecture Notes in Computer Science, New York: Springer-Verlag, 1996,1146: 44–64.
Atluri V, Huang W K. A Petri Net Based Safety Analysis of Workflow Authorization Models.Journal of Computer Security, 2000,8(2): 83–94.
Kang M H, Park J S, Froscher J N. Access Control Mechanisms for Inter-Organizational Workflow.In Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, VA: ACM Press, 2001.
Knorr K. Dynamic Access Control Through Petri Net Work-flows.Pro. of the 16th Annual Computer Security Applications Conference (ACSAC), New Orleans: IEEE Computer Society, 2000. 159–167.
Adam N, Atluri V, Bertino E,et al. A Content Based Authorization Model for Digital Libraries.IEEE Transaction Knowledge and Data Engineering, 2002,14(2): 296–315.
Adam N R, Atluri V, Huang W K. Modeling and Analysis of Workflows Using Petri Nets.Journal of Intelligent Information Systems, Special Issue on Work flow and Process Management, 1998,10(2): 131–158.
Sandhu R. Separation of Duties in Computerized Information Systems. In: Sushil Jajodia, Carl Landwehr, Eds: Database Security, IV:Status and Prospects. Amsterdam: North Holland, 1991, 179–189.
Author information
Authors and Affiliations
Additional information
Foundation item:
Biography: XING Guang-lin (1972-), male, Ph. D. candidate, research direction: access control and secure workflow.
Rights and permissions
About this article
Cite this article
Guang-lin, X., Fan, H. & Hui, C. A workflow authorization model based on credentials. Wuhan Univ. J. Nat. Sci. 11, 198–202 (2006). https://doi.org/10.1007/BF02831731
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF02831731