Alter-egos and Roles — Supporting Workflow Security in Cyberspace

  • E. Gudes
  • R. P. van de Riet
  • J. F. M. Burg
  • M. S. Olivier
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


Workflow Management (WFM) Systems automate traditional processes where information flows between individuals. WFM systems have two major implications for security. Firstly, since the description of a workflow process explicitly states when which function is to be performed by whom security specifications may be automatically derived from such descriptions. Secondly, the derived security specifications have to be enforced. This paper considers these issues for a Cyberspace workflow system by describing a small, but comprehensive example.

The notion of an Alter-ego is central in this description: Alter-egos are objects that represent individuals in Cyberspace (and not merely identify them). In Cyberspace, documents in a workflow system therefore flow between Alter-egos, rather than between individuals.


Security and Database systems Workflow Cyberspace Object-Oriented Databases Role-based security 


  1. Atluri, V., and Huang, W.K. (1996) An extended petri net model for supporting workflow in a multilevel secure environment, Proc. Annual IFIP WG 11.3 Conf. on Database Security, Como, Italy, August, 1996, pp. 199–216.Google Scholar
  2. Atluri, V., and Huang, W.K. (1996) An Authorization Model for Workflows, Computer Security — ESORICS 1996 (eds. E. Bertino, H. Kurth, G. Martella and E. Montolivo ), Springer, 1996, pp. 44–64.Google Scholar
  3. Bertino, E., Bettini, C., and Samarati, P. (1994) A Time-based Authorization Model, Proc. ACM Int. Conf. on Computer and Communication Workflow security in cyberspaces 195 Security, Fairfax, Va, Nov. 1994, pp. 126–135.CrossRefGoogle Scholar
  4. Georgakopoulos, D., Hornick, M., and Sheth, A. (1995) An overview of workflow management: from process modelling to workflow automation infrastructure, Distributed and Parallel Databases, Vol 3, No. 2, 1995, pp. 119–154.CrossRefGoogle Scholar
  5. Lipp, P., and Hassler, V. (1996) Security concepts for the WWW, Proc. 2nd Int. Conf. on Communication and Multi-media security, Essen, Germany, 1996, pp. 85–95.Google Scholar
  6. MicroSoft Corp. (1996) URL: Scholar
  7. Miller, J.A., Sheth, A.P., Kochut, K.J., and Wang, X. (1996) CORBA-based run-time architecture for Workflow management systems, Journal of Database Management, Vol 7, No. 1, Winter, 1996, pp. 16–27.CrossRefGoogle Scholar
  8. Olivier, M.S. (1996) Using workflow to enhance security in federated databases, Proc. 2nd Int. Conf. on Communication and Multimedia Security, Essen, Germany, 1996, pp. 61–72.Google Scholar
  9. Object Management Group (1993) The Common Object Request Broker: Architecture and Specification, OMG Document No. 93.12.1, December, 1991.Google Scholar
  10. Object Management Group (1996) URL: Documents: 96–08–, 96–08–, 96–08–, and 96–08– Scholar
  11. Radu, S., Dehne, F., and Van de Riet, R.P. (1997) A first step towards distributed Mokum, Technical Report 428, Computer Science Department, Vrije Universiteit, Amsterdam, In preparation.Google Scholar
  12. Riet, R.P. van de, and Burg, J.F.M. (1996a) Modelling Alter-egos in Cyberspace: who is responsible?, Proc. of Web Net 96, San Francisco, 1996, AACE, Charlottesville, USA, pp. 462–467.Google Scholar
  13. Riet, R.P. van de, and Burg, J.F.M. (1996b) Linguistic Tools for Modelling Alter Egos in Cyberspace: Who is Responsible?, Journal of Universal Computer Science, Vol 2, No. 9, Springer, 1996, pp. 623–636.Google Scholar
  14. Riet, R.P. van de, and Burg, J.F.M. (1997) Modelling Alter-egos in Cyberspace using a Work Flow Management Tool: who takes care of Security and Privacy?, Submitted.Google Scholar
  15. Riet, R.P. van de, and Gudes, E. (1996) An object-oriented database architecture for providing high-level security in Cyberspace, Proc. 10th Annual IFIP WG 11.3 Conf. on Database Security, Como, Italy, August, 1996, pp. 92–115.Google Scholar
  16. Weeks, J.A., Cain, A., and Sanderson, B. (1996) CCIBased Web security: a design using PGP, URL: http://sdg. ncsa. uiuc. edu/- jweeks/www4/paper/current_rev.htmlGoogle Scholar

Copyright information

© IFIP 1998

Authors and Affiliations

  • E. Gudes
    • 1
  • R. P. van de Riet
    • 2
  • J. F. M. Burg
    • 3
  • M. S. Olivier
    • 4
  1. 1.Ben-Gurion UniversityBeer-ShevaIsrael
  2. 2.Vrije UniversiteitAmsterdamHolland
  3. 3.Vrije UniversiteitAmsterdamHolland
  4. 4.Rand Afrikaans UniversityJohannesburgSouth Africa

Personalised recommendations