Optimistic Anonymous Participation in Inter-organizational Workflow Instances

  • Joachim Biskup
  • Joerg Parthe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4332)


Electronic business applications are often structured by workflow declarations that span potentially numerous generic activities in different organizations. Such declarations are used to assign activities to specific entities, and to dynamically grant and revoke access to the resources according to the execution state of the workflow instance. If competing organizations cooperate in common workflow instances for achieving a joint purpose, they might want to let entities participate anonymously. Anonymous participation demands a restricted flow of identifying information, whereas state dependent access control requires the flow of specific control information. In this paper we introduce the ‘Anonymous SDSD’ approach (State-Dependent Security Decisions) balancing the conflicting requirements by combining techniques like onion routing, logging, bulletin boards, pseudonyms and proxies.


Access Control Security Policy Step Counter Virtual Organization Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)CrossRefGoogle Scholar
  2. 2.
    Biskup, J., Eckert, C.: About the enforcement of state dependent security specifications. In: Keefe, T.F., Landwehr, C.E. (eds.) Database Security VII, pp. 3–17. Kluwer, Boston (1994)Google Scholar
  3. 3.
    Biskup, J., Leineweber, T.: State-dependent security decisions for distributed object-systems. In: Olivier, M.S., Spooner, D.L. (eds.) Database and Application Security XV, pp. 105–118. Kluwer, Dordrecht (2002)Google Scholar
  4. 4.
    Biskup, J., Leineweber, T., Parthe, J.: Administration rights in the sdsd-system. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds.) Data and Applications Security XVII: Status and Prospects, pp. 149–162. Kluwer, Dordrecht (2004)Google Scholar
  5. 5.
    Biskup, J., Parthe, J.: Optimistic anonymous participation in inter-organizational workflow instances (2006),
  6. 6.
    Camarinha-Matos, L.M., Afsarmanesh, H. (eds.): Processes and Foundations for Virtual Organizations. IFIP International Federation for Information Processing, vol. 134. Springer, Berlin (2003)Google Scholar
  7. 7.
    Casati, F., Castano, S., Fugini, M.G.: Managing workflow authorization constraints through active database technology. Information Systems Frontiers 3(3), 319–338 (2001)CrossRefGoogle Scholar
  8. 8.
    Coetzee, M., Eloff, J.H.P.: Towards web service access control. Computers & Security 23(7), 559–570 (2004)CrossRefGoogle Scholar
  9. 9.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Hansen, M., Pfitzmann, A.: Anonymity, unlinkability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology. version v0.23 (2005),
  11. 11.
    Huang, W.-K., Atluri, V.: Secureflow: a secure web-enabled workflow management system. In: Proceedings of the Fourth ACM Workshop on Role-based Access Control, pp. 83–94. ACM Press, New York (1999)CrossRefGoogle Scholar
  12. 12.
    Kang, M.H., Park, J.S., Froscher, J.N.: Access control mechanisms for inter-organizational workflow. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 66–74. ACM Press, New York (2001)CrossRefGoogle Scholar
  13. 13.
    Knorr, K.: Dynamic access control through petri net workflows. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 159–167. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  14. 14.
    Oh, S., Park, S.: Task-role-based access control model. Information Systems 28(6), 533–562 (2003)MATHCrossRefGoogle Scholar
  15. 15.
    Schulz, K.A., Orlowska, M.E.: Facilitating cross-organisational workflows with a workflow view approach. Data & Knowledge Engineering 51(1), 109–147 (2004)CrossRefGoogle Scholar
  16. 16.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Steinbrecher, S., Köpsell, S.: Modelling Unlinkability (2003),
  18. 18.
    Strader, T.J., Lin, F.-R., Shaw, M.J.: Information infrastructure for electronic virtual organization management. Decision Support Systems 23, 75–94 (1998)CrossRefGoogle Scholar
  19. 19.
    Sun, Y., Pan, P.: Pres: a practical flexible rbac workflow system. In: ICEC 2005: Proceedings of the 7th International Conference on Electronic Commerce, pp. 653–658. ACM Press, New York (2005)CrossRefGoogle Scholar
  20. 20.
    Wainer, J., Barthelmess, P., Kumar, A.: W-rbac – a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)CrossRefGoogle Scholar
  21. 21.
    Wainer, J., Bezerra, F., Barthelmess, P.: Tucupi: a flexible workflow system based on overridable constraints. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 498–502 (2004)Google Scholar
  22. 22.
    Wu, S., Sheth, A., Miller, J., Luo, Z.: Authorization and access control of application data in workflow systems. J. Intell. Inf. Syst. 18(1), 71–94 (2002)CrossRefGoogle Scholar
  23. 23.
    Yang, S., Lam, H., Su, S.Y.W.: Trust-based security model and enforcement mechanism for web service technology. In: Buchmann, A., Casati, F., Fiege, L., Hsu, M.-C., Shan, M.-C. (eds.) TES 2002. LNCS, vol. 2444, pp. 151–160. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Joachim Biskup
    • 1
  • Joerg Parthe
    • 1
  1. 1.Computer Science DepartmentUniversity of DortmundDortmundGermany

Personalised recommendations