Abstract
In workflow environments, access control is an important issue of security. Especially, a suitable access control model to meet the special secure requirements is needed. In this paper, we present a formal model, called RTFW, which allows for some ubiquitous problems in workflow environments, such as separation of duty and dynamic authorization, combining the notions of role– based access control (RBAC) and task- based access control (TBAC) models. Furthermore, we describe how to design and implement its prototype system and discuss some key issues and challenges.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Fan, Y., Shi, W., Wu, C.: Fundamentals of Workflow Management Technology, pp. 30–35. Springer, New York (2001)
Sandhu, R., et al.: Role-based Access Control Models. IEEE Computer 29, 38–47 (1996)
Thomas, R., Sandhu, R.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: Database Security, XI: Status and Prospects-Results of the IFIP WG11.3 Workshop on Database Security, pp. 166–181. Chapman and Hall, Boca Raton (1997)
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of IEEE 63, 1278–1308 (1975)
Ahn, G.J., Sandhu, R.: The RSL99 Language for Rolebased Separation of duty constraints. In: Proceedings of the 4th ACM Workshop on Role-based Access Control, pp. 43–54 (1999)
Nyanchama, M., Osborn, S.: The role-graph model and conflict of interest. ACM Transactions on Information and System Security 2, 3–33 (1999)
Thomas, R., Sandhu, R.: Conceptual Foundations for a Model of Task-based Authorizations. In: Proceedings of the 7th IEEE Computer Security Foundations Workshop, Franconia, NH, pp. 66–79 (1994)
Botha, R.A.: CoSAWoE: A Model for Context-sensitive Access Control in Workflow Environments. PhD Thesis, Johannesburg, South Africa, 87–100 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiang, H., Lu, S. (2007). Access Control for Workflow Environment: The RTFW Model. In: Shen, W., Luo, J., Lin, Z., Barthès, JP.A., Hao, Q. (eds) Computer Supported Cooperative Work in Design III. CSCWD 2006. Lecture Notes in Computer Science, vol 4402. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72863-4_63
Download citation
DOI: https://doi.org/10.1007/978-3-540-72863-4_63
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72862-7
Online ISBN: 978-3-540-72863-4
eBook Packages: Computer ScienceComputer Science (R0)