Revocation Schemes for Delegation Licences
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
| Hi-index | 0.01 |
With the progress of enterprise globalization and the development of combination and differentiation in enterprise business, organizations become more dynamic, and business processes are frequently changing. As a result, workflow access control turns more complicated. To solve this problem, in view of decoupling the workflow access control model from the process model, a delegation-based workflow access control (DBWAC) model is presented. This paper proposes the concept of virtual delegator (VD) in order to manage the permissions involved in a task of a process. In DBWAC, permissions are associated with VD. VD can delegate its permissions to a user who can carry out a task that the VD is associated with. And when the user is out of task, permissions can be revocation. The elements of the DBWAC model are described and the main idea, delegation and revocation policies of the DBWAC model are discussed respectively.