Role-Based Access Control Models
Computer
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
The Consistency of Task-Based Authorization Constraints in Workflow Systems
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
A Role based Access Control for Web Services
SCC '04 Proceedings of the 2004 IEEE International Conference on Services Computing
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
Hi-index | 0.00 |
A successful execution of a Business Process (BP) is possible only if the proper coordination exists between (1) BP's execution policy, (2) BP's authorization policy, and (3) the authorization policies of BP's resources. Hence, there is a need of an effective authorization model that brings all types of policies together for a BP executing successfully without breaking any authorization and business rules. This paper proposes a Petri-Net process model, Process-Aware Service-Oriented Authorization Control Net (PASOAC-Net). PASOAC-Net is developed based on the conceptual model PASOAC, an extension of Role Based Access Control (RBAC), which takes both resources and users into account. A set of authorization constraints is designed in PASOAC to coordinate the user access and the resource support in a process environment.