Inter-instance authorization constraints for secure workflow management
Proceedings of the eleventh ACM symposium on Access control models and technologies
The Contract Net Protocol: High-Level Communication and Control in a Distributed Problem Solver
IEEE Transactions on Computers
Definition and enactment of instance-spanning process constraints
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Hi-index | 0.00 |
Role-Based Access Control (RBAC) model has been developed as an alternative to traditional approaches to handle access control in workflow systems. Accordingly, authorisation constraints must be defined to enforce the legal assignment of access privileges to roles and roles to users. The authorisation planning ensures that there is at least one way to complete the workflow instance without breaching any of the authorisation constraints. Authorisation planning with considering intra-instance constraints has been discussed in the research literature. However, the inter-instance constraints also need to be considered to mitigate the security fraud. In this paper, a novel authorisation system that incorporates intra-instance and inter-instance constraints is proposed. It includes the planning phase, the execution phase, and the adjustment phase. It is in charge of generating user/role assignment plans, verifying them and eventually updating them to take into account the dynamic (intra-instance and inter-instance) constraints. Besides, grounded upon agent technology and publish-subscribe communication model, a mechanism for the consideration of dynamic constraints (intra-instance and inter-intance) to generate valid assignment plans is demonstrated.