Managing heterogeneous multi-system tasks to support enterprise-wide operations
Distributed and Parallel Databases - Special issue on software support for work flow management
Role-Based Access Control Models
Computer
Decentralized user-role assignment for Web-based intranets
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
WebWork: METEOR_2‘s Web-Based Workflow Management System
Journal of Intelligent Information Systems - Special issue on workflow management systems
RBAC on the Web by smart certificates
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Engineering authority and trust in cyberspace: the OM-AM and RBAC way
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A client/server architecture for distributed workflow management systems
PDIS '94 Proceedings of the third international conference on on Parallel and distributed information systems
The URA97 Model for Role-Based User-Role Assignment
Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects
Secure attribute services on the web
Secure attribute services on the web
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Role-based access control on the web using LDAP
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Secure role-based workflow models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Organizational Management in Workflow Applications – Issues and Perspectives
Information Technology and Management
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Role-based authorizations for workflow systems in support of task-based separation of duty
Journal of Systems and Software
Access control in collaborative systems
ACM Computing Surveys (CSUR)
Preventing information leakage within workflows that execute among competing organizations
Journal of Systems and Software - Special issue: Software engineering education and training
DPE/PAC: decentralized process engine with product access control
Journal of Systems and Software
PRES: a practical flexible RBAC workflow system
ICEC '05 Proceedings of the 7th international conference on Electronic commerce
Secure Interoperation in a Multidomain Environment Employing RBAC Policies
IEEE Transactions on Knowledge and Data Engineering
A Rule-Based Framework Using Role Patterns for Business Process Compliance
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
Task-activity based access control for process collaboration environments
Computers in Industry
RBAC for Organisation and Security in an Agent Coordination Infrastructure
Electronic Notes in Theoretical Computer Science (ENTCS)
Injecting a permission-based delegation model to secure web-based workflow systems
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A dynamic web service-based trust and reputation scheme for scientific workflows
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
An approach for implementation of RBAC models with context constraint to business process systems
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
A flexible way for adaptive secured service-oriented business processes modeling
Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications
Flexible workflow incorporated with RBAC
CSCWD'05 Proceedings of the 9th international conference on Computer Supported Cooperative Work in Design II
Verifying BPEL workflows under authorisation constraints
BPM'06 Proceedings of the 4th international conference on Business Process Management
Towards a Flexible and Adaptable Modeling of Business Processes
International Journal of Information Technology and Web Engineering
Supporting entailment constraints in the context of collaborative web applications
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the workflow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).