Managing Workflow Authorization Constraints through Active Database Technology
Information Systems Frontiers
| Hi-index | 0.00 |
Workflow design involves modeling different aspects of abusiness process. Among these aspects, workflow design shouldconsider also security requirements. These relate to theauthorizations for the users in the organization to executeworkflow tasks according to the security policies about handlingbusiness processes and workflow data. This paper presents anapproach based on triggers to specify and enforce workflowauthorization constraints for a flexible assignment of tasks toroles and agents. The approach has been conceived in the frameworkof the WIDE Workflow Management System. Authorization triggersspecify when and how the set of authorizations for a given workflowshould be changed and which actions should be taken by the systemor by the administrator. A basic set of triggers is providedenforcing security policies common to workflow systems, such asneed-to-know and task confinement. Methodological issues related totrigger design for a given workflow application are discussed andan approach based on authorization patterns is illustrated. Thepaper shows how authorization patterns can be instantiated intotriggers and briefly discusses aspects related to the analysis of aset of authorization triggers defined for a given workflowapplication.