Managing Workflow Authorization Constraints through Active Database Technology

  • Authors:
  • Fabio Casati;Silvana Castano;Mariagrazia Fugini

  • Affiliations:
  • Hewlett-Packard Laboratories, 1501 Page Mill road, Palo Alto, CA, 94304, USA. casati@hpl.hp.com;Dipartimento di Scienze dell'Informazione-Università di Milano, Via Comelico 39—I-20135 Milano, Italy. castano@dsi.unimi.it;Dipartimento di Elettronica e Informazione, Politecnico di Milano, Piazza L. Da Vinci, 32—I-20133 Milano, Italy. fugini@elet.polimi.it

  • Venue:
  • Information Systems Frontiers
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

The execution of workflow processes requires authorizations for enforcing the assignment of tasks to agents, either human or automated, according to the security policy of the organization. This paper presents a workflow authorization framework based on roles and organizational levels, and on authorization constraints. To facilitate the assignment of tasks to agents, roles and organizational levels are organized into hierarchies. Authorization constraints are introduced to specify instance-dependent, time-dependent, and history-dependent authorizations. Authorization constraints are specified in terms of active rules, used also for authorization management. The Workflow Management System determines authorized agents on the basis of the contents of an authorization base maintained through the active rules defined in the system.