Role-Based Access Control Models
Computer
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
SecureFlow: a secure Web-enabled workflow management system
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Injecting RBAC to secure a Web-based workflow system
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An authorization model for temporal and derived data: securing information portals
ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Managing Workflow Authorization Constraints through Active Database Technology
Information Systems Frontiers
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Study of Least Privilege in CapBasED-AMS
COOPIS '98 Proceedings of the 3rd IFCIS International Conference on Cooperative Information Systems
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A rule-based framework for role-based delegation and revocation
ACM Transactions on Information and System Security (TISSEC)
Applying scheduling techniques to minimize the number of late jobs in workflow systems
Proceedings of the 2004 ACM symposium on Applied computing
Role-based cascaded delegation
Proceedings of the ninth ACM symposium on Access control models and technologies
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
A fine-grained, controllable, user-to-user delegation method in RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Viewing business-process security from different perspectives
International Journal of Electronic Commerce - Special issue: Developing the business components of the digital economy
Dynamic Work Distribution in Workflow Management Systems: How to Balance Quality and Performance
Journal of Management Information Systems
A Petri net based safety analysis of workflow authorization models^1
Journal of Computer Security
Fidelis: a policy-driven trust management framework
iTrust'03 Proceedings of the 1st international conference on Trust management
On delegation and workflow execution models
Proceedings of the 2008 ACM symposium on Applied computing
Delegation and satisfiability in workflow systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Revocation Schemes for Delegation Licences
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A Rule-Based Framework Using Role Patterns for Business Process Compliance
RuleML '08 Proceedings of the International Symposium on Rule Representation, Interchange and Reasoning on the Web
A security policy framework for context-aware and user preferences in e-services
Journal of Systems Architecture: the EUROMICRO Journal
Task-activity based access control for process collaboration environments
Computers in Industry
Graph-based delegation authorization in workflow
CCDC'09 Proceedings of the 21st annual international conference on Chinese control and decision conference
Collaboration for human-centric eGovernment workflows
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
SecurOntology: A semantic web access control framework
Computer Standards & Interfaces
Conceptual model for online auditing
Decision Support Systems
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
A relational database integrity framework for access control policies
Journal of Intelligent Information Systems
Enforcing access control in workflow systems with a task engineering approach
International Journal of Internet Technology and Secured Transactions
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
On the Prevention of Fraud and Privacy Exposure in Process Information Flow
INFORMS Journal on Computing
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Information and Software Technology
Hi-index | 0.00 |
One reason workflow systems have been criticized as being inflexible is that they lack support for delegation. This paper shows how delegation can be introduced in a workflow system by extending the role-based access control (RBAC) model. The current RBAC model is a security mechanism to implement access control in organizations by allowing users to be assigned to roles and privileges to be associated with the roles. Thus, users can perform tasks based on the privileges possessed by their own role or roles they inherit by virtue of their organizational position. However, there is no easy way to handle delegations within this model. This paper tries to treat the issues surrounding delegation in workflow systems in a comprehensive way. We show how delegations can be incorporated into the RBAC model in a simple and straightforward manner. The new extended model is called RBAC with delegation in a workflow context (DW-RBAC). It allows for delegations to be specified from a user to another user, and later revoked when the delegation is no longer required. The implications of such specifications and their subsequent revocations are examined. Several formal definitions for assertion, acceptance, execution and revocation are provided, and proofs are given for the important properties of our delegation framework.