Injecting a permission-based delegation model to secure web-based workflow systems

Abstract

Web-based workflow systems have emerged in almost every business because they can support dynamic business processes over heterogeneous computing systems which is the requirement of a modern business. At the same time security and flexibility have become the two most important aspects in those systems. Role-based Access Control has been injected to Web-based workflow systems to control access (without hindering the process), which has greatly facilitated the access control management. However, a high-level user may want to delegate one of his permissions to a member. In this case, a flexible delegation would be required to achieve this functionality. In this research, we investigated the idea of delegation and developed a framework for injecting Permission-based Delegation Model (PBDM(WEB)) to secure Web-based workflow systems. PBDM(WEB) supports Role-based Access Control, flexible permission-based delegation and ability-based delegation, interoperation among multi-domain systems and consistency of authorization.