A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems

ACM Workshop on Role-Based Access Control Pub Date : 1997-11-06 DOI:10.1145/266741.266746

E. Bertino, E. Ferrari, V. Atluri

{"title":"A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems","authors":"E. Bertino, E. Ferrari, V. Atluri","doi":"10.1145/266741.266746","DOIUrl":null,"url":null,"abstract":"In recent years, workflow management systems (WFMSs) have gained popularity both in research as well as in commercial sectors. WFMSs are used to coordinate and streamline business processes of an organization. Often, very large WFMSs are used in organizations with users in the range of several thousands and number of process instances in the range of tens of thousands. To simplify the complexity of security administration, it is a common practice in many business organizations to allocate a role to perform each activity in the process and then assign one or more users to each role, and granting an authorization to roles rather than to users. Typically the security policies of the organization are expressed as constraints on users and roles. a well-known constraint is separation of duties. Unfortunately, current role-based access control models are not adequate to model such constraints. To address this issue, in this paper, (1) we present a language to express authorization constraints as clauses in a logic program, (2) provide formal notions of constraint consistency, and (3) propose algorithms to check for the consistency of the constraints and to assign roles and users to the workflow tasks in such a way that no constraints are violated.","PeriodicalId":355233,"journal":{"name":"ACM Workshop on Role-Based Access Control","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"113","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Role-Based Access Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/266741.266746","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 113

Abstract

In recent years, workflow management systems (WFMSs) have gained popularity both in research as well as in commercial sectors. WFMSs are used to coordinate and streamline business processes of an organization. Often, very large WFMSs are used in organizations with users in the range of several thousands and number of process instances in the range of tens of thousands. To simplify the complexity of security administration, it is a common practice in many business organizations to allocate a role to perform each activity in the process and then assign one or more users to each role, and granting an authorization to roles rather than to users. Typically the security policies of the organization are expressed as constraints on users and roles. a well-known constraint is separation of duties. Unfortunately, current role-based access control models are not adequate to model such constraints. To address this issue, in this paper, (1) we present a language to express authorization constraints as clauses in a logic program, (2) provide formal notions of constraint consistency, and (3) propose algorithms to check for the consistency of the constraints and to assign roles and users to the workflow tasks in such a way that no constraints are violated.

查看原文本刊更多论文

一个灵活的模型，支持工作流管理系统中基于角色的授权的规范和实施

近年来，工作流管理系统(WFMSs)在研究和商业领域都得到了广泛的应用。wfms用于协调和简化组织的业务流程。通常，非常大的wfms用于用户在数千人左右，流程实例数量在数万人左右的组织中。为了简化安全管理的复杂性，在许多业务组织中，一种常见的做法是分配一个角色来执行流程中的每个活动，然后为每个角色分配一个或多个用户，并向角色而不是用户授予授权。通常，组织的安全策略表示为对用户和角色的约束。一个众所周知的约束是职责分离。不幸的是，当前基于角色的访问控制模型不足以对此类约束进行建模。为了解决这个问题，在本文中，(1)我们提出了一种语言来将授权约束表达为逻辑程序中的子句，(2)提供约束一致性的形式化概念，以及(3)提出算法来检查约束的一致性，并以不违反约束的方式将角色和用户分配给工作流任务。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Role-Based Access Control

自引率

0.00%

发文量