Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21] [ 22] [ 23] [ 24]

@

Journal of Information Science and Engineering, Vol. 27 No. 3, pp. 1011-1028 (May 2011)

A Delegation Framework for Task-Role Based Access Control in WFMS*

HWAI-JUNG HSU AND FENG-JIAN WANG
Institute of Computer Science and Engineering
National Chiao Tung University
Hsinchu, 300 Taiwan
E-mail: {hjhsu@csie; fjwang@cs}.nctu.edu.tw

Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, few discussions on delegation mechanisms for TRBAC are made. In this paper, a framework considering temporal constraints to improve delegation and help automatic delegation in TRBAC is presented. In the framework, the methodology for delegations requested from both users and WfMS is discussed. The constraints for delegatee selection such as delegation loop and separation of duty (SOD) are addressed. With the framework, a sequence of algorithms for delegation and revocation of tasks are constructed gradually. Finally, a comparison is made between our approach and the representative related works.

Keywords: delegation, task-role-based access control (TRBAC), workflow management system (WfMS), separation of duty (SOD), time constraints

Full Text () Retrieve PDF document (201105_13.pdf)

Received September 3, 2009; revised September 10, 2010; accepted December 6, 2010.
Communicated by Chih-Ping Chu.
* The preliminary work [13] of this study is presented in FTDC08 (Kunming, China, October 21-23, 2008) by Dr. Feng-Jian Wang.