| Previous | [ 1] | [ 2] | [ 3] | [ 4] | [ 5] | [ 6] | [ 7] | [ 8] | [ 9] | [ 10] | [ 11] | [ 12] | [ 13] | [ 14] | [ 15] | [ 16] | [ 17] | [ 18] | [ 19] | [ 20] | [ 21] | [ 22] | [ 23] | [ 24] |
¡@
HWAI-JUNG HSU AND FENG-JIAN WANG
Institute of Computer Science and Engineering
National Chiao Tung University
Hsinchu, 300 Taiwan
E-mail: {hjhsu@csie; fjwang@cs}.nctu.edu.tw
Access control is important for protecting information integrity in workflow management
system (WfMS). Compared to conventional access control technology such as
discretionary, mandatory, and role-based access control models, task-role-based access
control (TRBAC) model, an access control model based on both tasks and roles, meets
more requirements for modern enterprise environments. However, few discussions on
delegation mechanisms for TRBAC are made. In this paper, a framework considering
temporal constraints to improve delegation and help automatic delegation in TRBAC is
presented. In the framework, the methodology for delegations requested from both users
and WfMS is discussed. The constraints for delegatee selection such as delegation loop
and separation of duty (SOD) are addressed. With the framework, a sequence of algorithms
for delegation and revocation of tasks are constructed gradually. Finally, a comparison
is made between our approach and the representative related works.
Received September 3, 2009; revised September 10, 2010; accepted December 6, 2010.
Communicated by Chih-Ping Chu.
* The preliminary work [13] of this study is presented in FTDC¡¦08 (Kunming, China, October 21-23, 2008) by Dr. Feng-Jian Wang.