Security in Web Based Work ow Management Systems

Web based work ows are increasingly becoming a viable choice for work ows that span multiple organizations Until recently Web technology has not been terribly secure However by utiliz ing appropriate encryption algorithms digital signatures and access control role based multilevel security Web based Work ow Management Systems can be made secure Since these systems include many subsystems Operating System Database System etc and may involve multiple organizations complete security solutions are enormously complex In this paper we sort out some of the more promising security alternatives and organize them into a security architecture suitable for Web based work ows Research issues addressed include how to provide convenient yet reliable work ow wide authentication how to share data objects which are under di erent authorizations how to combine role base access control and multilevel security and how to provide high security without signi cantly reducing performance of a distributed WfMS This security architecture is being implemented by enhancing the METEOR WebWork Web based Work ow Management Sys tem developed in the LSDIS lab at the University of Georgia to provide a testbed for comparing the alternatives presented in the paper