A Secure Workflow System for Dynamic Collaboration

The emergence of the Internet has broken down geographic and organizational boundaries, providing a virtual common workplace regardless of the heterogeneity of participating organizations. Enterprise projects that used to be done autonomously now span multiple organizations. While an inter-organizational workflow, as one of several technologies supporting inter-organizational collaboration, provides an easy-to-use collaborative work environment for users, it also increases the complexity of security maintenance and brings about security problems that are not considered before. Unconventional collaborations among business and organizations are formed to advance common goals. In this paper, we address the security services to support inter-organizational collaborative enterprises, which may span multiple organizations, and describe how we develop a secure workflow system to satisfy the requirements by integrating with existing, well known technologies. Although we apply our ideas to particular technologies, such as workflows and RBAC, in this paper, we believe it is always possible to apply our approaches to other systems, which support many users from different organizations.

[1]  Ward Rosenberry,et al.  Understanding DCE , 1992 .

[2]  Joon S. Park,et al.  Smart Certi cates: Extending X.509 for Secure Attribute Services on the Web , 1999 .

[3]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[4]  Ravi S. Sandhu,et al.  Secure Cookies on the Web , 2000, IEEE Internet Comput..

[5]  Myong H. Kang,et al.  Tools to support secure enterprise computing , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[6]  Amit P. Sheth,et al.  ORBWork: A CORBA-Based Fully Distributed, Scalable and Dynamic Workflow Enactment Service for METEOR , 1998 .

[7]  Wil M. P. van der Aalst,et al.  Diagnosing Workflow Processes using Woflan , 2001, Comput. J..

[8]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[9]  Ravi S. Sandhu,et al.  Binding identities and attributes using digitally signed certificates , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[10]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[11]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  Amit P. Sheth,et al.  A Multilevel Secure Workflow Management System , 1999, CAiSE.

[14]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[15]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[16]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[17]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[18]  Carlisle M. Adams The Simple Public-Key GSS-API Mechanism (SPKM) , 1996, RFC.