Access Control in Document-centric Workflow Systems An Agent-based Approach
暂无分享,去创建一个
Workflow Systems are increasingly being used to streamline organizations' business processes. During the execution of business processes, information often traverses organizations' networks as documents. With the proliferation of the Internet, documents travel across open networks. These documents can, however, contain potentially sensitive information. The documents used in Workflow Systems must therefore be protected from unauthorized access. This paper enumerates three access control requirements of workflow environments, including the well-known principle of separation of duty. Thereafter the CSAC (Context-sensitive Access Control) model is presented to address the requirements. In conclusion it is demonstrated how this model can be implemented in an agent-based architecture.
[1] D. Richard Kuhn,et al. Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.
[2] Francis Fung,et al. A prototype secure workflow server , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).
[3] Vijayalakshmi Atluri,et al. An Authorization Model for Workflows , 1996, ESORICS.
[4] Elisa Bertino,et al. The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.