PASOAC-Net: A Petri-Net Model to Manage Authorization in Service-Based Business Process

  • Haiyang Sun
  • Weiliang Zhao
  • Surya Nepal
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7636)


A successful execution of a Business Process (BP) is possible only if the proper coordination exists between (1) BP’s execution policy, (2) BP’s authorization policy, and (3) the authorization policies of BP’s resources. Hence, there is a need of an effective authorization model that brings all types of policies together for a BP executing successfully without breaking any authorization and business rules. This paper proposes a Petri-Net process model, Process-Aware Service-Oriented Authorization Control Net (PASOAC-Net). PASOAC-Net is developed based on the conceptual model PASOAC, an extension of Role Based Access Control (RBAC), which takes both resources and users into account. A set of authorization constraints is designed in PASOAC to coordinate the user access and the resource support in a process environment.


Business Process Resource Type User Access Resource Support Authorization Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Sandhu, R.S., Coyne, E., Feinstein, H., Youman, C.: Role-based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  2. 2.
    Ahn, G., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Transactions on Information and System Security (TISSEC) 3(4), 207–226 (2000)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D., Sandhu, R., et al.: Proposed NIST Standard for Role-Based Access Control. TISSEC 4(3), 224–274 (2001)CrossRefGoogle Scholar
  4. 4.
    Atluri, V., Huang, W.-K.: An Authorization Model for Workflows. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 44–64. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  5. 5.
    Tan, K., Crampton, J., Gunter, C.A.: The consistency of task-based authorization constraints in workflow. In: IEEE Workshop of Comp. Security Foundations (2004)Google Scholar
  6. 6.
    Wonohoesodo, R., Tari, Z.: A Role Based Access Control for Web Services. In: Proceedings of SCC, pp. 49–56 (2004)Google Scholar
  7. 7.
    Fischer, J., Majumdar, R.: A Theorey of Role Composition. In: Proceedings of ICWS, pp. 49–56 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Haiyang Sun
    • 1
  • Weiliang Zhao
    • 2
  • Surya Nepal
    • 3
  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia
  2. 2.Faculty of EngineeringUniversity of WollongongWollongongAustralia
  3. 3.CSIRO ICT CentreSydneyAustralia

Personalised recommendations