A Secure Workflow Model Based on Distributed Constrained Role and Task Assignment for the Internet
- 696 Downloads
A new Workflow Management System (WFMS) model is presented, that uses a Trust Establishment framework. This new model enables creating dynamic user-role assignment where not all users are known in advance. Thus it can fit into dynamic environments where new users are added, or credentials of existing users are revoked, like on the Web. The model is composed of three distributed agents called Credentials Collector, Role Manager and Task Manager that communicate with each other. The Credentials Collector is responsible for collecting all the needed credentials in order to allow membership of a user in a role, the Role Manager is required to find a suitable user-role assignment which satisfy role assignment constraints, and the Task Manager has to find an assignment of users/roles to tasks which satisfy the workflow constraints. The agents use constraint processing to solve their respective problems, and also attempt to achieve an optimized solution.
KeywordsConstraint Satisfaction Problem Task Manager Role Manager Access Control Model Role Assignment
Unable to display preview. Download preview PDF.
- 1.Stohr, E.A., Zhao, J.L.: Workflow automation: Overview and research issues. Information Systems Frontiers: Sp. Iss. on Workflow Automatio 3 (2001)Google Scholar
- 2.Atluri, V., Bertino, E., Ferrari, E., Mazzoleni, P.: Supporting delegation in secure workflow management systems. In: IFIP WG 11.3 Conf. Data and App. Security, pp. 199–212 (2003)Google Scholar
- 4.Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symp. Sec. and Priv (S&P), pp. 2–14 (2000)Google Scholar
- 6.Herzberg, A., Mass, Y.: Relying party credentials framework. In: Proceedings of the RSA Conference, pp. 328–3432 (2001)Google Scholar
- 7.Goss, S., Heinze, C., Papasimeon, M., Pearce, A., Sterling, L.: Towards reuse in agent oriented information systems: the importance of being purposive. In: Giorgini, P., Henderson-Sellers, B., Winikoff, M. (eds.) AOIS 2003. LNCS (LNAI), vol. 3030, pp. 30–37. Springer, Heidelberg (2004)CrossRefGoogle Scholar
- 9.Sandhu, R.S., Coyne, E.J., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29, 38–47 (1996)Google Scholar
- 11.Nyanchama, M., Osborn, S.: Access rights administration in role-based security systems. In: IFIP WG11.3 Working Conference on Database Security VII, pp. 37–56 (1994)Google Scholar
- 13.Mass, Y., Shehory, O.: Distributed trust in open multi-agent systems. In: Trust in Cybersocieties, Integrating the Human and Artificial Perspectives, pp. 159–174 (2000)Google Scholar
- 14.Dechter, R.: Constraint Processing. Morgan Kaufmann, San Francisco (2003)Google Scholar
- 16.Bratko, I.: Prolog Programming for Artificial Intelligence. Addison-Wesley, Reading (2001)Google Scholar