A Secure Workflow Model Based on Distributed Constrained Role and Task Assignment for the Internet

  • Ilanit Moodahi
  • Ehud Gudes
  • Oz Lavee
  • Amnon Meisels
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)


A new Workflow Management System (WFMS) model is presented, that uses a Trust Establishment framework. This new model enables creating dynamic user-role assignment where not all users are known in advance. Thus it can fit into dynamic environments where new users are added, or credentials of existing users are revoked, like on the Web. The model is composed of three distributed agents called Credentials Collector, Role Manager and Task Manager that communicate with each other. The Credentials Collector is responsible for collecting all the needed credentials in order to allow membership of a user in a role, the Role Manager is required to find a suitable user-role assignment which satisfy role assignment constraints, and the Task Manager has to find an assignment of users/roles to tasks which satisfy the workflow constraints. The agents use constraint processing to solve their respective problems, and also attempt to achieve an optimized solution.


Constraint Satisfaction Problem Task Manager Role Manager Access Control Model Role Assignment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Stohr, E.A., Zhao, J.L.: Workflow automation: Overview and research issues. Information Systems Frontiers: Sp. Iss. on Workflow Automatio 3 (2001)Google Scholar
  2. 2.
    Atluri, V., Bertino, E., Ferrari, E., Mazzoleni, P.: Supporting delegation in secure workflow management systems. In: IFIP WG 11.3 Conf. Data and App. Security, pp. 199–212 (2003)Google Scholar
  3. 3.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Info. and Sys. Security 2, 65–104 (1999)CrossRefGoogle Scholar
  4. 4.
    Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. In: IEEE Symp. Sec. and Priv (S&P), pp. 2–14 (2000)Google Scholar
  5. 5.
    Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Info. and Sys. Security 6, 501–546 (2003)CrossRefGoogle Scholar
  6. 6.
    Herzberg, A., Mass, Y.: Relying party credentials framework. In: Proceedings of the RSA Conference, pp. 328–3432 (2001)Google Scholar
  7. 7.
    Goss, S., Heinze, C., Papasimeon, M., Pearce, A., Sterling, L.: Towards reuse in agent oriented information systems: the importance of being purposive. In: Giorgini, P., Henderson-Sellers, B., Winikoff, M. (eds.) AOIS 2003. LNCS (LNAI), vol. 3030, pp. 30–37. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Trans. Info. and Sys. Security 2, 3–33 (1999)CrossRefGoogle Scholar
  9. 9.
    Sandhu, R.S., Coyne, E.J., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29, 38–47 (1996)Google Scholar
  10. 10.
    Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Trans. Info. and Sys. Security 3, 207–226 (2000)CrossRefGoogle Scholar
  11. 11.
    Nyanchama, M., Osborn, S.: Access rights administration in role-based security systems. In: IFIP WG11.3 Working Conference on Database Security VII, pp. 37–56 (1994)Google Scholar
  12. 12.
    Yao, W., Moody, K., Bacon, J.: A model of oasis role-based access control and its support for active security. ACM Trans. Info. and Sys. Security 5, 492–540 (2002)CrossRefGoogle Scholar
  13. 13.
    Mass, Y., Shehory, O.: Distributed trust in open multi-agent systems. In: Trust in Cybersocieties, Integrating the Human and Artificial Perspectives, pp. 159–174 (2000)Google Scholar
  14. 14.
    Dechter, R.: Constraint Processing. Morgan Kaufmann, San Francisco (2003)Google Scholar
  15. 15.
    Marriott, K., Stuckey, P.: Programming with Constraints: An Introduction. MIT Press, Cambridge (1998)zbMATHGoogle Scholar
  16. 16.
    Bratko, I.: Prolog Programming for Artificial Intelligence. Addison-Wesley, Reading (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ilanit Moodahi
    • 1
  • Ehud Gudes
    • 1
  • Oz Lavee
    • 1
  • Amnon Meisels
    • 1
  1. 1.Department of Computer ScienceBen-Gurion University of the NegevBeer-ShevaIsrael

Personalised recommendations