Dynamic Authorisation Policies for Event-Based Task Delegation

  • Khaled Gaaloul
  • Ehtesham Zahoor
  • François Charoy
  • Claude Godart
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6051)


Task delegation presents one of the business process security leitmotifs. It defines a mechanism that bridges the gap between both workflow and access control systems. There are two important issues relating to delegation, namely allowing task delegation to complete, and having a secure delegation within a workflow. Delegation completion and authorisation enforcement are specified under specific constraints. Constraints are defined from the delegation context implying the presence of a fixed set of delegation events to control the delegation execution.

In this paper, we aim to reason about delegation events to specify delegation policies dynamically. To that end, we present an event-based task delegation model to monitor the delegation process. We then identify relevant events for authorisation enforcement to specify delegation policies. Moreover, we propose a technique that automates delegation policies using event calculus to control the delegation execution and increase the compliance of all delegation changes in the global policy.


Workflow task delegation policy event calculus 


  1. 1.
    Venter, K., Olivier, M.S.: The delegation authorization model: A model for the dynamic delegation of authorization rights in a secure workflow management system. In: CCITT Recommendation X.420, Blue Book (2002)Google Scholar
  2. 2.
    Vijayalakshmi, A., Janice, W.: Supporting conditional delegation in secure workflow management systems. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 49–58. ACM, New York (2005)Google Scholar
  3. 3.
    Gaaloul, K., Charoy, F.: Task delegation based access control models for workflow systems. In: I3E 2009: Proceedings of Software Services for e-Business and e-Society, 9th IFIP WG 6.1 Conference on e-Business, e-Services and e-Society, Nancy, France, September 23-25. IFIP, vol. 305. Springer, Heidelberg (2009)Google Scholar
  4. 4.
    Gaaloul, K., Miseldine, P., Charoy, F.: Towards proactive policies supporting event-based task delegation. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 99–104 (2009)Google Scholar
  5. 5.
    Atluri, V., Huang, W., Bertino, E.: An execution model for multilevel seccure workflows. In: Proceedings of the IFIP WG11.3 Eleventh International Conference on Database Security, pp. 151–165. Chapman & Hall, Ltd., London (1998)Google Scholar
  6. 6.
    Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for xml document sources. World Wide Web 3(3), 139–151 (2000)zbMATHCrossRefGoogle Scholar
  7. 7.
    Crampton, J., Khambhammettu, H.: Delegation in role-based access control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Kowalski, R.A., Sergot, M.J.: A logic-based calculus of events. New Generation Comput. 4(1), 67–95 (1986)CrossRefGoogle Scholar
  9. 9.
    Zahoor, E., Perrin, O., Godart, C.: A declarative approach to timed-properties aware Web services composition, INRIA internal report 00455405 (February 2010)Google Scholar
  10. 10.
    Mueller, E.T.: Commonsense Reasoning. Morgan Kaufmann Publishers Inc., USA (2006)Google Scholar
  11. 11.
    Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  12. 12.
    Barka, E., Sandhu, R.: Framework for role-based delegation models. In: ACSAC 2000: Proceedings of the 16th Annual Computer Security Applications Conference, Washington, DC, USA, p. 168. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  13. 13.
    Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 149–157. ACM Press, New York (2003)CrossRefGoogle Scholar
  14. 14.
    Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: Proceedings of 6th IEEE/ACM International Conference on Grid Computing (GRID 2005), Seattle, Washington, USA, November 13-14, pp. 49–54 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Khaled Gaaloul
    • 1
  • Ehtesham Zahoor
    • 1
  • François Charoy
    • 1
  • Claude Godart
    • 1
  1. 1.LORIA - Nancy University - UMR 7503, BP 239Vandœuvre-lès-Nancy CedexFrance

Personalised recommendations