Workflow design involves modeling different aspects of a business process as well as security requirements. This paper presents an approach based on triggers to specify and enforce workflow authorization constraints for a flexible assignment of tasks to roles and agents. The approach has been conceived in the framework of the WIDE workflow management system. Authorization triggers specify when and how the set of authorizations for a given workflow should be changed and which actions should be taken by the system or by the administrator. A basic set of triggers is provided enforcing security policies common to workflow systems. Methodological issues related to trigger design for a given workflow application are discussed and an approach based on authorization patterns is illustrated. The paper shows how authorization patterns can be instantiated into triggers and discusses briefly aspects related to the analysis of a set of authorization triggers defined for a given workflow application
Enforcing workflow authorization constraints using triggers / F. Casati, S. Castano, M. Fugini. - In: JOURNAL OF COMPUTER SECURITY. - ISSN 0926-227X. - 6:4(1998), pp. 257-285. [10.3233/JCS-1998-6403]
Enforcing workflow authorization constraints using triggers
S. CastanoSecondo
;
1998
Abstract
Workflow design involves modeling different aspects of a business process as well as security requirements. This paper presents an approach based on triggers to specify and enforce workflow authorization constraints for a flexible assignment of tasks to roles and agents. The approach has been conceived in the framework of the WIDE workflow management system. Authorization triggers specify when and how the set of authorizations for a given workflow should be changed and which actions should be taken by the system or by the administrator. A basic set of triggers is provided enforcing security policies common to workflow systems. Methodological issues related to trigger design for a given workflow application are discussed and an approach based on authorization patterns is illustrated. The paper shows how authorization patterns can be instantiated into triggers and discusses briefly aspects related to the analysis of a set of authorization triggers defined for a given workflow application
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
