Assignment of tasks to agents in a workflow (WF) system should occur according to security policies regarding user authorizations to access data and documents through the WF tasks. The paper presents an approach for discretionary secure assignment of tasks to agents taking into account authorization constraints, in the framework of the WIDE (Workflow Interactive Development Environment) WF management system. The approach is based on the concepts of role, agent, and task, and on authorization patterns and rules. Security rules (or triggers) specify which actions (e.g., security warnings, logs, audit actions) should be taken when a security violation (event) occurs, following the ECA paradigm of active databases. A basic set of rules is provided in the abstracted form of authorization patterns which are generic rule skeletons to be properly instantiated to enforce authorization constraints in a given WF application
Rules and patterns for security in workflow systems / S. Castano, M. Grazia Fugini - In: Database Security XII: Status and Prospects[s.l] : Kluwer, 1999. - ISBN 0-7923-8488-1. (( convegno Proceedings of Annual Working Conference on Database Security: Status and Prospects tenutosi a Chalkidiki, Greece nel 15-17 July 1998.
Rules and patterns for security in workflow systems
S. CastanoPrimo
;
1999
Abstract
Assignment of tasks to agents in a workflow (WF) system should occur according to security policies regarding user authorizations to access data and documents through the WF tasks. The paper presents an approach for discretionary secure assignment of tasks to agents taking into account authorization constraints, in the framework of the WIDE (Workflow Interactive Development Environment) WF management system. The approach is based on the concepts of role, agent, and task, and on authorization patterns and rules. Security rules (or triggers) specify which actions (e.g., security warnings, logs, audit actions) should be taken when a security violation (event) occurs, following the ECA paradigm of active databases. A basic set of rules is provided in the abstracted form of authorization patterns which are generic rule skeletons to be properly instantiated to enforce authorization constraints in a given WF application
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
