Skip to main content
SpringerLink
Log in

An Extended RBAC Model for Task Delegation in Workflow Systems

  • Conference paper
Workshops on Business Informatics Research (BIR 2011)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 106))

Included in the following conference series:

Abstract

In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider only delegation in presence of the role type, which have some inherent limitations to task delegation in workflow systems. In this paper, we address task delegation in a workflow and elaborate a security model supporting delegation constraints. Delegation constraints express security requirements with regards to task’s resources, user’s assignment and privileges (delegation of authority). Further, we show how, using a role-based security model, we inject formalised delegation constraints to compute principals and privileges to be specified into delegation policies within an access control framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: SACMAT 2005: The Tenth ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 49–58 (2005)

    Google Scholar 

  2. Crampton, J., Khambhammettu, H.: On delegation and workflow execution models. In: SAC 2008: Proceedings of the 2008 ACM Symposium on Applied Computing, pp. 2137–2144. ACM, New York (2008)

    Google Scholar 

  3. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  4. Gaaloul, K.: A Secure Framework for Dynamic Task Delegation in Workflow Management Systems, Ph.D. thesis, The University of Henri Poincaré, Nancy, France (2010)

    Google Scholar 

  5. Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 168–176. IEEE Computer Society, Washington, DC, USA (2000)

    Google Scholar 

  7. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 149–157. ACM Press, New York (2003)

    Chapter  Google Scholar 

  8. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Zur Muehlen, M.: Workflow-based Process Controlling. Foundation, Design, and Application of workflow-driven Process Information Systems. Logos Verlag, Berlin (2004)

    Google Scholar 

  10. Curtis, B., Kellner, M.I., Over, J.: Process modeling. Commun. ACM 35(9), 75–90 (1992)

    Article  Google Scholar 

  11. WFMC, The Workflow Management Coalition: Workflow Management Coalition Terminology and Glossary (1999); Document Number WFMC-TC-1011

    Google Scholar 

  12. Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 31–40. ACM, New York (2008)

    Chapter  Google Scholar 

  13. Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3), 666–682 (2001)

    Article  Google Scholar 

  14. Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0, Committee specification, OASIS (2005)

    Google Scholar 

  15. Chadwick, D.W., Otenko, A.: The permis x.509 role based privilege management infrastructure. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 135–140. ACM, New York (2002)

    Chapter  Google Scholar 

  16. Chadwick, D.W., Otenko, S., Nguyen, T.A.: Adding support to xacml for multi-domain user to user dynamic delegation of authority. Int. Journal Information Security 8(2), 137–152 (2009)

    Article  Google Scholar 

  17. Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (tbac): A family of models for active and enterprise-oriented autorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI, pp. 166–181. Chapman & Hall, Ltd., London (1998)

    Google Scholar 

  18. Thomas, R.K.: Team-based access control (tmac): a primitive for applying role-based access controls in collaborative environments. In: RBAC 1997: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 13–19. ACM, New York (1997)

    Chapter  Google Scholar 

  19. Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: GRID 2005: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, pp. 49–54. IEEE Computer Society, Washington, DC, USA (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Public Research Centre Henri Tudor, L-1855, Luxembourg-Kirchberg, Luxembourg

    Khaled Gaaloul & Erik Proper

  2. Radboud University Nijmegen, P.O. BOX 9010, 6500 GL, Nijmegen, The Netherlands

    Erik Proper

  3. LORIA, Université de Lorraine, BP 239, F-54506, Vandœuvre-lès-Nancy Cedex, France

    François Charoy

Authors
  1. Khaled Gaaloul
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Erik Proper
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. François Charoy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computing, University of Latvia, Riga, Latvia

    Laila Niedrite

  2. Riga Technical University, Riga, Latvia

    Renate Strazdina

  3. Stockholm University, Kista, Sweden

    Benkt Wangler

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gaaloul, K., Proper, E., Charoy, F. (2012). An Extended RBAC Model for Task Delegation in Workflow Systems. In: Niedrite, L., Strazdina, R., Wangler, B. (eds) Workshops on Business Informatics Research. BIR 2011. Lecture Notes in Business Information Processing, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29231-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29231-6_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29230-9

  • Online ISBN: 978-3-642-29231-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation