Abstract
In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider only delegation in presence of the role type, which have some inherent limitations to task delegation in workflow systems. In this paper, we address task delegation in a workflow and elaborate a security model supporting delegation constraints. Delegation constraints express security requirements with regards to task’s resources, user’s assignment and privileges (delegation of authority). Further, we show how, using a role-based security model, we inject formalised delegation constraints to compute principals and privileges to be specified into delegation policies within an access control framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: SACMAT 2005: The Tenth ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 49–58 (2005)
Crampton, J., Khambhammettu, H.: On delegation and workflow execution models. In: SAC 2008: Proceedings of the 2008 ACM Symposium on Applied Computing, pp. 2137–2144. ACM, New York (2008)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Gaaloul, K.: A Secure Framework for Dynamic Task Delegation in Workflow Management Systems, Ph.D. thesis, The University of Henri Poincaré, Nancy, France (2010)
Crampton, J., Khambhammettu, H.: Delegation in Role-Based Access Control. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 174–191. Springer, Heidelberg (2006)
Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 168–176. IEEE Computer Society, Washington, DC, USA (2000)
Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 149–157. ACM Press, New York (2003)
Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow Resource Patterns: Identification, Representation and Tool Support. In: Pastor, Ó., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005)
Zur Muehlen, M.: Workflow-based Process Controlling. Foundation, Design, and Application of workflow-driven Process Information Systems. Logos Verlag, Berlin (2004)
Curtis, B., Kellner, M.I., Over, J.: Process modeling. Commun. ACM 35(9), 75–90 (1992)
WFMC, The Workflow Management Coalition: Workflow Management Coalition Terminology and Glossary (1999); Document Number WFMC-TC-1011
Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: SACMAT 2008: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 31–40. ACM, New York (2008)
Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Systems Journal 40(3), 666–682 (2001)
Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0, Committee specification, OASIS (2005)
Chadwick, D.W., Otenko, A.: The permis x.509 role based privilege management infrastructure. In: SACMAT 2002: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, pp. 135–140. ACM, New York (2002)
Chadwick, D.W., Otenko, S., Nguyen, T.A.: Adding support to xacml for multi-domain user to user dynamic delegation of authority. Int. Journal Information Security 8(2), 137–152 (2009)
Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (tbac): A family of models for active and enterprise-oriented autorization management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI, pp. 166–181. Chapman & Hall, Ltd., London (1998)
Thomas, R.K.: Team-based access control (tmac): a primitive for applying role-based access controls in collaborative environments. In: RBAC 1997: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 13–19. ACM, New York (1997)
Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: GRID 2005: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, pp. 49–54. IEEE Computer Society, Washington, DC, USA (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gaaloul, K., Proper, E., Charoy, F. (2012). An Extended RBAC Model for Task Delegation in Workflow Systems. In: Niedrite, L., Strazdina, R., Wangler, B. (eds) Workshops on Business Informatics Research. BIR 2011. Lecture Notes in Business Information Processing, vol 106. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29231-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-29231-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29230-9
Online ISBN: 978-3-642-29231-6
eBook Packages: Computer ScienceComputer Science (R0)