Databases Reference
In-Depth Information
Separation of Duty
- These are additional constraints associated with the
workflow to limit the abilities of agents to reduce the risk of fraud.
•
Delegation
Refers to the delegation of authority to execute a task.
•
Conflict-of-interest
- Refers to preventing the flow of sensitive information
flow among competing organizations participating in the workflow.
•
Safety analysis
- Refers to the analysis of studying the propagation of
authorizations from the current state. This helps in answering questions
such as whether a subject (user) can gain access to execute a task.
•
3 Workflow Authorization Model
A workflow deals with coordinated execution of tasks that involve processing
of each of the tasks in the workflow by executing agents (humans or programs).
To execute a task, relevant privileges on required objects have to be granted to
appropriate subjects. Agents authorized to execute a task should gain access
on the required objects only when the task is to be executed. Considering
once again example 1, an employee should not be able to change the prepared
claim after it has been approved by his supervisor. Atluri and Huang proposed
a Workflow Authorization Model (WAM) [5] that is capable of specifying
authorizations in such a way that subjects gain access to required objects only
during the execution of the task, thus synchronizing the authorization flow
with the workflow. To achieve this synchronization, WAM uses the notion
of an Authorization Template (AT) that can be associated with each task.
AT is comprised of the static parameters of the authorization that can be
defined during the design of the workflow. A task may have more than one
AT associated with it in the case where there is more than one type of object
to be processed or more than one executing agent needed to perform the task.
WAM dynamically assigns authorizations to support workflow activities in
a way that the time interval associated with the required authorization to
perform a task changes according to the time during which the task actually
executes. When the task starts execution, its AT(s) are used to derive the
actual authorization. When the task finishes, the authorization is revoked.
This is accomplished by placing an object hole in the AT.
A new authorization is granted to an executing agent only when an ob-
ject hole is filled with an appropriate object. Besides specifying authorizations
on tasks to specific individuals, alternatively, one may also specify them in
terms of roles. Roles represent organizational agents who perform certain job
functions. Users, in turn, are assigned to appropriate roles based on their qual-
ifications. Specifying authorizations on roles is not only convenient but reduces
the complexity of access control because the number of roles in an organiza-
tion is significantly smaller than that of users. Moreover, the use of roles as
authorization subjects (instead of users) avoids having to revoke and re-grant
authorizations whenever users change their positions and /or duties within
