Databases Reference
In-Depth Information
that a workflow instance can complete successfully given availability of human
resources. Similar to [3], the modified workflow authorization consistency pro-
cess, given all the conditions and constraints, consists of a static phase where
temporal and value-based conditions are examined for overlaps. Where there
are overlaps, consistency is checked such that a user is not both in the set of
users who can perform a task and in the set of users restricted from perform-
ing a task. A planning graph is created with all conditions included that need
to be checked at run-time (temporal and value-based conditions). At run-time
users are assigned to tasks who meet the conditions. If they have submitted
delegations, the delegations are evaluated and final assignments are made.
6 Conflict-of-Interest
Execution of inter-organization workflows may raise a number of security is-
sues including conflict of interest among competing organizations, especially
when they are executed by mobile software agents without using a centralized
control flow. In such a decentralized environment, the entire workflow is sent
to the first task execution agent which executes its task and then sends the re-
maining workflow to the next task execution agent. The workflow moves from
agent to agent as the workflow progresses. If the task execution agents belong
the the same conflict of interest group, knowledge may be passed to them
that would give one or more agents an unfair advantage over other agents.
The Chinese wall policy for information flow in a commercial sector, proposed
by Brewer and Nash [13], states that information flow from one company to
another that cause conflict of interest for individuals within these organization
should be prevented. The policy enforced is that people are allowed access to
information not in conflict with any other information that they already pos-
sess. The company information is categorized into mutually disjoint conflict
of interest classes. The following example illustrates the problem.
Example 5.
Consider a business travel planning process that makes reserva-
tions for a flight, hotel and rental car. The workflow that depicts the travel
agent process (shown in figure 5 consists of the tasks:
T
1
: Input travel infor-
mation,
T
2
: Reserve a ticket with Continental Airlines,
T
3
:if
T
2
fails or if the
ticket costs more than $400, reserve a ticket with Delta Airlines,
T
4
:ifthe
ticket at Continental costs less than $400 or if the reservation at Delta fails,
purchase the ticket at Continental,
T
5
: if Delta has a ticket, purchase it at
Delta,
T
6
: Reserve a room at the Sheraton if there is a flight reservation, and
T
7
: Rent a car at Hertz. Such a process are not unusual where users can set a
maximum price and preferences for airlines possibly because of frequent flyer
perks.
Assume that each task is executed by the appropriate agent (e.g.,
T
2
by
Continental,
T
3
by Delta, etc.). Now consider the dependencies between
T
2
and
T
3
or between
T
4
. If a mobile agent is used to execute the workflow, after
