Authorization and access control of application data in Workflow systems

S. Wu, A. Sheth, J. Miller, Z. Luo

Research output: Contribution to journalArticle

71 Citations (Scopus)

Abstract

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements.
LanguageEnglish
Pages71-94
Number of pages23
JournalJournal of Intelligent Information Systems
Volume18
Issue number1
DOIs
Publication statusPublished - Nov 2002

Fingerprint

Access control
Industry

Keywords

  • Workflow management system
  • authorization
  • access control
  • predicate-based access control
  • workflow process metadata-data
  • security
  • workflow repository

Cite this

Wu, S. ; Sheth, A. ; Miller, J. ; Luo, Z. / Authorization and access control of application data in Workflow systems. In: Journal of Intelligent Information Systems. 2002 ; Vol. 18, No. 1. pp. 71-94.
@article{0d6a6b3094b3455daf3e61658f3a0382,
title = "Authorization and access control of application data in Workflow systems",
abstract = "Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements.",
keywords = "Workflow management system, authorization, access control, predicate-based access control, workflow process metadata-data, security, workflow repository",
author = "S. Wu and A. Sheth and J. Miller and Z. Luo",
year = "2002",
month = "11",
doi = "10.1023/A:1012972608697",
language = "English",
volume = "18",
pages = "71--94",
journal = "Journal of Intelligent Information Systems",
issn = "0925-9902",
number = "1",

}

Authorization and access control of application data in Workflow systems. / Wu, S.; Sheth, A.; Miller, J.; Luo, Z.

In: Journal of Intelligent Information Systems, Vol. 18, No. 1, 11.2002, p. 71-94.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Authorization and access control of application data in Workflow systems

AU - Wu, S.

AU - Sheth, A.

AU - Miller, J.

AU - Luo, Z.

PY - 2002/11

Y1 - 2002/11

N2 - Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements.

AB - Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements.

KW - Workflow management system

KW - authorization

KW - access control

KW - predicate-based access control

KW - workflow process metadata-data

KW - security

KW - workflow repository

UR - http://www.cis.strath.ac.uk/research/publications/papers/strath_cis_publication_30.pdf

U2 - 10.1023/A:1012972608697

DO - 10.1023/A:1012972608697

M3 - Article

VL - 18

SP - 71

EP - 94

JO - Journal of Intelligent Information Systems

T2 - Journal of Intelligent Information Systems

JF - Journal of Intelligent Information Systems

SN - 0925-9902

IS - 1

ER -