| A Workflow Authorization Model Based on Credentials |
| |
| 引用本文: | XING Guang-lin HONG Fan CAI Hui. A Workflow Authorization Model Based on Credentials[J]. 武汉大学学报:自然科学英文版, 2006, 11(1): 198-202. DOI: 10.1007/BF02831731 |
| |
| 作者姓名: | XING Guang-lin HONG Fan CAI Hui |
| |
| 作者单位: | [1]College of Computer Science and Technology,Huazhong University of Science and Technology, Wuhan 430074, Hubei, China [2]Shenzhen Broadeast Television University, Shenzhen 518000, Guangdong, China |
| |
| 摘 要: | 0 IntroductionWoofrfkifcleo wau ttoypmicatailolyn ,re mpraensuefnatcstu rpirnogce sasneds imnavnoylve odth ienrsystems . The various activities in a workflowcan usually beseparatedinto well definedtasks .These tasks can be executedonly by users who were authorized.To ensure these tasks be-ing executed by authorized users ,proper authorization mecha-nisms ought to bein place.Kandala S presented a secure role-based workflow mod-els[1]based onthe well-known RBAC96 framework[2]. Theirmain contr…
|
| 关 键 词: | 工作流授权模式 存取控制 最小特权 信任 |
| 文章编号: | 1007-1202(2006)01-0198-05 |
| 收稿时间: | 2005-05-20 |
A workflow authorization model based on credentials |
| |
| Xing Guang-lin,Hong Fan,Cai Hui. A workflow authorization model based on credentials[J]. Wuhan University Journal of Natural Sciences, 2006, 11(1): 198-202. DOI: 10.1007/BF02831731 |
| |
| Authors: | Xing Guang-lin Hong Fan Cai Hui |
| |
| Affiliation: | (1) College of Computer Science and Technology, Huazhong University of Science and Technology, 430074 Wuhan, Hubei, China;(2) Shenzhen Broadeast Television University, 518000 Shenzhen, Guangdong, China |
| |
| Abstract: | A workflow authorization model based on credentials was proposesed. It can nicely satisfy the features that workflows in actual application should satisfying. This model uses access control list based on task state which nicely ensure synchronizing authorization flow with workflow; specifies authorization policy not only based on user identifiers but also based on user qualifications and characteristics; defines a set of constraint rules for a task and seek the eligible users to execute the task according to the type of each constraint rule which realize dynamic separation of duty; and realizes the access granularity of authorization ranging from objects to specific parts of objects which ensure the least privilege constraints much more better. |
| |
| Keywords: | credentials workflow authorization model |
| 本文献已被 CNKI 维普 万方数据 SpringerLink 等数据库收录! |
