An authorization and access control model for workflow

A workflow is a coordinated arrangement of related tasks in an automated process, the systematic execution of which, ultimately achieves some goal. Workflow Management Systems (WFMSs) are becoming very popular and are being used to support many of the day to day workflows in large organizations. Workflow management systems are used for critical and strategic appications. Since, security is an essential and fundamental part of workflows, the workflow management system has to manage and execute the workflows in a secure way. Security, in a workflow context, involves the implementation of access control security mechanisms to ensure that tasks are performed by authorized subjects only. In this paper we propose a workflow authorization model capable of specifying authorization in such a way that subjects gain access to required objects only during the execution of the task. We build our model over the well known RBAC framework, and that in addition extends RBAC by including new rules in order to be adaptable with workflow context.