面向任务的工作流访问控制模型

在分析工作流对访问控制需求的基础上,提出了面向任务的工作流访问控制模型.该模型引入了授权任务概念,将执行任务需要的最小权限和执行任务的角色作为授权任务的属性,使角色和权限脱离关系.同时该模型定义了任务冲突关系,并在此基础上给出了动态授权约束规则,保证了组织安全策略的实施.面向任务的访问控制模型实现了授权流同工作流的同步,能够满足工作流访问控制对动态授权、最小权限和职责分离的要求.不同于已有的模型,该模型还通过角色和权限的分离解除了组织模型和工作流模型的耦合关系.

An Access Control Model for Task-Oriented Workflow

Analyzing what are required for the access control of workflow,an access control model for task-oriented workflow is put forward,in which the idea of authorized task in order to separate the relation between roles and permissions.An authorization task is introduced to make the executive roles in no relation to authority,where the authority least approved to execute a task and the role assigned to execute the task are both the attributes of task authorization.The model also defines the conflict relationship between different tasks,then gives the dynamic constraint rules on the authorization to ensure and enforce the implementation of security strategies.In this model,the authorization flow is synchronized with workflow so as to meet the access control' s requirements of dynamic authorization,authority least approved and separation of responsibility from duty.Differing from existing models,in the proposed model the separation of authority from executive role cancels the coupling of organizational model with workflow model.