A paradigm for dynamic and decentralized administration of access control in workflow applications

Abstract

The administration of authorizations in modern Web-based computing environments has become a primary concern. Application security is characterized by a significant complexity, due to the large number of variations and combinations of objects and operations to be protected. Thus, there is a need for data, processes and context parameters, like time and location, to be combined into a security model that ensures correct decision-making for access. Moreover, access control must often be based on dynamic functional requirements that are capable of embedding the required context information to express application-level access control policies in new application domains, as for example Internet workflow applications. In this work a new paradigm of dynamic and decentralized administration of access control that is based on the DARBAC model is presented. DARBAC concerns access control for a wide-range of collaborative applications and aims to provide fine-grained and dynamic administration of authorizations. The presented implementation assumes Web-based applications to support enforcing of access control at a distributed platform level, and it demonstrates in a step-by-step basis the construction of DARBAC components and their management during run-time. © 2006 International Federation for Information Processing.