A new role-based authorization model in a corporate workflow systems

Abstract

The Role Based Access Control (RBAC) model contains a structural representation of the enterprise organization, facilities for the administration of access control, and is extremely flexible. The traditional RBAC model can be applied to WorkFlow Management System (WFMS) well, but applying it causes some issues. Since the senior roles inherit all the permissions of the junior roles and all the permissions are accumulated for the top senior role, applying the traditional RBAC to WFMS does not meet the access control requirements: least privilege principle, Separation of Duty (SoD). This can cause problems with the misuse of rights and the opportunity to commit fraud. It can make it difficult to guarantee the integrity of the system. In order to solve these problems, we propose applying Restricted Permission Inheritance RBAC, called RPI-RBAC, to WFMS authorization. We evaluate the advantages and benefits of applying the RPI-RBAC model to WFMS authorization in design time and runtime. © Springer-Verlag 2004.