An authorization model for workflows

Abstract

Worldlows represent processes in manufacturing and office environments that typically consist ofseverai well-defined activities (known as tasks). To ensure that these tasks are executed by authorized users or processes (subjects), proper authorization mechanisms must be in place. Moreover, to make sure that authorized subjects gain access on the required objects only during the execution of the specific task, granting and revoking of privileges need to be synchronized with the progression of the workflow. A predefined specification of the privileges often allows access for more than the time required, thus, though a subject completes the task or have not yet begun the task, it may still possess privileges to access the objects, resulting in compromising security. In this paper, we propose a Workflow Authorization Model (WAM) that is capable of specifying authorizations in such a way that subjects gain access to required objects only during the execution of the task, thus synchronizing the authorization flow with the workttow. To achieve this synchronization, we associate an Authorization Template (AT) with each task, which allows appropriate authorizations to be granted only when the task starts and to revoke them when the task finishes. In this papert we also present a model of implementation based on Petri nets and show how this synchronization can be implemented. Because the theoretical aspects of Petri nets have been extensively studied and due to their strong mathematical foundation, a Petri net representation of an authorization model serves as a good tool for conducting safety analysis since the safety problem in the authorization model is equivalent to the teachability problem in Petri nets.