Context-sensitive constraints for access control of business processes

Abstract

© 2018, ComSIS Consortium. All rights reserved. Workflow management systems (WfMS) are used to automate and facilitate business processes of an enterprise. To simplify the administration, it is a common practice in many WfMS solutions to allocate a role to perform each activity of the process and then assign one or more users to each role. Typically, access control for WfMS is role-based with a support of constraints on users and roles. However, merely using role and constraints concepts can hardly satisfy modern access control requirements of a contemporary enterprise. Permissions should not solely depend on common static and dynamic principles, but they must be influenced by the context in which the access is requested. In this paper, we focus on the definition and enforcement of the context-sensitive constraints for workflow systems. We extended the common role-based constraints listed in literature with context-sensitive information and workflow specific components. Also, we propose a mechanism for enforcing such constraints within WfMS.