A delegation framework for task-role based access control in WFMS

Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, few discussions on delegation mechanisms for TRBAC are made. In this paper, a framework considering temporal constraints to improve delegation and help automatic delegation in TRBAC is presented. In the framework, the methodology for delegations requested from both users and WfMS is discussed. The constraints for delegatee selection such as delegation loop and separation of duty (SOD) are addressed. With the framework, a sequence of algorithms for delegation and revocation of tasks are constructed gradually. Finally, a comparison is made between our approach and the representative related works.