A delegation framework for task-role based access control in WFMS

Hwai Jung Hsu*, Feng-Jian Wang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Access control is important for protecting information integrity in workflow management system (WfMS). Compared to conventional access control technology such as discretionary, mandatory, and role-based access control models, task-role-based access control (TRBAC) model, an access control model based on both tasks and roles, meets more requirements for modern enterprise environments. However, few discussions on delegation mechanisms for TRBAC are made. In this paper, a framework considering temporal constraints to improve delegation and help automatic delegation in TRBAC is presented. In the framework, the methodology for delegations requested from both users and WfMS is discussed. The constraints for delegatee selection such as delegation loop and separation of duty (SOD) are addressed. With the framework, a sequence of algorithms for delegation and revocation of tasks are constructed gradually. Finally, a comparison is made between our approach and the representative related works.

Original languageEnglish
Pages (from-to)1011-1028
Number of pages18
JournalJournal of Information Science and Engineering
Issue number3
StatePublished - 1 May 2011


  • Delegation
  • Separation of duty (SOD)
  • Task-role-based access control (TRBAC)
  • Time constraints
  • Workflow management system (WfMS)


Dive into the research topics of 'A delegation framework for task-role based access control in WFMS'. Together they form a unique fingerprint.

Cite this