Role-based authorizations for workflow systems in support of task-based separation of duty

Duen-Ren Liu*, Mei Yu Wu, Shu Teng Lee

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

25 Scopus citations


Role-based authorizations for assigning tasks of workflows to roles/users are crucial to security management in workflow management systems. The authorizations must enforce separation of duty (SoD) constraints to prevent fraud and errors. This work analyzes and defines several duty-conflict relationships among tasks, and designs authorization rules to enforce SoD constraints based on the analysis. A novel authorization model that incorporates authorization rules is then proposed to support the planning of assigning tasks to roles/users, and the run-time activation of tasks. Different from existing work, the proposed authorization model considers the AND/XOR split structures of workflows and execution dependency among tasks to enforce separation of duties in assigning tasks to roles/users. A prototype system is developed to realize the effectiveness of the proposed authorization model.

Original languageEnglish
Pages (from-to)375-387
Number of pages13
JournalJournal of Systems and Software
Issue number3
StatePublished - 1 Nov 2004


  • Authorization management
  • Role-based access control
  • Separation of duty
  • Workflow system


Dive into the research topics of 'Role-based authorizations for workflow systems in support of task-based separation of duty'. Together they form a unique fingerprint.

Cite this