摘要
在工作流管理系统中,数据在工作流任务中流动,执行任务的用户在变化,用户的权限也在变化,现有的授权方法不能很好地描述上述这种职责分离的状态。为此,提出了一个工作流授权约束模型。该模型在工作流应用语境中定义了角色层次函数、任务偏序关系和互斥任务,在此基础上给出了一个基于角色的工作流授权约束语言,它可以准确描述工作流系统的职责分离要求,表达静态、动态授权约束和授权的历史信息,同时,所得到的约束规则集规模相对较小,保证了一致性验证在时间和空间上的可行性。
The existing approaches of authorization constraints cannot describe the separation of duties well in the workflow management systems under which with the data movement from one task to next, and the change of task executors and users' access control at any moment. To solve this problem, a model of workflow authorization constraints was proposed. The role level function, the task partial relationship and the conflicting tasks in the context of workflow application were defined in the model. Based on the model, a language named role-task-based Workflow Authorization Language (WAL) was put forward to specify the workflow authorization constraints. The requests on the separation of duties in the workflow system could be correctly described by WAL. Static and authorized historical information could also be expressed. Meanwhile, the size of rules set obtained was relatively smaller. Finally the feasibility of the consistency validation in the time and the space was verified.
出处
《计算机集成制造系统》
EI
CSCD
北大核心
2005年第9期1312-1318,共7页
Computer Integrated Manufacturing Systems
基金
国家自然科学基金资助项目(60173006)
国家863/CIMS主题资助项目(2003AA118020)。~~
关键词
工作流
工作流管理系统
角色
授权约束
workflow
workflow management systems
role
authorization constraints
