东北大学学报(自然科学版) ›› 2008, Vol. 29 ›› Issue (3): 387-390+432.DOI: -

• 论著 • 上一篇    下一篇

面向任务的工作流访问控制模型

魏永合;王成恩;舒启林;马明旭;   

  1. 东北大学机械工程与自动化学院;东北大学流程工业综合自动化教育部重点实验室;东北大学流程工业综合自动化教育部重点实验室;东北大学流程工业综合自动化教育部重点实验室 辽宁 沈阳 110004;辽宁 沈阳 110004;辽宁 沈阳 110004;辽宁 沈阳 110004
  • 收稿日期:2013-06-22 修回日期:2013-06-22 出版日期:2008-03-15 发布日期:2013-06-22
  • 通讯作者: Wei, Y.-H.
  • 作者简介:-
  • 基金资助:
    总装备部装备预研基金计划项目(9140A18010106LN0101);;

An access control model for task-oriented workflow

Wei, Yong-He (1); Wang, Cheng-En (2); Shu, Qi-Lin (2); Ma, Ming-Xu (2)   

  1. (1) School of Mechanical Engineering and Automation, Northeastern University, Shenyang 110004, China; (2) Key Laboratory of Integrated Automation of Process Industry, Northeastern University, Shenyang 110004, China
  • Received:2013-06-22 Revised:2013-06-22 Online:2008-03-15 Published:2013-06-22
  • Contact: Wei, Y.-H.
  • About author:-
  • Supported by:
    -

摘要: 在分析工作流对访问控制需求的基础上,提出了面向任务的工作流访问控制模型.该模型引入了授权任务概念,将执行任务需要的最小权限和执行任务的角色作为授权任务的属性,使角色和权限脱离关系.同时该模型定义了任务冲突关系,并在此基础上给出了动态授权约束规则,保证了组织安全策略的实施.面向任务的访问控制模型实现了授权流同工作流的同步,能够满足工作流访问控制对动态授权、最小权限和职责分离的要求.不同于已有的模型,该模型还通过角色和权限的分离解除了组织模型和工作流模型的耦合关系.

关键词: 任务, 工作流, 访问控制, 授权约束, 职责分离

Abstract: Analyzing what are required for the access control of workflow, an access control model for task-oriented workflow is put forward, in which the idea of authorized task in order to separate the relation between roles and permissions. An authorization task is introduced to make the executive roles in no relation to authority, where the authority least approved to execute a task and the role assigned to execute the task are both the attributes of task authorization. The model also defines the conflict relationship between different tasks, then gives the dynamic constraint rules on the authorization to ensure and enforce the implementation of security strategies. In this model, the authorization flow is synchronized with workflow so as to meet the access control s requirements of dynamic authorization, authority least approved and separation of responsibility from duty. Differing from existing models, in the proposed model the separation of authority from executive role cancels the coupling of organizational model with workflow model.

中图分类号: