Abstract
Businesses are continually striving to become more efficient. In an effort to
achieve optimal efficiency, many companies have been forced to re-evaluate the
efficiency of their business processes. Consequently, the term “business process
re-engineering” (BPR) has been given to the activity of restructuring organizational
policies and methods for conducting business. The refinement of business
processes is the primary motivation behind the development of automated work-
flow systems that ensure the secure and efficient flow of information between
activities and participants that constitute the business process.
A workflow is an automated business process that comprises a number of related
tasks. When these tasks are executed in a systematic way, they contribute
to the fulfilment of some goal. The order in which workflow tasks execute is of
great significance because these tasks are typically dependent on each other. A
workflow management system (WFMS) is responsible for scheduling the systematic
execution of workflow tasks whilst considering the dependencies that exist
between them.
Businesses are realizing the necessity of information management in the functioning
and general management of a company. They are recognizing the important
role that information security has to play in ensuring that accurate information
that is relevant is gathered, applied and maintained to enhance the company’s service
to its customers.
In a workflow context, information security primarily involves the implementation
of access control security mechanisms. These mechanisms help ensure that
task dependencies are coordinated and that tasks are performed by authorized subjects
only. In doing so, they also assist in the maintenance of object integrity.
TheWorkflow Authorization Model (WAM) was developed by Atluri and Huang
[AH96b, HA99] with the specific intention of addressing the security requirements
of workflow environments. It primarily addresses the granting and revoking
of authorizations in a WFMS. TheWAM satisfies most criteria that are required of
an optimal access control model. These criteria are the enforcement of separation
of duties, the handling of temporal constraints, a role-based application and the
synchronization of workflow with authorization flow. Some of these conditions
cannot be met through pure role-based access control (RBAC) mechanisms.
This dissertation addresses the delegation of task authorizations within a work-
flow process by subject roles in the organizational structure. In doing this, a role
may have the authority to delegate responsibility for task execution to another individual
in a role set. This individual may potentially belong to a role other than
the role explicitly authorized to perform the task in question. The proposed model
will work within the constraints that are enforced by the WAM. Therefore, the
WAM will play a part in determining whether delegation may be approved. This
implies that the delegation model may not override any dynamically defined security
constraints. The Delegation Authorization Model (DAM) proposed assists in
distributing workloads amongst subject roles within an organization, by allowing
subjects to delegate task responsibilities to other subjects according to restrictions
imposed by security policies. As yet, this area of research has not received much
attention.
Prof. M.S. Olivier