Computer Science and Information Systems 2018 Volume 15, Issue 1, Pages: 1-30
https://doi.org/10.2298/CSIS160628037M
Full text ( 461 KB)
Cited by


Context-sensitive constraints for access control of business processes

Milosavljević Gordana ORCID iD icon (Faculty of Technical Sciences, Novi Sad)
Sladić Goran ORCID iD icon (Faculty of Technical Sciences, Novi Sad)
Milosavljević Branko ORCID iD icon (Faculty of Technical Sciences, Novi Sad)
Zarić Miroslav (Faculty of Technical Sciences, Novi Sad)
Gostojić Stevan ORCID iD icon (Faculty of Technical Sciences, Novi Sad)
Slivka Jelena (Faculty of Technical Sciences, Novi Sad)

Workflow management systems (WfMS) are used to automate and facilitate business processes of an enterprise. To simplify the administration, it is a common practice in many WfMS solutions to allocate a role to perform each activity of the process and then assign one or more users to each role. Typically, access control for WfMS is role-based with a support of constraints on users and roles. However, merely using role and constraints concepts can hardly satisfy modern access control requirements of a contemporary enterprise. Permissions should not solely depend on common static and dynamic principles, but they must be influenced by the context in which the access is requested. In this paper, we focus on the definition and enforcement of the context-sensitive constraints for workflow systems. We extended the common role-based constraints listed in literature with context-sensitive information and workflow specific components. Also, we propose a mechanism for enforcing such constraints within WfMS.

Keywords: constraints, separation of duty, access control, context-sensetive, business process