CityU Institutional Repository >
Student Final Year Projects >
Computer Science - Undergraduate Final Year Projects >
Please use this identifier to cite or link to this item:
|Title: ||Authorization model in workflow management system|
|Authors: ||Lok, Hang Kin|
|Department: ||Department of Computer Science|
|Issue Date: ||2005|
|Supervisor: ||Dr. Kwok L F. First Reader: Dr. Wang Jiying. Second Reader: Dr. Chung Andy|
|Abstract: ||Authorization model is the foundation of every access control mechanism, which
defines relationship between users and permissions. Nowadays, there are existing
models designed for authorization, but most of them either inflexible or static in nature,
which means they never consider any dynamic determinant. So, in a workflow
environment, these kinds of authorization models fail to meet the collaborative and
In a collaborative environment (e.g. a workflow), different kinds of participants (e.g.
clerks and managers) work together to achieve an overall business goal. However,
before the ultimate target can be met, the participants would need to go through all
constituent tasks of the workflow. Since tasks dependencies may be defined, so, before
any user can be authorized by the system, the system must need to ensure all the task
dependencies are conflict-free (e.g. no deadlock), otherwise it is non-sense to authorize
an user to a workflow that will end up with deadlock situation. Furthermore, due to the
amount and kind of users involved in a workflow are large, so scalability and flexibility
are two of the crucial concerns. However, very few authorization models have
considered all these collaborative needs.
Also, most of the existing authorization models are not dynamic. That means they only
provide access control based on the permission setting defined in the build time, but
never consider any dynamic determinants (e.g. task dependencies) in the run time. To
maintain the least privilege rule, active security approach is required, which means
permissions will neither be granted “too early” nor revoked “too late” by synchronizing
users access right with task dependencies dynamically. So, the aim of this project is to
design and implement a dynamic authorization framework for workflow environment.
Furthermore, in order to help administrator to define a conflict-free workflow
environment for authorization, a workflow intelligent engine is developed.
At the end, graphs will be used to compare the number of steps saving in defining
different task dependencies (1-to-1, 1-to-many, many-to-1 and many-to-many) with and
without the use of the workflow intelligent engine. It is found that the intelligent engine
can achieve towards 100% step saving in defining tasks dependencies.|
|Appears in Collections:||Computer Science - Undergraduate Final Year Projects|
Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.