Task-activity based access control for process collaboration environments

Collaborative systems enable organizations to communicate, interact and cooperate with each other to achieve their business goals. Access control is an important security mechanism for organizations to protect their resources in collaborative environments. Many access control models and mechanisms have been proposed for collaborative systems. However, under the new collaborative paradigm based on Web services and workflow technologies, some specific access control requirements should be addressed to support the various process collaboration patterns. In this paper, we present a task-activity based access control (TABAC) model for process collaboration environments. In TABAC, business process is composed by activities and dynamic permissions are related to tasks. Task permissions can be dynamically assigned to processes during the interaction of activities. A SOAP based interaction protocol is also proposed to transmit task permissions between processes. Finally, we describe the implementation of TABAC model in workflow management system which conforms to the XACML and WS-BPEL specifications.