Ricardo Martinho, Dulce Domingos, António Rito-Silva



Workflow technology represents nowadays significant added value to organizations that use information systems to support their business processes. By their nature, workflows support the integration of different information systems. As organizations use workflows increasingly, workflows manipulate more valuable and sensitive data. Either by interoperability issues or by the value of data manipulated, a workflow may present several and distinct authentication requirements. Typically, information systems deal with their authentication requirements once, within their authentication process. This strategy cannot be easily applied to workflows since each workflow activity may present its own authentication requirements. In this paper we identify authentication requirements that workflows present and we propose to meet these requirements by incorporating authentication constraints into workflow authorization definitions. With this purpose, we extend a generic Role-Based Access Control (RBAC) model and we define an access control algorithm that supports and enforces authorization decisions constrained by authentication information.


  1. Bertino, E., Ferrari, E., and Atluri, V. (1999). The Specification and Enforcement of Authorization Constraints in Workflow Management Systems. ACM Trans. Inf. Syst. Secur., 2(1):65-104.
  2. Beznosov, K. (1998). Requirements for access control: Us healthcare domain. In RBAC 7898: Proceedings of the third ACM workshop on Role-based access control, page 43, New York, NY, USA. ACM Press.
  3. Casati, F., Castano, S., and Fugini, M. (2001). Managing workflow authorization constraints through active database technology. Information Systems Frontiers, 3(3):319-338.
  4. Casati, F., Castano, S., and Fugini, M. G. (1998). Enforcing workflow authorization constraints using triggers. Journal of Computer Security, 6(4):257-285.
  5. Ferraiolo, D. F., Sandhu, R. S., Gavrila, S. I., Kuhn, D. R., and Chandramouli, R. (2001). Proposed NIST Standard for Role-based Access Control. Information and System Security, 4(3):224-274.
  6. Hung, P. C. K. and Karlapalem, K. (2003). A secure workflow model. In CRPITS 7803: Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003, pages 33-41, Darlinghurst, Australia, Australia. Australian Computer Society, Inc.
  7. Kandala, S. and Sandhu, R. (2002). Secure Role-Based Workflow Models. In DAS'01: Proceedings of the fifteenth Annual Working Conference on Database and Application Security, pages 45-58, Niagara, Ontario, Canada. Kluwer Academic Publishers.
  8. Kent, S. T. and Millett, L. I., editors (2003). Who goes There? Authentication Through the Lens of Privacy. National Academies Press, Washington, DC, USA.
  9. Moodahi, I., Gudes, E., Lavee, O., and Meisels, A. (2004). A Secure Workflow Model Based on Distributed Constrained Role and Task Assignment for the Internet. In ICICS'04: Proceedings of the sixth International Conference on Information and Communications Security, pages 171-186, Malaga, Spain. Springer-Verlag.
  10. Muehlen, M. Z. (2004). Organizational Management in Workflow Applications - Issues and Perspectives. Inf. Tech. and Management, 5(3-4):271-291.
  11. OASIS (2005). SAML V2.0 Executive Overview. Technical report, Organization for Advancement of Structured Information Standards.
  12. Samarati, P. and di Vimercati, S. D. C. (2000). Access Control: Policies, Models, and Mechanisms. In FOSAD 7800: Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design, pages 137-196, Bertinoro, Italy. Springer-Verlag.
  13. Tzelepi, S. and Pangalos, G. (2001). A flexible access control model for multimedia medical image security. In PCM 7801: Proceedings of the Second IEEE Pacific Rim Conference on Multimedia, pages 1030-1035, Beijing, China. Springer-Verlag.
  14. Wang, L., Wei, L., Liao, X., and Wang, H. (2004). AT-RBAC: An Authentication Trustworthiness-Based RBAC Model. In GCC Workshops, pages 343-350, Wuhan, China. Springer-Verlag.
  15. Workflow Management Coalition (1999). Terminology & Glossary. Technical report, Workflow Management Coalition.

Paper Citation

in Harvard Style

Martinho R., Domingos D. and Rito-Silva A. (2006). SUPPORTING AUTHENTICATION REQUIREMENTS IN WORKFLOWS . In Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-972-8865-43-6, pages 181-188. DOI: 10.5220/0002465701810188

in Bibtex Style

author={Ricardo Martinho and Dulce Domingos and António Rito-Silva},
booktitle={Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
SN - 978-972-8865-43-6
AU - Martinho R.
AU - Domingos D.
AU - Rito-Silva A.
PY - 2006
SP - 181
EP - 188
DO - 10.5220/0002465701810188