Abstract

According to the weaknesses of the traditional access control technology for web service integration, and the implement technology of access control in the BPEL-based process. On the basis of traditional RBAC, TBAC and security workflow model, we propose a role and task-based access control model (RTBAC), whose architecture is not user-role-permission but user-role-task-permission, and which adds periodic time and task weight constraint mechanism. The basic concepts of RTBAC and formalization description are introduced and analyzed; moreover the mapping from the BPEL-based process to RTBAC was implemented in this paper. The RTBAC from the tasks in services, and dynamically manage the permissions through tasks and task instances' status, which permissions' status will be changed dynamically with the execution of task instance. The RTBAC can meet the need to manage and enforce the strong and efficient access control technology in large-scale web services integration.

Paper Details