| Security in Web-Based Workflow Management Systems (2008) | |||||||||||||||
Abstract | |||||||||||||||
| Web-based workflows are increasingly becoming a viable choice for workflows that span multiple organizations. Until recently, Web technology has not been terribly secure. However, by utilizing appropriate encryption algorithms, digital signatures and access control (role-based/multilevel security), Web-based Workflow Management Systems can be made secure. Since these systems include many subsystems (Operating System, Database System, etc.) and may involve multiple organizations, complete security solutions are enormously complex. In this paper, we sort out some of the more promising security alternatives and organize them into a security architecture suitable for Web-based work ows. Research issues addressed include how to provide convenient, yet reliable workflow-wide authentication, how to share data objects which are under different authorizations, how to combine role-base access control and multilevel security, and how to provide high security without significantly reducing performance of a distributed WfMS. This security architecture is being implemented by enhancing the METEOR/WebWork Web-based Workflow Management System developed in the LSDIS lab at the University of Georgia to provide a testbed for comparing the alternatives presented in the paper. | |||||||||||||||
Publication details | |||||||||||||||
| |||||||||||||||