A dynamic workflow authorization method based on participant expression rules

The execution of workflow processes requires authorizations for enforcing the assignment of tasks to participants according to the security, functionality and management policies of an organization. A role-based authorization model is commonly adopted in most workflow systems and has become a research topic in the area of workflow. However, the existing role-based access control models cannot assign tasks to right participants according to the context in workflow activities. Therefore, this method lacks flexible and dynamic allotment capability and cannot meet the requirements of complex business processes during the runtime of workflow instances. In this paper a dynamic workflow authorization method based on participants´ expression rules is proposed. In the period of process modeling, this method, which applies some expression rules into the participant of each activity, can resolve the problem of dynamic authorization of the tasks during the runtime of workflow instances. The method also supports the least privilege policies and the policies of separation of duties, and achieves the definition of complex business processes, meanwhile enhances the flexibility of workflow participant definition. At last, the demonstration of reimbursement application process is also presented to testify the practicability and strong expression ability.