JOURNAL OF SOFTWARE (JSW)
ISSN : 1796-217X
Volume : 1    Issue : 1    Date : July 2006

Collaboration Policies: Access Control Management in Decentralized Heterogeneous Workflows
Mine Altunay, Douglas E. Brown, Gregory T. Byrd and Ralph A. Dean
Page(s): 11-22
Full Text:
PDF (615 KB)


Abstract
Service-oriented computing promotes collaboration by defining the standards layer that allows
compatibility between disparate domains. Workflows, by taking advantage of the service oriented
framework, provide the necessary tools to harness services in order to tackle complicated
problems. As a result, a service is no longer exposed to a small pre-determined homogeneous
pool of users; instead it has a large, undefined, and heterogeneous pool of users. This paradigm
shift in computing results in increased service exposure. The interactions among the services of a
workflow must be carefully evaluated against the security risks associated with them. Classical
security problems, such as delegation of rights, conflict of interest, and access control in general,
become more complicated due to multiple autonomous security domains and the absence of pre-
established trust relationships among the domains. Our work tackles these problems in two
aspects: it provides a service owner with the necessary means to express and evaluate its trust
requirements from a workflow (collaboration policies), and it incorporates these trust requirements
into the workflow-planning framework (workflow authorization framework). Our policy-based
framework allows bilateral peer-level trust evaluations that are based on each peer’s collaboration
policies, and incorporates the outcome of these evaluations into the workflow planning logic. As a
result, our work provides the necessary tools for promoting multi-party ad-hoc collaborations, and
aims to reduce the reluctance and hesitation towards these collaborations by attacking the security
risks associated with them.

Index Terms
workflows, access control management, collaboration, heterogeneous, authorization