摘要
基于角色的访问控制(role based access control,RBAC)是软件系统中常用的授权机制,而工作流引擎中的核心授权单位是任务,使得RBAC难以应用在工作流系统中。文中在RBAC思想的基础上,通过对工作流资源边界的确立,将角色与工作流中的任务相关联来进行资源的访问控制与授权,很好地将RBAC融合进工作流,有效地避免了工作流建立自成体系的权限控制而增加系统复杂性,让同一目标对象的授权在工作流引擎内外得到统一。同时,对业务流程建模与标注(business process model and notation,BPMN)的元模型进行安全约束的扩展,以便于在流程图中准确地表达基于角色和任务的安全约束需求,为业务流程的表示与执行提供了良好的支持;最后,将这种扩展应用在了四川省某电力公司的合同与督查管理系统中,并对其具体业务流程的应用进行分析与验证。
The role based access control(RBAC) is a common authorization mechanism in software system,while task is the core authorization unit in workflowengine,which makes it hard to apply RBAC into workflowsystem.On the basis of RBAC,we connect the roles and the tasks in the workflowfor access control and authorization of resources by defining a resource boundary,which prevents effectively workflowfrom building a separate authorization control with increase of system complexity,and enables the authorization of the same object to be unified inside and outside the workflow.At the same time,we also extend the meta-model of business process modeling notation(BPMN) in secure constraint so as to accurately express the security constraint requirements based on roles and tasks in the flowchart,which provides a good support for the presentation and execution of business process.Finally,we apply this approach into a typical business process in a power supply company,which is analyzed and verified in specific business application.
出处
《计算机技术与发展》
2018年第3期146-149,共4页
Computer Technology and Development
基金
四川省教育自然科学重点课题(16ZA0422)
