AW-RBAC: Access Control in Adaptive Workflow Systems

Flexibility is one of the key challenges for work-flow systems nowadays. Typically, a work-flow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using Role-Based Access Control (RBAC) models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running work-flow instance.