Injecting RBAC to secure a web-based workflow system

Gail-Joon Ahn, Ravi Sandhu, Myong Kang, Joon Park

Research output: Chapter in Book/Report/Conference proceedingChapter

75 Scopus citations


Web-based workflow systems have recently received much attention because they can support dynamic business processes over heterogeneous computing systems. Most existing web-based workflow systems, however, provide minimal security services such as authentication of users and network security. In this paper we describes an experiment in injecting role-based access control (RBAC) into an existing web-based workflow system. Specifically, we ensure that each task can only be executed by users belonging to a specific role. In order to achieve this, we define a simplified RBAC model to meet our needs and describe the security architecture to be applied to an existing web-based workflow system. We describe our implementation using commercial off-the-shelf (COTS) technology to demonstrate the feasibility of this approach. Our implementation uses X.509v3 certificates with role attribute, and employs a user-pull style where the client requests a client certificate from the role-server and presents it to the work-flow system. A major goal of our implementation is to have minimal changes to the existing web server and no changes to the browser. We also discuss alternative architecture such as server-pull with LDAP (Lightweight Directory Access Protocol).

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Workshop on Role-Based Access Control
Place of PublicationNew York, NY, United States
Number of pages10
StatePublished - 2000
Externally publishedYes
Event5th ACM Workshop on Role-Based Access Control (RBAC) - Berlin, Ger
Duration: Jul 26 2000Jul 27 2000


Other5th ACM Workshop on Role-Based Access Control (RBAC)
CityBerlin, Ger

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Injecting RBAC to secure a web-based workflow system'. Together they form a unique fingerprint.

Cite this