Conceptual Design of Secure Workflow Systems: An Object-Oriented Approach to the Uniform Modeling of Workflows, Organizations, and Security

This work has been finished in May 1998.

The conceptual design of workflow systems comprises the modeling of organizational processes, organization structures, and security requirements. We present a comprehensive, conceptual workflow model that is to be used in early phases of the design of workflow systems that have high demands on security. The workflow model follows a uniform object-oriented approach.

The processes of organizations need often be adapted to changed requirements in the business environments of organizations. We propose a novel schema architecture for the modeling of organizational processes. The so-called „two-schema architecture“ separates, according to its origin, knowledge on organizational processes into external knowledge, e.g., natural facts and law, and internal knowledge, i.e., organizational commitments. Since organizations have no influence on external knowledge – at least no direct influence -, most adaptions of organizational processes cause only changes to internal knowledge. The „two-schema architecture“ supports to a high degree the reuse of knowledge on organizational processes and eases the adaption of organizational processes to changed requirements in the business environments of organizations.

The structure of organizations is typically organized around business functions of organizations. The structure of modern organizations is organized around the processes of organizations. As a result, the vertical hierarchy of organizations is flattened. Typically, actors work in network-like groups, which may be easily adapted to changed requirements. We support the modeling of both forms of organization structures, i.e., hierarchies and networks.

The security requirements of organizational processes say to which actors authorizations can be issued, in which form particular authorizations must be represented (e.g., key cards), and how authorizations that have been issued to actors must be maintained. Basic security requirements for workflow systems are: (1) Accesses of actors that do not possess appropriate authorizations must be denied. (2) Authorizations that are in conflict with the security requirements of organizational processes must not be issued. We specify the security requirements of a workflow system in an authorization schema. A workflow management system can use such an authorization schema as a filter to exclude authorizations that are illegal wrt. the protection requirements of organizational processes from its authorization base.