Specification and Modelling of Workflow Management Systems with State Based Access Control

Abstract

A Workflow is a collection of coordinated tasks designed to carry out a well-defined process. Work flows are ubiquitous in process management. The question we address in this thesis is how to specify and design verifiable work flows for such processes. To specify work flows, we borrow a simple algebraic notation from computer science. We illustrate the use of two algebraic specification languages: Pi-calculus and Calculus of Communicating Systems (CCS), through a series of typical work flow examples. We explore two areas of application for workflows: Education and E-governance. Building such systems remains a challenge: on the one hand, the systems are required to be open, whereas, on the other, there is the need to preserve and protect private and confidential information of potentially millions of users. This requires that systems carry clear specifications of how access to users’ documents are managed throughout an application’s work flow. We describe a modular, fine-grained, state-based model that can form the basis for specifying access control in e-governance service delivery workflows. The model consists of three layers: a data store, a workflow layer, and an access control layer. The data store consists of fields and forms. The work flow is specified as concurrent processes each representing a user. The access control layer specifies, for each user (process), the user’s view of the data store as determined by that user’s state in the work flow. Such modular specifications can guide the implementation and the verification of e-governance applications.We give a web-based prototype implementation for the model and show an example of an application generated by the implementation. This implementation differentiates access control from the workflow engine. However, we also show how access control can be modelled using Pi-calculus.