Workflows model and control the execution of business processes in an organization. A workflow typically comprises of a set of coordinated activities, known as tasks. Typically, organizations establish a set of security policies, that regulate how the business process and resources should be managed. While a simple policy may specify which user (or role) can be assigned to execute a task, a complex policy may specify authorization constraints, such as separation of duties. Users may delegate the tasks assigned to them. Often such delegations are short-lived and come into play when certain conditions are satisfied. For example, a user may want to delegate his task of check approval only when going on vacation, when a check amount is less than a certain amount, or when his workload exceeds a certain limit.In this paper, we extend the notion of delegation to allow for such conditional delegation, where the delegation conditions can be based on time, workload and task attributes. When workflow systems entertain conditional delegation, different types of constraints come into play, which include authorization constraints, role activation constraints and workflow dependency requirements. We address the problem of assigning users to tasks in a consistent manner such that none of the constraints are violated.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Nabil R. Adam , Vijayalakshmi Atluri , Wei-Kuang Huang, Modeling and Analysis of Workflows Using Petri Nets, Journal of Intelligent Information Systems, v.10 n.2, p.131-158, March/April 1998  [doi>10.1023/A:1008656726700]
	2	V. Atluri, E. Bertino, E. Ferrari, P. Mazzoleni, Supporting Delegation in Secure Workflow Management Systems. In IFIP WG 11.3 Conference on Data and Application Security, August 2003.
	3	E. Barka and R. Sandhu. Framework for role-based delegation model. In Proceedings of 23rd National Information Systems Security Conference, pages 101-- 114, October 2000.
	4	Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
	5	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001  [doi>10.1145/501978.501979]
	6	S. K. Chang(1) , Giuseppe Polese(2) , Roshan Thomas (3) , Souvik Das(3), A Visual Language for Authorization Modeling, Proceedings of the 1997 IEEE Symposium on Visual Languages (VL '97), p.110, April 23-26, 1997
	7	D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proc. IEEE Symposium on Security and Privacy, pages 184--194, Oakland, California, April 1987.
	8	James Clifford , Abdullah Uz Tansel, On an algebra for historical relational databases: two views, Proceedings of the 1985 ACM SIGMOD international conference on Management of data, p.247-265, May 1985, Austin, Texas, United States
	9	M. Gasser and E. McDermott. An architecture for practical delegation of a distributed system. In Proc. IEEE Symposium on Security and Privacy, May 1990.
	10	Dimitrios Georgakopoulos , Mark Hornick , Amit Sheth, An overview of workflow management: from process modeling to workflow automation infrastructure, Distributed and Parallel Databases, v.3 n.2, p.119-153, April 1995  [doi>10.1007/BF01277643]
	11	D. Hollingsworth, Workflow reference model, Technical report WfMC-TC-1003, Workflow Management Coalition, January 1994.
	12	Ninghui Li , Benjamin Grosof , Joan Feigenbaum, A Practically Implementable and Tractable Delegation Logic, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.27, May 14-17, 2000
	13	J. W. Lloyd, Foundations of logic programming, Springer-Verlag New York, Inc., New York, NY, 1984
	14	Marek Rusinkiewicz , Amit Sheth, Specification and execution of transactional workflows, Modern database systems: the object model, interoperability, and beyond, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	15	R. Sandhu. Separation of Duties in Computerized Information Systems. In Database Security IV: Status and Prospects, pages 179--189, 1991.
	16	Yoav Shoham, Reasoning about change: time and causation from the standpoint of artificial intelligence, MIT Press, Cambridge, MA, 1988
	17	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role based delegation, Proceedings of the sixth ACM symposium on Access control models and technologies, p.153-162, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373289]
	18	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A role-based delegation framework for healthcare information systems, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507731]