Attribute and task based access control model for product development workflow

To satisfy the requirements of permission assignment and utilization in product development workflow, the attribute concept was taken as the base to define, assign and use permissions mapping to tasks in workflow. Followed by the definition of attribute in access control area and the summarization of properties of attribute, an attribute and task based access control model was presented, which included two important elements of process and task-step. A process on behalf of a user's work was taken as the direct subject of execute access, and a task-step concept included the information of task and its state was introduced to make the associated task-step matching be the prerequisite of permission use, which could use permissions in certain works for associating with tasks. A component named as obligation was defined for the implement mechanism to support some dynamic policies in permission administration. The application showed that the proposed model enhanced the control on permission utilizations and suited for access control in workflow for product development.