Skip to Main Content
Access control, which is one of the most important aspects of security services, is becoming increasingly an important challenge in workflow management systems. However, the traditional models of access control, such as the role-based access control (RBAC), are static models without recognition of the dynamic environments in which the workflows are rooted. These context-independent models rarely can meet the requirements that the highly dynamic environments raise. In this paper, we regard authorization as a dynamic process instead of the traditional static view and take two contextual factors into account: (1) the state of related authorization processes; and (2) the state of related process instances. Then, we propose a Petri-net-based model as a practical solution to the context-sensitive access control on this basis.