abstract

Many workflow management systems have been developed to enhance the performance of workflow executions. The authorization policies deployed in the system may restrict the task executions. The common authorization constraints include role constraints, Separation of Duty (SoD), Binding of Duty (BoD) and temporal constraints. This paper presents the methods to check the feasibility of these constraints, and also determines the time durations when the temporal constraints will not impose negative impact on performance. Further, this paper presents an optimal authorization method, which is optimal in the sense that it can minimize a workflow’s delay caused by the temporal constraints. The authorization analysis methods are also extended to analyze the stochastic workflows, in which the tasks’ execution times are not known exactly, but follow certain probability distributions. Simulation experiments have been conducted to verify the effectiveness of the proposed authorization methods. The experimental results show that comparing with the intuitive authorization method, the optimal authorization method can reduce the delay caused by the authorization constraints and consequently reduce the workflows’ response time.

7. Conclusions

This paper investigates the issue of feasibility checking for authorization constraints deployed in workflow management systems. In this paper, the feasibility checking problem is modeled as a constraint satisfaction problem. Further, this paper presents the method to determine the time durations when the deployed temporal constraints do not have negative impact on performance of workflow executions. Moreover, an optimal method is proposed to authorize a workflow, so that the delay caused by the authorization constraints for the workflow executions is minimized. The proposed analysis methods are further extended for the stochastic workflows. The simulation experiments show that the effectiveness of the proposed authorization methods.