Automated generation of access control policies in cross-organizational workflow
First Claim
1. A method for controlling an interaction of a plurality of participants in a workflow process of a network system, the method comprising:
- classifying a plurality of activities as a first type, a second type or a third type;
generating a control policy based on the type of activity; and
applying the control policy to determine whether a requesting participant is permitted to interact with a responding participant, wherein the activity of the requesting participant precedes the activity of the responding participant in the workflow process.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system to control an interaction of a plurality of participants in a workflow process. The method classifies the plurality of activities as (1) first activity of the workflow process, (2) first activity of a participant in an on-going workflow process, and (3) interaction activity. A set of access control policies is generated for each type of activity. The policies include workflow initialization policy, participation policy and interaction policies. The policies determine if a requesting participant is permitted to interact with a responding participant. In addition, the system includes a policy enforcement point for receiving a request from a requesting participant, wherein the request is for activating an activity of a responding participant. The policy enforcement point forwards the request to a policy decision point where the request is evaluated based on the set of access control policies.
-
Citations
28 Claims
-
1. A method for controlling an interaction of a plurality of participants in a workflow process of a network system, the method comprising:
-
classifying a plurality of activities as a first type, a second type or a third type;
generating a control policy based on the type of activity; and
applying the control policy to determine whether a requesting participant is permitted to interact with a responding participant, wherein the activity of the requesting participant precedes the activity of the responding participant in the workflow process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network system for controlling an interaction of a plurality of participants in a workflow process, the system comprising:
-
means for classifying a plurality of activities as a first type, a second type or a third type;
means for generating a control policy based on the type of activity; and
means for applying the control policy to determine whether a requesting participant is permitted to interact with a responding participant, wherein the activity of the requesting participant precedes the activity of the responding participant in the workflow process. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A machine-readable medium comprising instructions, which when executed by a machine, cause the machine to perform a system to delegate an access authority for accessing a protected resources, the method comprising:
-
classifying a plurality of activities as a first type, a second type or a third type;
generating a control policy based on the type of activity; and
applying the control policy to determine whether a requesting participant is permitted to interact with a responding participant, wherein the activity of the requesting participant precedes the activity of the responding participant in the workflow process. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A workflow management system for controlling an interaction of a plurality of participants in a workflow process, the system comprising
a policy enforcement point to accept a request for activating an activity of a responding participant; - and
a policy decision point to evaluates the request based on a set of access control policies.
- and
Specification