In this paper we analyze secure access control and rights management concerns in a typical public sector Workflow Management System which orchestrates the control flow of an inter-European judicial process. We have classified a set of topics, that have not been adequately addressed so far, in our opinion, in three different categories: i) deriving consistent access control policies for workflow tasks, ii) the temporal (short-term) provisioning of access rights with certificates, and iii) enforcing access control on workflow tasks, with a focus on inter-organizational workflows. We will analyze these different concerns in this paper, and propose specific solutions where appropriate. We have validated our work in a case study, closely related to the scenarios developed within the eJustice project, concerning an inter-organizational workflow regarding the issuing of rogatory letters and arrest warrants for the improvement of inter-European investigations and prosecutions
A secure public sector workflow management system
ACSAC 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA
Type:
Poster / Demo
City:
Tucson
Date:
2005-12-05
Department:
Sécurité numérique
Eurecom Ref:
1898
See also:
PERMALINK : https://www.eurecom.fr/publication/1898