Complex composite applications like Web applications, large scale enterprise resource planning systems (ERP) and business processes often require the integration of different enterprise applications.
These enterprise applications usually comprise self-contained sub-applications or sub-activities and are integrated by specifying an overarching workflow, in which these components are used. Typically, a workflow in this case consists of Web services, or, more generally, independent activities or tasks, which are either executed by a user or automatically invoke an external service. The activities may be combined sequentially or alternatively. Sequentially means that all activities will be executed in sequence and alternatively means that the workflow may be split in two or more branches, from which one branch may be chosen during execution, according to a given condition.
Each sub-application, activity or task may enforce its own security policy. Requests resulting from the execution of composite applications might be authorised by some sub-activities but will be rejected by others, depending on the authorisation of a particular user. Workflow executions might be aborted. This may cause transaction rollbacks or compensating actions, often involving a high cost in terms of computing resources or data storage. Unsuccessful executions should therefore be blocked right from the beginning for the sake of efficiency and security.
However, it can be useful to consider a single user scheme separately for example in order to assign the responsibility for a certain task (in terms of work that has to be done) to a trustful employee or to reduce workload on the staff by having one person do the whole workflow.
For the execution of this whole workflow it is necessary that each of the referenced activities performs autonomous access control according to its underlying policies. In order to provide this service by performing an early-filtering of the requests, a consolidated view onto the access control of workflows or general composite applications is needed.
Thereby, two different perspectives onto the security configuration of a composite application can be identified. From the security officer's point of view, access control should be defined as tight as possible to avoid security vulnerabilities. Too restrictive policies on the other hand can hinder legitimate users to execute the application which contradicts the process-centred viewpoint of the application developer.
In this case it would be more efficient to execute the access control only once at the workflow level instead of leaving this task up to each individual Web service. The user may then be authorised to execute all activities belonging to the workflow and no further checking is required. Therefore, a consolidated policy is required that is tailored to the functionality of the composite application.