When implementing a workflow on top of existing applications, for example legacy software, e.g. in the banking sector, there exists the requirement of full traceability of user actions in business processes that execute on top of a complex system of multiple backend components (cf. the Basel II accord).
Traceability means that certain events should not only be logged, they should also be non-repudiably logged and even more important, one should be able to backtrack every event to the user who originally launched that event.
In multi-layered systems with technical users, implementing traceability is not straightforward. A technical user is a piece of application logic that has the necessary rights to access (almost) all of the underlying resources. One example is a connection to a database with administrator rights. Access control to the underlying resources, for example the database tables, is then managed by controlling access to the technical user. The access control is thus shifted to a higher layer.
One possibility to implement the traceability requirement may be to pass the user context information as a variable between different processes. In other words, when an event occurs in the underlying resources, the technical user is logged, no information about the user who triggered the technical user is stored. This could be solved, at first sight, by passing the user as a parameter when calling the technical user, both the technical user and the user who triggered the technical user have to be transferred to achieve full traceability.
This may solve the basic traceability requirement, and may be the solution requiring the least effort. However, development resources may be required to adapt the whole code base.
Another possibility may be to inspect all exchanged messages and to store the relevant ones in an audit log. However, this incurs a run-time performance overhead to the application execution time. The advantage is that no adaptations at the code level are necessary.
Access control with certificates has been studied in the Akenti project (http://www-itg.lbl.gov/Akenti).