AutoWF - A secure Web workflow system using autonomous objects

Workflow management systems (WFMS) automate business processes where information flows between individuals. WFMS have two major implications for security: First, since the description of a workflow process explicitly states when which function is to be performed by whom, security specifications may be derived from such descriptions and translated into static role-based specifications. Second, since the WFMS is to be operated on the Web using web agents, dynamic and individual security rules must be enforced. AutoWF includes both types of security policies. AutoWF is implemented on top of a powerful software foundation - autonomous objects. Both general workflow management tasks and specific functional tasks are implemented as autonomous objects distributed over the Internet. This paper surveys some of the concepts on which the system is based, it then concentrates on the design and architectural issues of the AutoWF system, and finally we present some implementation examples.