Security considerations within the workflow environment

In the first article we introduced the various security concerns that should be carefully considered within a workflow system or co-operating workflow systems environment. We now take a look at issues around Authorisation, Straight Through Processing, Non repudiation, and Data Integrity.

The WfMC defines the authorisation process as the "process of identifying to the computer system the various functions which a user (human and potentially a computer system) may undertake". This attempts to limit the extent of the user`s interaction to simply that which they need to know in order to do their work. Within a workflow context, users are usually authorised to play a particular `role` as defined within the process definition(s), which in the past was determined by the process definer who ultimately controlled what happened to a particular workflow item and the user`s interaction with it.

Straight Through Processing (STP) In a bid to improve the integrity of workflow implementation, many process definers are now attempting to remove the human element from the workflow process, and along with it the potential for error or fraud, by implementing so-called `Straight Through Processing`, which involves system-to-system workflows, otherwise known as application-to-application (A2A) workflows. This then allows the human users to be freed from processing these mundane tasks and they can then concentrate their efforts on processing the exceptions generated by the A2A workflow. This form of workflow is often associated with enterprise application integration (EAI) and is now referred to as Business Process Management (BPM).

Further controls such as version control of process definitions are also now becoming commonplace, which allows changes to be made to a workflow definition, without overwriting the original definition. This allows process definers to dynamically modify existing processes, but provides transparent tracking in the event of any errors, deliberate or otherwise, in the authorisation process.

In certain workflow scenarios, particularly those supporting electronic trading of some variety, there may be a requirement for the non-repudiation of the originator`s message. This is to assure the recipient of the message (or workflow item) that the originator cannot deny the validity of the workflow item (or business transaction) that he or she has initiated.

The need for this arises in situations such as e-business sites on the Internet, where online orders might be placed via a workflow system, or in paperless supply chain environments where electronic requests are made. In these situations, Public Key techniques are used to ensure adequate proof of origin, and Private Key techniques provide privacy and assurance between the transacting parties.

Associated data integrity services ensure that the data transferred between the parties has not been modified in any way during the process of transfer. Strong data integrity will usually rely on cryptographic algorithms applying a message hash, for example, computed by a strong one-way algorithm. These message hashes, when associated with a public or private key, ensure that it is impossible for the data to be changed in any way during transit, since verification of the message hash is done via additional algorithms upon arrival at the target machine using the associated key.

This level of data integrity is usually only applied in certain very sensitive areas of workflow, for example in the financially-oriented workflow contexts, where the integrity of data travelling between parties is critical.

Any security system, according to the WfMC, which relies on passwords, cryptographic keys or similar systems, will require a security administration domain providing mechanisms for the allocation, distribution, secure storage and, in due course, replacement of the passwords or keys. The main problematic area here is that of key distribution between the parties where cryptographically based security services are required in the context of workflow interoperability.

However, as the WfMC points out: "Where secure, interoperable workflow systems are established, it is reasonable to assume that such internetworking will be as the result of an agreed business process between the parties, within which such security provisions will be agreed and actioned."