中文摘要：

基于角色的访问控制是提高工作流系统安全的重要机制和方法,然而现有模型并未将工作流中任务进一步细化为一系列活动。本文提出的RABAC for Workflow模型将授权的粒度降低至活动状态层次,增强了访问控制的灵活性和工作流系统的安全性,并满足＂最小权限原则＂和＂职责分离原则＂。采用UML进行可视化工程建模,进一步缩短了理论模型和实际应用系统开发之间的差距。应用实例表明所提出模型与可视化建模方法的安全性和有效性。

英文摘要：

Role-based access control is an important mechanism and approach to improving the security of workflow system,whereas related models have not referring to the refinement of a workflow task into a series of activities.A Role-Activity Based Access Control for Workflow decreases the authorization granularity into a level of activity status,and improves the access control flexibility and workflow system security,achieving the two principles of ＂Least Privilege＂ and ＂Separation of Duties＂.And the visual engineering modeling by UML further shortens the gap between the theoretical model and application developments.An application case denotes that the proposed model and visual modeling method is secure and valid.