在目前競爭激烈的企業環境下，快速的整合企業流程是非常重要的。服務導向架構即是針對此需求而產生的一種架構模型。採用服務導向架構來建構工作流程管理系統，透過與Web services的組合，可輕易的將異質系統作整合。克服在分散式系統中，造成整合困難的情形。由於工作流程系統在執行的過程中，會對某些資料進行存取。為了避免重要的資料被他人所竊取，加入了存取控制的機制來保護重要的資料。
本論文提出一種架構，針對在服務導向架構下達到動態存取控制。由於在工作流程處理邏輯中，會受到流程控制影響其流程的運作。針對此一特性，我們將工作流程的動態行為作描述。透過一轉換的程式，產生一個新的工作流程系統，可以動態地調整存取控制策略。在不更動到工作流程的整體結構下，產生其存取控制的策略，達到資料保護的目的。

It is very important to integrate business processes rapidly in the current competitive business environment. Service-oriented architecture is a structure model for this needs. Service-oriented architecture is used to construct a workflow management system through a combination of Web services can be easily be integrated heterogeneous systems. It overcomes the integrated problem in a distributed system. Because the workflow system executions in the process, certain information will be accessed. In order to avoid important information being stolen by others, and we join the access control mechanism to protect important information.
This paper proposes a framework for service-oriented architecture to achieve dynamic access control. Because the workflow process logic, process control will be affected the operation of its processes. We describe the dynamic behavior of the workflow for the feature. Through a conversion program to generate a new workflow system that can dynamically adjust the access control policy. It doesn’t change the overall structure of the workflow, and the production of the policy can achieve the purpose of data protection.

[1]. Hao He. “What is Service-Oriented Architecture”, September 2003, http://www.xml.com/lpt/a/ws/2003/09/30/soa.html.
[2]. W3C, “Web Services Architecture”, W3C Working Group Note, 11 February 2004, http://www.w3.org/TR/ws-arch/.
[3]. W3C, “Web Services Description Language (WSDL) 1.1”, W3C Note, 15 March 2001, http://www.w3.org/TR/wsdl.
[4]. W3C, “SOAP Version 1.2 Part 1: Messaging Framework (Second Edition)”, W3C Recommendation, 27 April 2007, http://www.w3.org/TR/soap12-part1/#intro.
[5]. OASIS, “UDDI Version 3.0.2”, UDDI Spec Technical Committee Draft, Dated 20041019, http://uddi.org/pubs/uddi_v3.htm.
[6]. W3C, “Extensible Markup Language (XML) 1.0 (Fifth Edition)”, W3C Recommendation, 26 November 2008, http://www.w3.org/TR/2008/REC-xml-20081126/.
[7]. OASIS, “Web Services Business Process Execution Language 2.0”, OASIS Standard, April 2007, http://www.oasis-open.org/committees/wsbpel.
[8]. Satish Thatte, “XLANG: Web Services for Business Process Design”, 2001.
[9]. Dr. Frank Leymann, “Web Service Flow Language (WSFL 1.0)”, May 2001.
[10]. Ravi Sandhu, David Ferraiolo and Richard Kuhn. “The NIST Model for Role-Base Access Control: Towards A Unified Standard”.
[11]. OASIS, “eXtensible Access Control Markup Language (XACML) Version 2.0”, OASIS Standard, 1 February 2005, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
[12]. W3C, “XQuery 1.0: An XML Query Language”, W3C Recommendation 23 January 2007, http://www.w3.org/TR/xquery/.
[13]. M. H. Harrison, W. L. Ruzzo, and J. D. Ullman, “Protection in Operating Systems”, Communications of the ACM, vol. 19, no. 8, pp. 461-471, 1976.
[14]. Roshan K. Thomas and Ravi S. Sandhu, “Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management”, Proceedings of the IFIP WG11.3 Workshop on Database Security, 1997.
[15]. Gabriel Lopez, Oscar Canovas and Antonio F. Gomez-Skarmeta, “Use of XACML Policies for a Network Access Control Service”, In Proceedings 4th International Workshop for Applied PKI, IWAP 2005, pp. 111–122. IOS Press, Amsterdam (2005).
[16]. Christian Wolter, Christian Weiβ, Christoph Meinel, “An XACML Extension for Business Process-centric Access Control Policies”, Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, 2009.
[17]. Diala Abi Haidarm, Nora Cuppens-Boulahia, Frederic Cuppens, Herve Debar, “An Extended RBAC Profile of XACML”, Proceedings of 2006 ACM Secure Web Services Workshop (SWS), Fairfax, VA, USA, November, 2006.
[18]. Hui Xie, Bin Zhang, Dianyou Hu, “A Role-based Dynamic Authorization Model and its Implementation in PMI”, Proceedings of the 2008 International Conference on Computer Science and Software Engineering, IEEE, pp. 661-664, 2008.
[19]. Federica Paci, Elisa Bertino, Jason Crampton, “An Access-Control Framework for WS-BPEL”, International Journal of Web service Research, Volume 5, Issue 4, pp. 20–43, 2008.
[20]. Peng Liu, Zhong Chen, “An Access Control Model for Web Services in Business Process”, Proceedings of the IEEE/WIC/ACM International Conference on Web Intelligence (WI’04), 2004.
[21]. Xin Wang, Yanchun Zhang, Hao Shi, and Jian Yang, “BPEL4RBAC: An Authorisation Specification for WS-BPEL”, Proceedings of the 9th international conference on Web Information Systems Engineering, pp. 381-395, 2008.
[22]. Konstantin Knorr, “Dynamic Access Control through Petri Net Workflows”, Proceedings of the 16th Annual Computer Security Applications Conference, pp. 159-167, 2000.
[23]. Chi Wu-Lee, Gwan-Hwan Hwang, “Dynamic Policies for Supporting Quality of Service in Service-Oriented Architecture”, IECIE 2010.
[24]. Charles N. Fischer and Richard J. LeBlanc, Jr. “Crafting A Compiler with C”, The Benjamin/Cummings Publishing Company, Inc., 1991.
[25]. ActiveBPEL, http://www.activevos.com/community-open-source.php.
[26]. Eclipse BPEL Designer, http://people.apache.org/~vanto/HelloWorld-BPELDesignerAndODE.pdf.
[27]. Apache Axis2/Java, http://ws.apache.org/axis2/.
[28]. Eclipse Web Tools Platform, http://www.eclipse.org/webtools/.
[29]. soapUI, http://www.soapui.org/.
[30]. Sun’s XACML Implementation, http://sunxacml.sourceforge.net/.
[31]. W3C, “XML Path Language (XPath) 2.0”, W3C Recommendation, 23 January 2007, http://www.w3.org/TR/xpath20/.