Turkish Journal of Electrical Engineering and Computer Sciences
DOI
10.3906/elk-1403-200
Abstract
There are various methods proposed in the literature to provide authorization control in workflows and information systems. Authorization implementations have deficiencies based on procedural scope. Basic login mechanisms grant system-wide access; the provided margins are broad. Access control lists provide limited definition on access restrictions; the authorization is bounded by these definitions. Role based authorizations do not cover regulations in institutions where the regulations describe specific operations and their operational procedures in institutional workflows. The proposed multilayer authorization model depicts the attributes of authorization mechanisms and analyzes the methods according to their authorization capabilities and contributions to the reliability of documents in the workflow. The layered structure provides comparative and integrated analysis of the authorization mechanisms. The incremental authorization structure would be a guide for implementations in that each layer presents the scope of authorization by providing analysis on deficiencies and the methods of solution. An institutional authorization mechanism on documents is also proposed. The proposed mechanism suggests and implements an authorization mechanism to enclose authorization restrictions in institutional regulations.
Keywords
Authorization, information reliability, Petri net analysis
First Page
4915
Last Page
4934
Recommended Citation
UĞUR, ALPER and SOĞUKPINAR, İBRAHİM
(2016)
"Multilayer authorization model and analysis of authorization methods,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 24:
No.
6, Article 28.
https://doi.org/10.3906/elk-1403-200
Available at:
https://journals.tubitak.gov.tr/elektrik/vol24/iss6/28
Included in
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons
