Business Process Execution Language for Web Services is a language, which can be used to define abstract and executable processes. It has became to be the defacto standard of Web Service composition. However, the security aspect of access control is explicitly mentioned to be outside the scope of BPEL. This paper focuses on the implementation of access controls in the BPEL-based process. The existing Task-Based Access Control model was extended. The definition of authorization unit was modified and new types of authorization units were added Moreover the mapping from the process defined by BPEL to TBAC model was implemented and an approach of using TBAC in BPEL was put forward. The future work was pointed out in the end of the paper.

• 出版日期2007
• 单位中山大学