Workflow WebServices using ID Token
Original Publication Date: 2003-Oct-10
Included in the Prior Art Database: 2003-Oct-10
Disclosed is a mechanism that, for each workflow service implemented by using the WebServices, gathers and stores the group attribute of a user into a Token, and exchanges the Token between the Workflow Engine and WebService Providers. By using this Token, the mechanism enables the WebServices to identify the user. Moreover, based on the group attribute of the user, the mechanism also enables the WebServices to check an access permission of the user to the service, and to select an adequate condition branch of logic in the workflow service. This Token can be passed to another WebService provider as a hint of the group attribute, in the case where there is a WebService Provider obtaining the results from two or more other WebServices run separately. (Refer to Fig.1)
Workflow WebServices using ID Token
This mechanism is useful for a workflow (applying and approving) application system developed by using the WebService. In a company, the user's attribute of the groups is based on their departments, positions, teams, etc. An operational workflow consists of each process implemented by the WebService, and the implementation called the BPEL4WS and WS-Choreography are used to build those processes as a workflow application.
Software configuration for the mechanism is as follows. (Refer to Fig.2)
- WebService Requester/Provider
Supports the specification of the WebServices.
- WebService Workflow Engine for the workflow processing
Supports the specification of the BPEL4WS or WS-Choreography.
- Token Container running on the WebService Workflow Engine
Sends and receives a Token from the WebService provider.
- Token Receiver running on the WebService Workflow Engine
Receives a Token from the WebService Requester, and passes it to the Token Container.
- Rule File Reader running on the WebService Workflow Engine
Reads a file in which the rules about transmission of the Token are described.
- Token Generator running on the WebService Provider
Stores the group attributes of the user into the Token, and sends it to the WebService Workflow Engine.
- Token Analyzer running on the WebService Provider
Receives the Token from the Workflow Engine, and extracts the stored information from the Token.
- Token Sender running on the WebService Requester
Carries the Token to the Workflow Engine.
The procedure of the mechanism is shown below. (Refer to Figs. 1, 3, and 4.)
I-1. WebService Requester sends a request to the WebService Workflow Engine. The request includes the user's identification information.
I-2. WebService Workflow Engine requires for generating a new Token by using the Token Generator on the WebService Provider.
I-3. Based on the user's identification information (for example, userID) received from the Requester via the Workflow Engine, the Token Generator acquires the detail of the user's group attribute from the Provider. The detail of the group attribute is needed by the service of other WebServices this Provider provides. Based on the group attribute, each service of the WebServices called one after another checks; - Whether can the user execute the requesting process of the workflow?
(Ex. Is it the user who can perform the applying or approving?) - With which group attribute does the user perform the process of the workflow?
(Ex. Which position does the user have for an applying or approving?)
An example of the list of group attribute is;
a. User ID
b. Group the user belongs to. - Corporate code - Station code - Department code (Imposition dept. code) - Position code
- Qualification code - Executive post code
- Group code
- Team code
- Project code If the user belongs to several groups, such as holding an additional position among several d...