State based access control for open e-governance
Proceedings of the 7th International Conference on Theory and Practice of Electronic Governance - ICEGOV '13
The Millenium Development goals emphasize the need for building "open, rule-based, predictable and non-discriminatory" e-governance systems. However, building such open systems remains a challenge: on the one hand, the systems are required to be open, whereas, on the other, there is the need to preserve and protect private and confidential information of potentially millions of users. This requires that e-governance systems carry clear specifications of how access to users' documents are
... ocuments are managed throughout an e-governance application's workflow. We describe a modular, fine-grained, state-based model that can form the basis for specifying access control in e-governance service delivery workflows. The model consists of three layers: a data store, a workflow layer, and an access control layer connecting the two. The data store consists of fields and forms. The workflow is specified as concurrent processes each representing either a citizen or a government actor. The access control layer specifies, for each user (process), a view of the data store as determined by that user's state in the workflow. Such modular specifications can guide the implementation and the verification of e-governance applications. We illustrate our model with two representative examples from the e-governance domain and a web-based prototype implementation of one of them.