Security services for workflow systems are becoming increasingly important for cross-domain interoperability in insecure environments. Workflow interfaces and system components involve the whole spectrum of security services including authentication, authorization, access control, data confidentiality and integrity, audit, non-repudiation, and administration. With the equipment of these services, workflow systems can be used in a broader range of enterprise applications. In this paper, we address many security issues in typical workflow systems and present a security model that utilizes the secure socket layer protocol and HTTPS tunneling mechanism. This model provides flexible security facilities that are suitable for application-to-application operations and data exchange over the Internet.
