Traditionally,the access c ontrol has been limited in the framework of subject,object,and rights,these m odels can protect individual objects and subjects perfectly,but they are formu lated too low a level of abstraction to be useful for modeling organiational re quirement ,devoid of ability to descript activities and can not reflect the or ganizational and distributed workflow in information systems.This paper introdu ces a newly access control strategy,task-based...