為了因應企業的快速成長，企業資訊系統開始廣泛地以Web 架構來設計與建製；此中央化的管理方法降低了學習門檻與維護成本，但資訊系統於離線狀況下卻無法得到一個安全、與操作控管的解決方法。
本論文將就此提出能於離線狀況下，處理安全與控管操作行為之企業文件系統，稱為『任務導向卷宗文件夾』，針對使用XML格式文件，記載安全資訊、文件使用者操作介面、與操作行為的定義。使用者端應用程式依循 XML的定義，去驗證使用者身份、檢查使用者授權清單、控管使用者的操作、使用者介面、與處理管理相關事宜，以確保文件於安全控管下被操作，並且與伺服器資料同步。
本論文並採用平衡計分卡系統為例，實作雛型以評估成效。

Enterprise information systems evolve to introduce Web-based framework. Such a centralized approach is advantageous in reducing the learning curve and maintenance costs. However, web-based applications generally require on-line operations. A solution that make web-based documents can be off-line safely controllable is demanding.
This study proposes a “task-oriented file folder”. A task-oriented file folder only deals with web documents or XML documents. It uses XML to record security (access control) information, the operation interface of users and the definition of behaviors of operations. During off-line processing, an application program, at the user side, is to comply with the XML definitions. It is to verify users’ identification, check the authorization list, and authenticate to perform operations and interfaces as well as to cope with the management of related works. Thus, the document is assured to be securely operated, and the document can be synchronized with the server.
We adopt a balanced score card system as an example to construct a prototype to demonstrate the feasibility of the task-oriented file folder concept and to assess its effectiveness.

[1] Digvijay Chauhan, “Smart Cards in .NET Part 1-3”, March 15, 2004 - Nov 15, 2004; available from http://www.aspfree.com
[2] Elisa Bertino , Silvana Castano , Elena Ferrari, “Securing XML Documents with Author-X”, IEEE Internet Computing, Vol.5 Issue.3, pp.21-31, May 2001.
[3] Frank Manola, Eric Miller, “RDF Primer”, W3C, Feb 10, 2004; available from http://www.w3.org/TR/rdf-primer/
[4] J. Clark et al., XML Path Language (XPath) Version 1.0, World Wide Web Consortium (W3C), November 1999; available from http://www.w3c.org/TR/xpath (last visit July 17, 2006)
[5] J. Clark, XSL Transformations (XSLT) Version 1.0, World Wide Web Consortium (W3C), November 1999; available from http://www.w3c.org/TR/xslt (last visit July 17, 2006)
[6] Michiharu Kudo and Satoshi Hada, ”XML Document Security based on Provisional Authorization”, 7th ACM conference on Computer and communications security, pp.86-96, 2000.
[7] R.G. Bartlett, M.W. Cook, “XML security using XSLT”, Proceedings of the 36th Annual Hawaii International Conference on System Sciences, pp.122 –127, 6-9 Jan. 2003.
[8] S. Hoque, H. Selim, G. Howells, M.C. Fairhurst, and F. Deravi, “SAGENT: A Novel Technique for Document Modeling for Secure Access and Distribution”, Document Analysis and Recognition, 2003. Proceedings, Seventh International Conference, IEEE, pp.1257-1261, 3-6 Aug 2003.
[9] Y. Goland, E. Whitehead, A. Faizi, S.R. Carter, D. Jensen, “HTTP Extensions for Distributed Authoring – WEBDAV”, W3C, Feb 1999.
[10] Zhiqun Chen, “How to write a Java Card applet: A developer’s guide”, available from http://www.javaworld.com/javaworld/jw-07-1999/jw-07-javacard_p.html, JavaWorld, July 1999.
[11] “Object-Oriented Application Analysis and Design for Java Technology (UML)”, Sun Microsystems, Inc., March 2000.
[12] OMG Unified Modeling Language Specification version 1.4, September 2001.
[13] “Crystal Decisions Enhances Web Report Creation and Interactivity in Crystal Enterprise”, Business Objects, 8 September, 2003; available from http://www.businessobjects.com/news/presscd/2003/090801.asp
[14] NOVELL Modular Authentication Service, available from http://www.novell.com/products/nmas/ (last visit July 17, 2006)