|
Abstract : |
This paper is concerned with the specification of discretionary access control policy for commercial security and the delegation of access control authority in a way which gives flexibility while retaining management control. Large distributed processing systems have very large numbers of users and resource objects so that it is impractical to specify access control policy in terms of individual objects or individual users. We need to be able to specify it as relationships between groups of users and groups of objects. The systems typically consist of multiple interconnected networks and span a number of different organisations. Authority cannot be delegated or imposed from one central point, but has to be negotiated between independent managers who wish to cooperate but who may have a very limited trust in each other. The paper proposes the use of access rules to specify, in terms of their domain memberships, what operations a user can perform on a target object. The delegation of authority to allow security administrators to create access rules requires limiting the scope of the users and target objects for whom they can create rules. The paper shows how role domains can be used to permit flexible but controlled delegation of authority from an owner, via managers, to security administrators., |
