Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of interactions between participating objects. Delegation and joint action mechanisms allow a more flexible and dynamic form of access control, thereby enabling the representation of sophisticated authorization policies. This paper explores some issues that need to be addressed when designing such joint actions based authorization policies. We describe some approaches to supporting joint actions based authorization policies, and their ramifications for trust of various components of the implementation. We consider an example from the medical field, and define attributes relevant to the design of joint action schemes and present three schemes for supporting joint action based authorization policies.
|Number of pages||14|
|Journal||Operating Systems Review (ACM)|
|Publication status||Published - Jul 1996|