Authorization Decisions ∗
نویسندگان
چکیده
An authorization decision is a binary decision taken by an institution, determining whether certain economic transactions are allowed to take place. They may involve granting a status to an individual, approving a new product, and so forth. Institutions seek to be consistent with their past decisions, as well as with their regulations. Consistency with past decisions is axiomatized: it is shown that certain coherence notions between the decisions made across different histories imply that the institution would seek to be consistent with its own decisions within a given history. In this context, regulations are modeled as constraints on the institution’s decisions, and the complexity of finding regulations that enforce specific decisions is studied. We also suggest a hierarchical version of the model, wherein computational complexity considerations might explain the power of bureaucracies.
منابع مشابه
Authorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملTowards Improving the Availability and Performance of Enterprise Authorization Systems
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. This model enables sharing the decision point as an a...
متن کاملLocale-based access control: placing collaborative authorization decisions in context
Collaboration systems require an appropriate uurhorizarion model to specifL and winrain policies that iiut only facilitate group activities but also enforce restrictions and uccountubility. Existing models fail to incorporate adequately into authorization decisions the rich notion of context rhut is inherent to any collaborative setting. In this paper we present the Locale-based Access Control ...
متن کاملObligation for Role based Access Control
Role based access control has been widely used in security critical systems. Conventional role based access control is a passive model, which makes authorization decisions on requests, and the authorization decisions contain only information about whether the corresponding requests are authorised or not. One of the potential improvements for role based access control is the augmentation of obli...
متن کاملCode-Carrying Authorization
In authorization, there is often a wish to shift the burden of proof to those making requests, since they may have more resources and more specific knowledge to construct the required proofs. We introduce an extreme instance of this approach, which we call Code-Carrying Authorization (CCA). With CCA, access-control decisions can partly be delegated to untrusted code obtained at run-time. The dy...
متن کامل