Delegation of Obligations
نویسندگان
چکیده
Obligation policies are one main means of exercising control within an organisation. They specify the actions that some subject has to perform. The authority over these actions needs to be specified in authorisation policies. Current policy notations provide us with the needed structure to represent authorisations and obligations as policy objects for distributed systems management. They support the delegation of authorisations but not of obligations. Yet, there is a strong relationship between the two policy types and the delegation of obligations needs to be supported as well, requiring the introduction of a new type of policy which we call a "review". This paper investigates the general principles underlying the delegation of policy objects, putting specific emphasis on the delegation of obligations. The Alloy specification language is used to specify and illustrate these principles. The main issues that will be discussed are: the balance between authorisation and obligation policies; the source of obligations and reasons for their delegation; the need for review policies to help control the delegation of obligations.
منابع مشابه
An Extended Role-Based Access Control Model for Delegating Obligations
The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the ...
متن کاملDelegation of Obligations and Responsibility
In this paper, we discuss the issue of responsibilities related to the fulfillment and the violation of obligations. We propose to formally define the different aspects of responsibility, namely causal responsibility, functional responsibility, liability as well as sanctions, and to examine how delegation influences these concepts. Our main aim is to identify the responsibility of each agent th...
متن کاملCompliance Engineering: Aligning Software Requirements with Policies and Government Regulations
As information is increasingly managed electronically, policies and government regulations intended to protect personal privacy are increasing the requirements complexity of software systems. These regulations and policies are frequently developed by lawyers and domain experts – not engineers – resulting in complex and ambiguous legal language. To ensure software complies with the law, software...
متن کاملDelegation in a Role-Based Organization
In an organizational context the norms that apply to an agent depend on the roles he holds in the organization. The deontic characterization of structural roles is defined when the organization is created. But an organization is not a static entity. Among the dynamic phenomena that occur in an organization there are interactions between agents consisting in a transference of obligations or perm...
متن کاملNorm Negotiation Power
In social mechanism design, norm negotiation creates individual or contractual obligations fulfilling goals of the agents. The social delegation cycle distinguishes among social goal negotiation, obligation and sanction negotiation and norm acceptance. Power may affect norm negotiation in various ways, and we therefore introduce a new formalization of the social delegation cycle based on power ...
متن کامل