We present the design of an authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) The use of a language, called generalized access control list (GACL), as a common representation of authorization requirements. (2) The use of authen...

A set can be defined intensionally by specifying properties required of all its members or it can be defined extensionally by enumerating its elements. For example, the set of people authorized to enter a nightclub might be characterized intensionally by giving a minimum required age or characterized extensionally by providing a guest list. The DAC and MAC authorization policies we have been st...

It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Rolebased Autho...

The role of regulatory drug submission evaluators in Canada is to critically assess both the data submitted and the sponsor's interpretation of the data in order to reach an evidence-, and context-based recommendation as to the potential benefits and potential harms (i.e., risks) associated with taking the drug under the proposed conditions of use. The purpose of this document is to outline the...

Many organizations struggle with ineffective and/or inefficient access control, but these problems and their consequences often remain invisible to security decision-makers. Prior research has focused on improving the policy-authoring part of authorization and does not show the full range of problems, their impact on organizations, and underlying causes. We present a study of 118 individual's e...

Detecting security aws is important in order to keep the database secure. A security aw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security aws can occur under the authorization. The main aim of this paper is to show an e cient decisio...

Workflow Management Systems (WFMS) are being widely used today by organizations to coordinate the execution of various applications representing their day-to-day tasks. To ensure that these tasks are executed by authorized users or processes (subjects), and to make sure that authorized subjects gain access on the required objects only during the execution of the specific task, granting and revo...