Though traditional authorization models can ensure the security of equipment, they don’t offer promise both for good quality of service and for strong system robustness. Therefore, this paper presents a semi-distributed authorization model which splits the single decision point into two roles: core-authorization decision point and sub-authorization decision point. In this model, several deci‐ s...

In access control, it is a reasonable requirement that authorization mechanism can be implemented intelligently by logic programs. We propose an authorization framework based on logic programs, ranging from design, analysis, and implementation. Our proposed framework is powerful and useful, with RBAC features, flexible authorization, logic-based formalization and integration of policies. It can...

Prior Authorization Information Pre-service approval is required for all inpatient services for all products. See below for situations where prior authorization may be required or may not be required. Yes indicates that prior authorization is required. No indicates that prior authorization is not required. N/A indicates that this service is primarily performed in an inpatient setting. Outpatien...

Prior Authorization Information Pre-service approval is required for all inpatient services for all products. See below for situations where prior authorization may be required or may not be required for outpatient services. Yes indicates that prior authorization is required. No indicates that prior authorization is not required. N/A indicates that this service is primarily performed in an inpa...

We present the design of a distributed authorization service which parallels existing authentication services for distributed systems. Such a service would operate on top of an authentication substrate. There are two distinct ideas underlying our design: (1) The use of a language, called generalized access control list (GACL), as a common representation of authorization requirements. (2) The us...

While there has been considerable eeort in creating a single sign-on solution for interoperability among au-thentication methods, such interoperability across authorization methods has received little attention. This paper presents a exible distributed authorization protocol that provides the full generality of restricted proxies while supporting the functionality of and interop-erability with ...

In this paper, we propose a methodology for incremental security policy specification at varying levels of abstraction while maintaining strict equivalence with respect to authorization state. We specifically consider the recently proposed group-centric secure information sharing (g-SIS) domain. The current specification for g-SIS authorization policy is stateless in the sense that it solely fo...

Proxy authorization makes it possible to entrust the right of signing or making decisions to other parties. This paper analyzes the basic principles and security problems of proxy authorization schemes and presents three proxy authorization schemes based on elliptic curves cryptosystem. In the first multiparty proxy authorization scheme, a group of n members can cooperate to entrust their right...