Abstract
In this position paper we discuss the issue of enforcing access policies in distributed environments where there is no central system designer/administrator, and consequently no guarantee that policies will be properly implemented by all components of the system. We argue that existing access control models, which are based on the concepts of permission and prohibition, need to be extended with the concept of entitlement. Entitlement to access a resource means not only that the access is permitted but also that the controller of the resource is obliged to grant the access when it is requested. An obligation to grant the access however does not guarantee that it will be granted: agents are capable of violating their obligations. In the proposed approach we discuss a Community Regulation Server that not only reasons about access permissions and obligations, but also updates the normative state of a community according to the contractual performance of its interacting agents.
This work is supported by the Swedish Agency for Innovation Systems (Vinnova) as part of the Policy Based Management Project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bandmann, O., Dam, M., Firozabadi, B.S.: Constrained Delegations. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 131–140 (2002)
Sadighi Firozabadi, B., Sergot, M., Bandmann, O.: Using Authority Certificates to Create Management Structures. In: Proceedings of the 9th International Workshop on Security Protocols, Cambridge, UK (April 2001) (to appear)
Firozabadi, B.S., Sergot, M.: Revocation Schemes for Delegated Authorities. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, Monterey, California, USA, June 2002, pp. 210–213. IEEE, Los Alamitos (2002)
Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the grid: An open grid services architecture for distributed systems integration (January 2002), http://www.globus.org/research/papers/ogsa.pdf
Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid – Enabling Scalable Virtual Organisations. International Journal of Supercomputer Applications 15(3) (2001)
Pearlman, L., Welch, V., Foster, I., Kesselman, C.: A Community Authorisation Service for Group Collaboration. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, Monterey, California, USA, June 2002, pp. 50–59. IEEE, Los Alamitos (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Firozabadi, B.S., Sergot, M. (2004). Contractual Access Control. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2002. Lecture Notes in Computer Science, vol 2845. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39871-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-39871-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20830-3
Online ISBN: 978-3-540-39871-4
eBook Packages: Springer Book Archive