skip to main content
research-article

Computer-supported access control

Published: 24 September 2009 Publication History

Abstract

Traditionally, access control is understood as a purely technical mechanism which rejects or accepts access attempts automatically according to a specific preconfiguration. However, such a perspective neglects the practices of access control and the embeddedness of technical mechanisms within situated action. In this article, we reconceptualize the issue of access control on a theoretical, methodological, and practical level. On a theoretical level, we develop a terminology to distinguish between access control practices and the technical support mechanisms. We coin the term Computer Supported Access Control (CSAC) to emphasize this perspective. On a methodological level, we discuss empirical investigations of access control behavior from a situated action perspective. We discovered a differentiated set of social practices around traditional access control systems. By applying these findings to a practical level, we enhance the design space of computer supported access control mechanisms by suggesting a matrix of technical mechanisms which go beyond an ex-ante configuration.

References

[1]
Ackerman, M. 2000. The intellectual challenge of CSCW: The gap between social requirements and technical feasibility. Hum.-Comput. Interact. 15, 179--203.
[2]
Adams, A. and Sasse, M. A. S. 1999. Users are not the enemy: Why users compromise security mechanisms and how to take remedial measures. Comm. ACM 42, 41--46.
[3]
Altmann, I. 1975. The Environment and Social Behavior: Privacy, Personal Space, Territory and Crowding. Brooks/Cole Publishing, Monterey, CA.
[4]
Bannon, L. 1993. CSCW: An initial exploration. Scandinav. J. Inform. Syst. 5, 3--24.
[5]
Bellotti, V. and Sellen, A. 1993. Design for privacy in ubiquitous computing environments. In Proceedings of the European Conference on Computer-Supported Cooperative Work (ECSCW'93). Kluwer, 77--92.
[6]
Bowen, S. J. 2007. Crazy ideas or creative probes? Presenting critical artefacts to stakeholders to develop innovative product ideas. In Proceedings of the EAD07: Dancing with Disorder: Design, Discourse and Disaster.
[7]
Bratteteig, T. 2003. Making change: Dealing with relations between design and use. University of Oslo.
[8]
Clark, D. D. and Wilson, D. R. 1987. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy. 184--194.
[9]
Coulouris, G., Dollimore, J., and Roberts, M. 1998. Secure communication in non-uniform trust environments. In ECOOP Workshop on Distributed Object Security.
[10]
Cranor, L. and Garfinkel, S. 2005. Security and Usability. Designing Secure Systems That People Can Use. O'Reilly, Sebastopol, CA.
[11]
Department of Defense. 1985. Trusted computing evaluation criteria, National Computer Security Center. http://en.wikipedia.org/wiki/National_Computer_Security_Center
[12]
Dewan, P. and Shen, H. 1998a. Controlling access in multiuser interfaces. ACM Trans. Comput.-Hum. Interact. 5, 34--62.
[13]
Dewan, P. and Shen, H. 1998b. Flexible meta access-control for collaborative applications. In Proceedings of the ACM Conference on Computer Supported Cooperative Work (CSCW'98). 247--256.
[14]
Dewey, J. 1938. Logic: The Theory of Inquiry. Henry Holt and Company.
[15]
Dourish, P. 1993. Culture and control in a media space. In Proceedings of the European Conference on Computer-Supported Cooperative Work (ECSCW'93). Kluwer, 133--146.
[16]
Dourish, P. 2006. Implications for design. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI'06). 541--550.
[17]
Dourish, P., Grinter, R., Delgado de la Flor, J., and Joseph, M. 2004. Security in the wild: User strategies for managing security as an everyday, practical problem. Personal Ubiq. Comput. 8, 391--401.
[18]
Dunne, A. and Raby, F. 2001. Design Noir: The Secret Life of Electronic Objects. Birkhäuser, Basel.
[19]
Edwards, K. 1996. Policies and roles in collaborative applications. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW'96). ACM Press, 11--20.
[20]
Ehn, P. 1990. Work-Oriented Design of Computer Artifacts. Lawrence Erlbaum Associates.
[21]
Ellis, C. A., Gibbs, S. J., and Rein, G. L. 1991. Groupware—Some issues and experiences. Comm. ACM 34, 38--58.
[22]
Ferraiolo, D. and Kuhn, R. 1992. Role-based access control. In Proceedings of the NIST- NSANational (USA) Computer Security Conference. 554--563.
[23]
Fuchs, L., Sohlenkamp, M., Genau, A., Kahler, H., Pfeifer, A., and Wulf, V. 1996. Transparenz in kooperativen prozessen; Der ereignisdienst in POLITeam. In Proceedings of the Herausforderung Telekooperation: Fachtagung Deutsche Computer Supported Cooperative Work. Springer, 3--16.
[24]
Gaver, W., Moran, T., McLaen, A., Lövstrand, L., Dourish, P., Carter, K., and Buxton, W. 1992. Realizing a video environment: EuroPARC's RAVE system. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI'92). ACM Press, 27--35.
[25]
Greif, I. and Sarin, S. 1986. Data sharing in group work. In Proceedings of the 1st Conference on Computer-Supported Cooperative Work (CSCW). ACM Press, 175--183.
[26]
Grinter, R. and Palen, L. 2006. Chatting with teenagers: Considering the place of chat technologies in teen life. ACM Trans. Hum.-Comput. Interact. 13, 423--447.
[27]
Grinter, R. E. and Palen, L. 2002. Instant messaging in teen life. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work. 21--30.
[28]
Gutwin, A. and Greenberg, S. 2002. A descriptive framework of workspace awareness for real-time groupware. Int. J. Comput.-Support. Coop. Work 11, 411--446.
[29]
Haake, J., Haake, A., Schümmer, T., Bourimi, M., and Landgraf, B. 2004. End-user controlled group formation and access rights management in a shared workspace system. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW'04). ACM Press, 554--563.
[30]
Heath, C. and Luff, P. 1991. Collaborative activity and technological design: Task coordination in London underground control rooms. In Proceedings of the European Conference on Computer- Supported Cooperative Work.
[31]
Hevner, A. R., March, S. T., Park, J., and Ram, S. 2004. Design science in information systems research. MIS Quart. 28, 75--105.
[32]
Kahler, H. 1996. Developing groupware with evolution and participation: A case study. In Proceedings of the Participatory Design Conference. 173--182.
[33]
Lampson, B. 1974. Proctection. ACM Oper. Syst. Rev. 8, 18--24.
[34]
Lampson, B. W. 2000. Computer security in the real world. In Proceedings of the Applied Computer Security Associates (ACSA) the 16th Annual Computer Security Applications Conference.
[35]
Nett, B. and Stevens, G. 2008. Business ethnography—Aktionsforschung als beitrag zu einer reflexiven technikgestaltung (Business ethnography—Action research as a contribution to a reflective technique development). In Science Theory and Design-Oriented Information Science. Institut für Wirtschaftsinformatik, Westfälische Wilhelms-Universität Münster, 48--68.
[36]
Neuwirth, C., Kaufer, D. S., Chandhok, R., and Morris, J. H. 1994. Computer support for distributed collaborative writing: Defining parameters of interaction. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW'94). ACM Press,145--152.
[37]
Nunamaker, J., Chen, M., and Purdin, T. D. M. 1991. Systems development in information systems research. J. Manage. Inform. Syst. 7, 89--106.
[38]
Oevermann, U., Allert, T., Konau, E., and Krambeck, J. 1979. Die methodologie einer, objektiven Hermeneutik' und ihre allgemeine forschungslogische bedeutung in den sozialwissenschaften. In Interpretative Verfahren in den Sozial- und Textwissenschaften, H.-G. Soeffner, Ed. Metzler, Stuttgart, 352--434.
[39]
Olson, J., Grudin, J., and Horvitz, E. 2005. A study of preferences for sharing and privacy. In Proceedings of the ACM Conference on Computer Human Interaction (CHI'05): Late Breaking Results: Short Papers. ACM Press, 1985--1988.
[40]
Padayachee, K., Eloff, J. H. P., and Sergot, M. 2007. Enhancing optimistic access controls with usage control. In Trust, Privacy and Security in Digital Business. Springer, Berlin, 75--82.
[41]
Palen, L. and Dourish, P. 2003. Unpacking privacy in a networked world. In Proceedings of the ACM Conference on Computer Human Interaction (CHI'03). ACM Press, 129--136.
[42]
Povey, D. 1999. Optimistic security: A new access control paradigm. In Proceedings of the Workshop on New Security Paradigms. ACM Press, 40--45.
[43]
Randall, D., Harper, R., and Rouncefield, M. 2007. Fieldwork for Design: Theory and Practice. Springer Verlag Gmbh.
[44]
Reichertz, J. 2004. Objective hermeneutics and hermeneutic sociology of knowledge. In Companion to Qualitative Research, U. Flick, Ed. Sage, London, 290--296.
[45]
Rissanen, E. and Firozabadi, B. S. 2006. Towards a mechanism for discretionary overriding of access control. In Security Protocols. Springer, Berlin, 312--319.
[46]
Rittel, H. and Webber, M. 1973. Dilemmas in a General Theory of Planning. Elsevier Scientific Publishing, Amsterdam.
[47]
Schmidt, K. 1991. Riding a tiger, Or computer supported cooperative work. In Proceedings of the 2nd European Conference on Computer-Supported Cooperative Work (ECSCW'91), L. Bannon et al., Eds. Kluwer Academic, Amsterdam, 1--16.
[48]
Schmidt, K. and Simone, C. 1996. Coordination mechanisms: Towards a conceptual foundation of CSCW systems design. Int. J. Comput.-Support. Coop. Work 5, 155--200.
[49]
Shalin, D. N. 1991. The pragmatic origins of symbolic interactionism and the crisis of classical science. Studies Symb. Interact. 11, 226--258.
[50]
Shen, H. and Dewan, P. 1992. Access control for collaborative environments. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work. ACM Press, 51--58.
[51]
Sikkel, K. 1997. A group-based authorization model for computer-supported cooperative work. In Arbeitspapiere der GMD. GMD, Sankt Augustin.
[52]
Stevens, G., Quaisser, G., and Klann, M. 2006. Breaking it up: An industrial case study of componend-based tailorable software design. In End User Development, H. Liebermann et al., Eds. Springer, 269--294.
[53]
Stevens, G. and Wulf, V. 2002. A new dimension in access control: Studying maintenance engineering across organizational boundaries. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW'02). ACM Press, 196--205.
[54]
Stiemerling, O. and Wulf, V. 2000. Beyond 'yes or no'—Extending access control in groupware with awareness and negotiation. Group Decision Negotiation 9, 221--235.
[55]
Strauss, A. 1988. The articulation of project work: An organizational process. The Sociolog. Quart. 29.
[56]
Suchman, L. 1987. Plans and Situated Actions: The Problem of Human-Machine Communication. Cambridge University Press, Cambridge, UK.
[57]
Turing, A. 1950. Computing Machinery and Intelligence. Mind LIX, 433--460.
[58]
Winch, P. G. 1958. The Idea of a Social Science and its Relation to Philosophy. Routledge and Kegan Paul, London.
[59]
Wulf, V. 1995. Negotiability: Handling access to data in groupware. Behav. Inform. Technol. 14, 143--151.
[60]
Wulf, V. 1997a. Handling conflicts in groupware: Concepts and experiences made in the POLITeam project. In Proceedings of the Human Computer Interaction (INTERACT'97), S. H. Howard and J. Lindgaard, G., Eds. Chapman and Hall, 485--492.
[61]
Wulf, V. 1997b. Konfliktmanagement bei Groupware. Vieweg, Braunschweig.
[62]
Wulf, V. 1999. Conflicts and negotiation in multi-user applications. In Encyclopedia of Microcomputers, A. Kent and J. G. Williams, Eds. Marcel Dekker, New Basel, 63--88.
[63]
Wulf, V. and Hartmann, A. 1994. The ambivalence of networks' visibility in an organizational context. In NetWorking: Connecting Workers In and Between Organizations, A. Clement et al., Eds. North Holland, Amsterdam, 143--152.
[64]
Wulf, V., Pipek, V., and Pfeifer, A. 2001. Resolving function-based conflicts in groupware systems. Al. Society 15, 233--262.
[65]
Wulf, V. and Rohde, M. 1995. Towards an integrated organization and technology development. In Proceedings of the DIS'95. ACM Press, 55--64.
[66]
Wulf, V., Stiemerling, O., and Pfeifer, A. 1999. Tailoring groupware for different scopes of validity. Behav. Inform. Technol. 18, 199--212.

Cited By

View all
  • (2021)A Consumer Perspective on Privacy Risk Awareness of Connected Car Data UseProceedings of Mensch und Computer 202110.1145/3473856.3473891(294-302)Online publication date: 5-Sep-2021
  • (2020)Trust versus Privacy: Using Connected Car Data in Peer-to-Peer CarsharingProceedings of the 2020 CHI Conference on Human Factors in Computing Systems10.1145/3313831.3376555(1-13)Online publication date: 21-Apr-2020
  • (2018)Evolving Needs in IoT Control and AccountabilityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32870492:4(1-28)Online publication date: 27-Dec-2018
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computer-Human Interaction
ACM Transactions on Computer-Human Interaction  Volume 16, Issue 3
September 2009
121 pages
ISSN:1073-0516
EISSN:1557-7325
DOI:10.1145/1592440
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 September 2009
Accepted: 01 July 2009
Revised: 01 January 2009
Received: 01 November 2006
Published in TOCHI Volume 16, Issue 3

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Access control
  2. computer supported cooperative work field
  3. coordination mechanism
  4. critical design
  5. ethnomethodology
  6. study

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)10
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2021)A Consumer Perspective on Privacy Risk Awareness of Connected Car Data UseProceedings of Mensch und Computer 202110.1145/3473856.3473891(294-302)Online publication date: 5-Sep-2021
  • (2020)Trust versus Privacy: Using Connected Car Data in Peer-to-Peer CarsharingProceedings of the 2020 CHI Conference on Human Factors in Computing Systems10.1145/3313831.3376555(1-13)Online publication date: 21-Apr-2020
  • (2018)Evolving Needs in IoT Control and AccountabilityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32870492:4(1-28)Online publication date: 27-Dec-2018
  • (2017)The Catch(es) with Smart HomeProceedings of the 2017 CHI Conference on Human Factors in Computing Systems10.1145/3025453.3025799(1620-1633)Online publication date: 2-May-2017
  • (2016)Caring About SharingProceedings of the 2016 ACM International Conference on Supporting Group Work10.1145/2957276.2957296(235-243)Online publication date: 13-Nov-2016
  • (2016)Social Media Resilience During Infrastructure Breakdowns Using Mobile Ad-Hoc NetworksAdvances and New Trends in Environmental Informatics10.1007/978-3-319-44711-7_7(75-88)Online publication date: 1-Sep-2016
  • (2015)Practice-Based Computing: Empirically Grounded Conceptualizations Derived from Design Case StudiesDesigning Socially Embedded Technologies in the Real-World10.1007/978-1-4471-6720-4_7(111-150)Online publication date: 2015
  • (2013)Privacy as part of the app decision-making processProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2470654.2466466(3393-3402)Online publication date: 27-Apr-2013
  • (2013)Facilitating TV production using StoryCrateProceedings of the 9th ACM Conference on Creativity & Cognition10.1145/2466627.2466628(193-202)Online publication date: 17-Jun-2013
  • (2012)Supporting improvisation work in inter-organizational crisis managementProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2207676.2208617(1529-1538)Online publication date: 5-May-2012
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media