Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Does licensing require new access control techniques?
Hauser R. Communications of the ACM37 (11):48-55,1994.Type:Article
Date Reviewed: Oct 1 1995

Hauser raises the problem of whether the notion of document licensing requires new techniques for access control. The author distinguishes between two kinds of licensing: consumptive licensing, which requires prepayment for the service or trusted “metered” usage, and an allocative scheme, which restricts usage in real-time to a maximum number of concurrent users. An example is given of a company that buys ten permanent licenses; if the concurrent usage does not exceed this number, no further contact with the vendor is needed. The problem with the consumptive scheme is how to enforce the metering, and the problem with the allocative scheme is how to control the number of simultaneous active users. The paper focuses on allocative schemes, more or less in a client/server context.

The author proposes the concept of stateful access control (SAC), which appears to be access control with the additional function of keeping track of how many licenses are active at any given time. He introduces the metaphor of a client borrowing code (or information) from a server where the licenses are kept. The server notes the request and, if the limit is not exceeded, supplies the requested code (or data). The client keeps the code until it is finished using it, at which time it relinquishes it to the server. The server is also able to command the client to stop using the licensed object if the license has expired. At the point where the licensed object is returned or the license has expired, the SAC enforcement ends for that instance of the object.

There is considerable discussion of the proposal and its ramifications. The paper asks whether a new access control is needed for licensing. Certainly the problem as posed and discussed needs something more than simple permission to use an object. The role of trust is discussed, but is not as clearly drawn as the problem requires. It appears, assuming clients are writeless, that trust at the server is sufficient to implement the concept. Of the two forms of licensing, the allocative method seems much simpler, since it only requires trust at the point of allocation. The consumptive method, even with writeless workstations, needs a trusted component to meter data or program usage at the workstation. This is possible, but more complicated.

The paper makes a point that licensing might be applied to data as much as to programs. Overall, the paper summarizes good work, but it requires careful reading. It is recommended to all who have to deal with the licensing problem.
Reviewer:  James P. Anderson Review #: CR118907 (9510-0792)
Bookmark and Share
 
Access Controls (D.4.6 ... )
 
 
Access Methods (D.4.3 ... )
 
 
Communications Management (D.4.4 )
 
 
File Systems Management (D.4.3 )
 
 
Network Architecture And Design (C.2.1 )
 
Would you recommend this review?
yes
no
Other reviews under "Access Controls": Date
Access control lists in capability environments
Lopriore L. Technology and Science of Informatics 3(3): 163-174, 1984. Type: Article		 Mar 1 1985
Some variants of the take-grant protection model
Biskup J. (ed) Information Processing Letters 19(3): 151-156, 1984. Type: Article		 Jun 1 1985
On access checking in capability-based systems
Kain R., Landwehr C. (ed) IEEE Transactions on Software Engineering SE-13(2): 202-207, 1987. Type: Article		 Dec 1 1987
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy