Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Access control for large collections
Gladney H. ACM SIGSAC Review15 (2):154-194,1997.Type:Article
Date Reviewed: Sep 1 1997

What sort of access control is appropriate for a digital library or other very large online collection of documents? The Document Access Control Method (DACM) is the answer proposed here. An implemented document storage subsystem called DocSS, based on DACM, is also described. The goal of DACM is to provide access control that scales to very large collections, allows decentralized administration, accommodates multiple access rules, models common patterns of access delegation, and permits efficient implementation.

The novel delegation model starts with a custodian who has all privileges on all objects. Users (initially created by the custodian) can create subordinate users whose privileges cannot exceed those of the creator. Users can also delegate any of their privileges to another user via a role. A user’s privileges are the union of the privileges granted at creation and those of the user’s current role (if any).

A user’s privileges in relation to an object are the intersection of this set with the privileges in the object’s access control object. The achievement of DACM’s goals is largely due to this use of flexible access control objects that are shareable by many objects. While favoring discretionary access control, DACM can also implement mandatory access control.

The discussion includes comparisons of DACM to other systems, such as IBM’s RACF and Unix access control. Two tables show how DACM meets some customer requirements for delegation. Researchers and implementors of online libraries and other document collections should find this paper useful.

Reviewer:  Andrew R. Huber Review #: CR124699 (9709-0704)
Bookmark and Share
  Featured Reviewer  
 
Security and Protection (D.4.6 )
 
 
Distributed Applications (C.2.4 ... )
 
 
Distributed Databases (C.2.4 ... )
 
 
Large Text Archives (H.3.6 ... )
 
 
Protection Mechanisms (D.2.0 ... )
 
 
Database Applications (H.2.8 )
 
  more  
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Practical UNIX security
Garfinkel S., Spafford G., O’Reilly & Associates, Inc., Sebastopol, CA, 1991. Type: Book (9780937175729)
Jun 1 1992
Trusted products evaluation
Chokhani S. Communications of the ACM 35(7): 64-76, 1992. Type: Article
Oct 1 1993
An experience using two covert channel analysis techniques on a real system design
Haigh J., Kemmerer R., McHugh J., Young W. IEEE Transactions on Software Engineering SE-13(2): 157-168, 1987. Type: Article
Nov 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy