What sort of access control is appropriate for a digital library or other very large online collection of documents? The Document Access Control Method (DACM) is the answer proposed here. An implemented document storage subsystem called DocSS, based on DACM, is also described. The goal of DACM is to provide access control that scales to very large collections, allows decentralized administration, accommodates multiple access rules, models common patterns of access delegation, and permits efficient implementation.
The novel delegation model starts with a custodian who has all privileges on all objects. Users (initially created by the custodian) can create subordinate users whose privileges cannot exceed those of the creator. Users can also delegate any of their privileges to another user via a role. A user’s privileges are the union of the privileges granted at creation and those of the user’s current role (if any).
A user’s privileges in relation to an object are the intersection of this set with the privileges in the object’s access control object. The achievement of DACM’s goals is largely due to this use of flexible access control objects that are shareable by many objects. While favoring discretionary access control, DACM can also implement mandatory access control.
The discussion includes comparisons of DACM to other systems, such as IBM’s RACF and Unix access control. Two tables show how DACM meets some customer requirements for delegation. Researchers and implementors of online libraries and other document collections should find this paper useful.