Title :
On the unification of access control and data services
Author :
Ferraiolo, David ; Gavrila, Serban ; Jansen, Wayne
Author_Institution :
Nat. Inst. of Stand. & Technol., Gaithersburg, MD, USA
Abstract :
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file and access control management. Although access control (AC) currently plays an important role in imposing control over the execution of DS capabilities, AC can be more fundamental to computing than one might expect. That is, if properly designed, a single AC mechanism can simultaneously implement, control, and deliver capabilities of multiple DSs. The Policy Machine (PM) is an AC framework that has been designed with this objective in mind. This paper describes the PM features that provide a generic AC mechanism to implement DS capabilities, and comprehensively enforces mission tailored access control policies across DSs.
Keywords :
authorisation; business data processing; DS; PM; access control; data services; enterprise computing; generic AC mechanism; policy machine; single AC mechanism; Authorization; Containers; Decision support systems; Electronic mail; Writing; Access Control; Access Control Policy; Data Services; Operating Environment; Policy Machine;
Conference_Titel :
Information Reuse and Integration (IRI), 2014 IEEE 15th International Conference on
DOI :
10.1109/IRI.2014.7051924
