DISCRETIONARY ACCESS-CONTROL BY MEANS OF USAGE CONDITIONS

A data processing environment allows users to create data objects of very different types. As a part of the management of these objects, the data processing system must support user-defined access control. In this paper we propose a general concept and user interface for user-defined access control and discuss a number of applications. The concept regards access control information as valuable information in its own right and consequently places this information, nowadays mostly specified within and as an integral part of meta-information either of objects or subjects, in objects of its own, called usage conditions. Each of these objects contains access control information corresponding to a task of the real world and formulated with general attributes. Access control for an object is implemented by references to appropriate usage conditions. Access to the object is granted if granted by at least one usage condition. Thus, by setting such references in an m-to-n manner, a restricted set of usage conditions is sufficient to implement even complex access control conditions.