Abstract
In [Schaad and Moffett, 2002] we have presented our initial investigations into the delegation of obligations and the concept of review as one kind of organisational principle to control such delegation activities. This initial work led us to a more detailed and refined analysis of organisational controls [Schaad, 2003], [Schaad and Moffett, 2004] with a particular emphasis on the notion of general and specific obligations [Schaad, 2004]. In particular, this distinction allowed us to formally capture how a principal may be related to an obligation; how obligations relate to roles; and how the delegation of specific and general obligations may be controlled through the concepts of review and supervision. This paper complements the delegation of obligation and authorisation policy objects by discussing their revocation, based on the revocation schemes suggested in [Hagstrom et al., 2001]. In particular, we will investigate how delegated general and specific obligations can be revoked and what effect the presence of roles has on the revocation process. We use the Alloy language and its automated analysis facilities [Jackson, 2001] to formally support our discussion.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bertino, E., Samarati, P., Jajodia, S.: An Extended Authorization Model for Relational Databases. IEEE Transactions on Knowledge and Data Engineering 9(1), 85–101 (1997)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Fagin, R.: On an Authorization Mechansism, vol. 3, pp. 310–319 (1978)
Griffiths, P., Wade, B.: An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems 1(3), 243–255 (1976)
Hagstrom, A., Jajodia, S., Parisi-Presicce, F., Wijesekera, D.: Revocations - A Categorization. In: Computer Security Foundations Workshop. IEEE Press, Los Alamitos (2001)
Harrison, M., Ruzzo, W., Ullman, J.: Protection in Operating Systems. Communications of the ACM 19(8), 461–471 (1976)
Jackson, D.: A Micromodularity Mechanism. In: 8th Joint Software Engineering Conference, Vienna, Austria (2001)
Jonscher, D.: Access Control in Object-Oriented Federated Database Systems. PhD thesis, University of Zurich (1998)
Mullins, L.: Management and Organisational Behaviour, 5th edn. Prentice Hall, London (1999)
Rits, M., De Boe, B., Schaad, A.: Xact: A bridge between resource management and access control in multi-layered applications. In: ACM Software Engineering Notes of Software Engineering for Secure Systems (ICSE 2005), St. Louis, Missouri, USA (2005)
Samarati, P., Vimercati, S.: Access Control: Polcies, Models and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Schaad, A.: A Framework for Organisational Control Principles, PhD Thesis. Phd, University of York (2003)
Schaad, A.: Delegating organisational obligations - an extended analysis. In: IFIP WG 11.3 Database and Applications Security XVIII, Sitges, Spain (2004)
Schaad, A., Moffett, J.: Delegation of Obligations. In: 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA (2002)
Schaad, A., Moffett, J.: Separation, review and supervision controls in the context of a credit application process, a case study of organisational control principles. In: ACM Symposium of Applied Computing, Cyprus (2004)
Schulz, K., Orlowska, M.: Facilitating cross-organisational workflows with a workflow view approach. Data & Knowledge Engineering 51(1), 109–147 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Schaad, A. (2005). Revocation of Obligation and Authorisation Policy Objects. In: Jajodia, S., Wijesekera, D. (eds) Data and Applications Security XIX. DBSec 2005. Lecture Notes in Computer Science, vol 3654. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11535706_3
Download citation
DOI: https://doi.org/10.1007/11535706_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28138-2
Online ISBN: 978-3-540-31937-5
eBook Packages: Computer ScienceComputer Science (R0)