Revocation of obligation and authorisation policy objects

Authors:
Andreas Schaad
Affiliations:
SAP Research, Mougins, France
Venue:
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2005

Citing 11
Cited 3

On an authorization mechanism

ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
Protection in operating systems

Communications of the ACM
A micromodularity mechanism

Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
An Extended Authorization Model for Relational Databases

IEEE Transactions on Knowledge and Data Engineering
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Delegation of Obligations

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Separation, review and supervision controls in the context of a credit application process: a case study of organisational control principles

Proceedings of the 2004 ACM symposium on Applied computing
Facilitating cross-organisational workflows with a workflow view approach

Data & Knowledge Engineering - Special issue: Contract-driven coordination and collaboration in the internet context
XacT: a bridge between resource management and access control in multi-layered applications

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications

A model-checking approach to analysing organisational controls in a loan origination process

Proceedings of the eleventh ACM symposium on Access control models and technologies
A framework for evidence lifecycle management

WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Obligations and their interaction with programs

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In [Schaad and Moffett, 2002] we have presented our initial investigations into the delegation of obligations and the concept of review as one kind of organisational principle to control such delegation activities. This initial work led us to a more detailed and refined analysis of organisational controls [Schaad, 2003], [Schaad and Moffett, 2004] with a particular emphasis on the notion of general and specific obligations [Schaad, 2004]. In particular, this distinction allowed us to formally capture how a principal may be related to an obligation; how obligations relate to roles; and how the delegation of specific and general obligations may be controlled through the concepts of review and supervision. This paper complements the delegation of obligation and authorisation policy objects by discussing their revocation, based on the revocation schemes suggested in [Hagstrom et al., 2001]. In particular, we will investigate how delegated general and specific obligations can be revoked and what effect the presence of roles has on the revocation process. We use the Alloy language and its automated analysis facilities [Jackson, 2001] to formally support our discussion.