The Z notation: a reference manual
The Z notation: a reference manual
New security paradigms: what other concepts do we need as well?
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
The object constraint language: precise modeling with UML
The object constraint language: precise modeling with UML
Alcoa: the alloy constraint analyzer
Proceedings of the 22nd international conference on Software engineering
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
An Approach to Combining B and Alloy
ZB '02 Proceedings of the 2nd International Conference of B and Z Users on Formal Specification and Development in Z and B
Proceedings of the 2004 ACM symposium on Applied computing
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Policy-enabled mechanisms for feature interactions: reality, expectations, challenges
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Directions in feature interaction research
An Extended Role-Based Access Control Model for Delegating Obligations
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
GoCoMM: a governance and compliance maturity model
Proceedings of the first ACM workshop on Information security governance
A framework for evidence lifecycle management
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Negotiating and delegating obligations
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Revocation of obligation and authorisation policy objects
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Usage control in service-oriented architectures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Obligations and their interaction with programs
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
Obligation policies are one main means of exercisingcontrol within an organisation. They specify the actionsthat some subject has to perform. The authority over theseactions needs to be specified in authorisation policies.Current policy notations provide us with the neededstructure to represent authorisations and obligations aspolicy objects for distributed systems management. Theysupport the delegation of authorisations but not ofobligations. Yet, there is a strong relationship betweenthe two policy types and the delegation of obligationsneeds to be supported as well, requiring the introductionof a new type of policy which we call a "review".This paper investigates the general principlesunderlying the delegation of policy objects, puttingspecific emphasis on the delegation of obligations. TheAlloy specification language is used to specify andillustrate these principles. The main issues that will bediscussed are: the balance between authorisation andobligation policies; the source of obligations and reasonsfor their delegation; the need for review policies to helpcontrol the delegation of obligations.