over the last twenty-fivc ycars or so there have been numerous attempts to build access colltrol mechanisms to mectspecific Policy needs. Although each is successful in meeting specific access needs, the rcsulting tec...over the last twenty-fivc ycars or so there have been numerous attempts to build access colltrol mechanisms to mectspecific Policy needs. Although each is successful in meeting specific access needs, the rcsulting technology has disaPpointedthe market place. This is duc to the reality that a given access control mechanism may meet thc policy requircments within aparhcular markCt domain, while being completely inaPPropriate in an another. The reality is thatacccss contTol policies can beas diverse as the business aPPlications that need to enforce them. This rigidity creates a Problem when the protection requiredof an aPPlication is different from thc policy(ies) built into the mcchanism at hand. UnfortUnately, the only solution is toimplement the policy as pat of the aPPlicahon code, leaving the policies vulncrablc to tamPering and byPass attacks.’To meet this challenge a number of research and develoPment effortS are under way with the common themc of seParahngthe access contfol mechanism from the policy. The idea is if there is a general mechanism that is caPable of implemellting anumbcr of diffcent security POlicies we can redefine the security policy, through the use of a policy specification languagewithout requiring a changc in the mechanism.The intention of this talk is to trace the evolution of access control and authorization management techniques and theirprinciples from the onc-policy olle-mechanism approach to the Present day attcmpts to build auniversal policy machine.展开更多
文摘over the last twenty-fivc ycars or so there have been numerous attempts to build access colltrol mechanisms to mectspecific Policy needs. Although each is successful in meeting specific access needs, the rcsulting technology has disaPpointedthe market place. This is duc to the reality that a given access control mechanism may meet thc policy requircments within aparhcular markCt domain, while being completely inaPPropriate in an another. The reality is thatacccss contTol policies can beas diverse as the business aPPlications that need to enforce them. This rigidity creates a Problem when the protection requiredof an aPPlication is different from thc policy(ies) built into the mcchanism at hand. UnfortUnately, the only solution is toimplement the policy as pat of the aPPlicahon code, leaving the policies vulncrablc to tamPering and byPass attacks.’To meet this challenge a number of research and develoPment effortS are under way with the common themc of seParahngthe access contfol mechanism from the policy. The idea is if there is a general mechanism that is caPable of implemellting anumbcr of diffcent security POlicies we can redefine the security policy, through the use of a policy specification languagewithout requiring a changc in the mechanism.The intention of this talk is to trace the evolution of access control and authorization management techniques and theirprinciples from the onc-policy olle-mechanism approach to the Present day attcmpts to build auniversal policy machine.
