Information Technology Reference
In-Depth Information
For this policy, the APAs will include the following
act
U
and
act
D
rules in
SBAC
(
ψ
):
act
U
(
E,A
)
←
act
(
E, depositing
)
.
act
D
(
E,A
)
←
act
(
E, withdrawing
)
.
act
U
(
E,A
)
←
act
(
E, joining
)
.
act
D
(
E,A
)
←
act
(
E, leaving
)
.
It is important to note that:
-
Any number of polices may be represented in the way that we have described
in Example 2, because any number of application-specific requirements may
be related to the general notions of events, acts, actors, objects, times,
...
.
For example, for an on-line ordering system, we may have the act of purchas-
ing by customer actors of objects that include catalogue items with access
decisions being based on status levels that are defined in terms of credit
ratings, previous purchases,
...
-
APAs can modify policies by adding/deleting
ECL
I
/ECL
T
duals as re-
quired.
-
Major changes to an access policy may be effected by making minor changes
to the clauses in
SBAC
(
ψ
) (see [9]).
A specification of
SBAC
(
ψ
) defines the beliefs and knowledge of a mediating
agent
that may be used to evaluate access requests. A requester agent
u
m
∈U
may access an object
o
k
∈O
M
iff the mediator believes
u
m
to be authorized to
exercise an access privilege
a
l
on
o
k
at the time of
u
m
's access request iff an
authorization
u
m
,a
l
,o
k
is provable from
SBAC
(
ψ
) by an operational method.
Moreover,
is able to dynamically revise its beliefs about the status of
u
m
by learning about
u
m
's behaviours, and by reasoning about these behaviours
3
.
Our use of negation-as-failure in the
sla
clause enables the mediating agent
to withdraw beliefs when new information becomes available about a requester
agent's behaviours, and it makes it straightforward for new information to be
assimilated about a requester agent's status. What is more, negation-as-failure
may be used when information about a requester agent's status is incomplete; in
this case, default reasoning (by NAF) may be employed to determine a requester
agent's status.
M
Example 3.
Consider the access policy that is described in Example 2, and sup-
pose that the ordinary agent Bob performs the following acts:
On
12/12/2002
, Bob deposits 1000 Euros in account
a
1
to make the
current balance 1000 Euros. On
20/12/2002
, Bob withdraws 2000 Euros
from the account.
will believe that Bob is authorized to read and write object
o
1
between
12/12/2002
and
19/12/2002
, as, during that period,
In this case,
M
M
believes Bob to
be a user with a status level
l
1
. However, as of
20/12/2002
,
M
revises its beliefs
3
The mediating agent is reactive and rational.