Information Technology Reference
In-Depth Information
obligations is true. The
UCON
preB
1
and
UCON
preB
3
add
preUpdate
(
AT T
(
s
)),
preUpdate
(
AT T
(
o
)) and
postUpdate
(
AT T
(
s
)),
postUpdate
(
AT T
(
o
)) procedu-
res respectively. The
preUpdate
procedure could be used to mark a subject
as registered so the contact information is requested only the first time the
subject attempts to access a white paper. The
postUpdate
procedure could be
used to monitor total usage of a resource by a subject, e.g., to require periodic
rearmation of a license agreement.
UCON
onB
- Ongoing-Obligations Models
The
UCON
onB
models require obligations to be fulfilled while rights are exer-
cised. Ongoing-obligations may have to be fulfilled periodically or continuously.
For example, a user may have to click an advertisement at least every 30 minutes
or at every 20 Web pages. Alternatively, a user may have to leave an advertise-
ment window active all the time. Note that this concern is about when users have
to fulfill obligations, not about when the system actually checks the fulfillments.
Actual obligation verification intervals can vary and are not prescribed by the
model.
UCON
preC
- Pre-conditions Model
As described earlier, conditions define environmental and system restrictions on
usage. These are not directly related to subjects and objects.
Definition 5.
The
UCON
preC
0
model has the following components:
-
S, O, R, AT T
(
S
)
,
and
AT T
(
O
) are not changed from
UCON
preA
;
-
preCON
(a set of pre-conditions elements);
preConChecked
:
preCON
→{
true, false
}
;
2
preCON
;
-
getP reCON
:
S
×
O
×
R
→
(
s, o, r
)=
preCon
i
∈getPreCON
(
s,o,r
)
preConChecked
(
preCon
i
)
-
pre
C
-
allowed
(
s, o, r
)
⇒
pre
C
(
s, o, r
).
Unlike other ABC models, condition models cannot have update procedures.
Checking the time-of-day before access is allowed is an example of
UCON
preC
0
.
Checking the location of the client in cyberspace is another example.
UCON
onC
- Ongoing-conditions Model
Enforcement of conditions while rights are in active use is supported by the
UCON
onC
model by means of the
on
C
predicate. For example, if the system
status changes to 'emergency mode' access by certain kinds of users may be
terminated. Likewise if the system load exceeds a specified value access may be
aborted.