On Generalized Authorization Problems

This paper defines a framework in which one can formalize a variety of authorization and policy issues that arise in access control of shared computing resources. Instantiations of the framework address such issues as privacy, recency, validity, and trust. The paper presents an efficient algorithm for solving all authorization problems in the framework; this approach yields new algorithms for a number of specific authorization problems. The main issues in access control of shared computing resources are authentication, authorization and enforcement. Identification of principals is handled by authentication. Authorization addresses the following question: should a request r by a specific principal K be allowed? Enforcement addresses the problem of implementing the authorization during an execution.