Policies are widely used in many systems and applications. Recently, it has been recognized that a "yes/no" response to every scenario is just not enough for many modern...
Claudio Bettini, Sushil Jajodia, Xiaoyang Sean Wan...
Traditional security policies largely focus on access control requirements, which specify who can access what under what circumstances. Besides access control requirements, the av...
—Policy definition is an important component of the consistent authorisation service infrastructure that could be effectively integrated with the general resource provisioning wo...
Access control is concerned with granting access to sensitive data based on conditions that relate to the past or present, so-called provisions. Expressing requirements from the do...
Manuel Hilty, David A. Basin, Alexander Pretschner
Many authorization system models include some notion of obligation. Little attention has been given to user obligations that depend on and affect authorizations. However, to be u...
Murillo Pontual, Omar Chowdhury, William H. Winsbo...