Browse Prior Art Database

Transferable access control

IP.com Disclosure Number: IPCOM000015208D
Original Publication Date: 2002-Jan-03
Included in the Prior Art Database: 2003-Jun-20
Document File: 1 page(s) / 33K

Publishing Venue

IBM

Abstract

In an environment where a system has access control lists (=ACL), groupware, database, file server, and so on, only an administrator and/or a data owner can change ACL. Therefore, when the user who is admitted to access certain data is transferred to other department, he/she requests an administrator and/or a data owner to change ACL. In this case, both the user and administrator are inconvenient. But if the system allows such user to change ACL, it becomes under much lower security control.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 100% of the total text.

Page 1 of 1

Transferable access control

  In an environment where a system has access control lists (=ACL), groupware, database, file server, and so on, only an administrator and/or a data owner can change ACL. Therefore, when the user who is admitted to access certain data is transferred to other department, he/she requests an administrator and/or a data owner to change ACL. In this case, both the user and administrator are inconvenient. But if the system allows such user to change ACL, it becomes under much lower security control.

In this invention, new function is added to the system, for transferring access control. In other words, the user can give another user his/her own right to access the data and such previously authorized user loses the right at the same time. In this regard, the invention's "transferring" function is different from the operation of "copying" the right to access. If this function is implemented, the administrator and/or data owner can delegate a part of the right to change ACL to the user. This function is hopefully implemented in base system, because ACL is important data in terms of security. Thus, transferring permission events are stored as logged data, if necessary.

1