Browse Prior Art Database

Reference Monitor - Ending Group Membership

IP.com Disclosure Number: IPCOM000100101D
Original Publication Date: 1990-Mar-01
Included in the Prior Art Database: 2005-Mar-15
Document File: 1 page(s) / 47K

Publishing Venue

IBM

Related People

Janis, FL: AUTHOR

Abstract

This article describes a feature that relates to Reference Monitor Services. The Reference Monitor Service concept is designed to provide access control for applications and objects within the application. Access control is where users or subjects are limited in the actions they may perform upon resources or objects. A Reference Monitor is defined as the program or service where access control decisions are made and access control information is kept. This concept allows the decision making process and information to be kept in one location for a host which can be used by all applications or services within the host. The information may be interchanged to other applications and services located in other hosts.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 68% of the total text.

Reference Monitor - Ending Group Membership

       This article describes a feature that relates to
Reference Monitor Services. The Reference Monitor Service concept is
designed to provide access control for applications and objects
within the application.  Access control is where users or subjects
are limited in the actions they may perform upon resources or
objects. A Reference Monitor is defined as the program or service
where access control decisions are made and access control
information is kept. This concept allows the decision making process
and information to be kept in one location for a host which can be
used by all applications or services within the host. The information
may be interchanged to other applications and services located in
other hosts.

      The functionality of the Reference Monitor Services is built in
three ways. First, there are the basic blocks of access control
information, called profiles. Second, there is the basic form of
interchange, commands and their operands. Third, there are the
functions that can be accomplished as the different types of profiles
interact, and the commands to be used to create and destroy
relationships between profiles.

      The DIA Reference Monitor Services allows the REVOKE command to
destroy a member relationship between a user and a group, by
specifying the User Profile as the PROFILE-ID or Source Profile and
the Group Profile as the TO-PROFILE-ID or Target Profile. This
command allows the User...