Browse Prior Art Database

Reference Monitor - Creating an Application-Dependent Access Control Identity

IP.com Disclosure Number: IPCOM000100109D
Original Publication Date: 1990-Mar-01
Included in the Prior Art Database: 2005-Mar-15
Document File: 2 page(s) / 66K

Publishing Venue

IBM

Related People

Janis, FL: AUTHOR

Abstract

This article describes a feature that relates to Reference Monitor Services. The Reference Monitor Service concept is designed to provide access control for applications and objects within the application. Access control is where users or subjects are limited in the actions they may perform upon resources or objects. A Reference Monitor is defined as the program or service where access control decisions are made and access control information is kept. This concept allows the decision-making process and information to be kept in one location for a host which can be used by all applications or services within the host. The information may be interchanged to other applications and services located in other hosts.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Reference Monitor - Creating an Application-Dependent Access Control Identity

       This article describes a feature that relates to
Reference Monitor Services. The Reference Monitor Service concept is
designed to provide access control for applications and objects
within the application.  Access control is where users or subjects
are limited in the actions they may perform upon resources or
objects. A Reference Monitor is defined as the program or service
where access control decisions are made and access control
information is kept. This concept allows the decision-making process
and information to be kept in one location for a host which can be
used by all applications or services within the host. The information
may be interchanged to other applications and services located in
other hosts.

      The functionality of the Reference Monitor Services is built in
three ways. First, there are the basic blocks of access control
information, called profiles. Second, there is the basic form of
interchange, commands and their operands. Third, there are the
functions that can be accomplished as the different types of profiles
interact, and the commands to be used to create and destroy
relationships between profiles.

      The DIA Reference Monitor Services allows the CONNECT command
to create an effective access control identity for a User. This
effective access control identity can be application specific. The
identity is established for the User within one application, and
within other applications the User can ha...