Browse Prior Art Database

Extensible Access Control List Mechanism

IP.com Disclosure Number: IPCOM000122572D
Original Publication Date: 1991-Dec-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 4 page(s) / 171K

Publishing Venue

IBM

Related People

Camillone, NA: AUTHOR [+3]

Abstract

Disclosed is a design for Access Control Lists which allows for full extensibility in terms of the access control criteria and great generality in terms of expressing these criteria. This design allows for full user compatibility with the existing Discretionary Access Control (DAC) mechanism on the system.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 32% of the total text.

Extensible Access Control List Mechanism

      Disclosed is a design for Access Control Lists which
allows for full extensibility in terms of the access control criteria
and great generality in terms of expressing these criteria. This
design allows for full user compatibility with the existing
Discretionary Access Control (DAC) mechanism on the system.

      Access Control Lists (ACLs) are used to implement DAC policies.
DAC policies (also termed informal need-to-know policies) allow an
authorized user to grant or deny access to some system resource based
upon specified criteria. In many computer systems, these criteria are
limited to some form of user or group identifier. The mechanism
disclosed permits ready extensibility to other forms of identifiers.

      A key requirement in the addition of ACLs to a UNIX* system is
compatibility with the existing DAC mechanism - permission bits. The
standard permission bits allow a user to define separate access
permissions for the owner of the file, an associated group and for
all other users. These access permissions may separately grant or
deny read, write and execute access for the information object and
are processed using a ternary algorithm:
         - if the effective user ID of a process matches the user ID
of the owner of the object, then the process receives the access
permissions defined for the owner.
         - else if the effective group ID or one of the concurrent
groups of the process matches the group ID of the object, then the
process receives the access permissions defined for that group.
         - otherwise the process receives the access permissions de
fined for all other users.

      A typical Access Control List for a UNIX system consists of an
ordered list of entries. Each entry is tagged as being a user or
group entry, and the user entries precede the group entries. The
final entry in the list is the default entry. To determine access
rights for a process, the ACL is searched for until an entry matches,
and then the process receives the access rights associated with that
entry. If no entry matches, then the process receives the default
access rights.

      There are two problems associated with this form of ACL. First,
because it uses an ordered, first match algorithm, only one entry may
apply to each process. While this is not a problem with ACLs which
contain only user or group identifiers (which order naturally),
adding other types of identifiers (time, location, project) makes
such an Access Control List scheme confusing to users. If a user
wishes to grant read and write access to a project and read access to
a group, a user who is in both the project and the group may not
receive the write access, depending on how the entries in the ACL are
ordered by the user.

      The second problem with this form of ACL is that each entry may
contain only one type of identifier. This makes it impossible to
express certain useful a...