Distributed Authorization Model
Original Publication Date: 1986-Nov-01
Included in the Prior Art Database: 2005-Mar-09
A mechanism is provided for a computer system that can contain multiple data storage and execution sites (DASD and CPUs) while allowing data to be efficiently removed or relocated within the system (possibly on removal media such as a disk pack). The mechanism assumes that authorization data is stored on the same storage medium as the associated entity. An entity is any symbolically named piece of storage. When the entity is accessed during execution, the authorization data can be retrieved from the same medium. In the case of a distributed system, the request to access the data may be remote to the execution site so that the request is made by locating the entity, passing the user's identity to the remote site; authorization is checked and the entity accessed in that remote site.