The n-grid model for group authorization and access control extends the NTree representation of two-dimensional partial orders and incorporates the implicit authorizations of the MCC model. The n-grid is a representation of multi-dimensional partial orders, permitting the inclusion of relationships among user (subject) groups, object groups, and access-right groups. Each (unique) element in an authorization class is represented as a vector, facilitating efficient implementation. The model contains two parts: the access control part for mapping implicit authorizations onto an n-grid, and the propagation part for restricting a user's membership to a single subject group.
展开▼