An authorization plan for commercial service systems

摘要

Commercial service systems should allow customers to control their service configurations. The challenge is to make this feature feasible in such a way that the system is easy to administer while ensuring the security of both customer's service and the control system itself. Simple security mechanisms, such as access control lists used in general-purpose computer systems, are insufficient for administration control and authority delegation in commercial service systems. The author proposes a security policy called an 'authorization policy' suitable for administration and authorization controls. This security policy is enforced through a unified protection mechanism called an 'access control hierarchy'. The application of this access control hierarchy is demonstrated by examples.