Re: HRAC conference call 6/30/98: minutes

[barkley@sdct-sunsrv1.ncsl.nist.gov (John Barkley)]

<3. Submission text maintenance
<Contributed text should be in ASCII, pictures in PDF. Bob Blakley will have his
<secretary to maintain the text. Konstantin can volunteer his time for the text
<maintenance when his company buys PageMaker.

Isn't that Framemaker?
 
< - John Barkley raised the issue of extensible predicate language and referred
<to "DACM and its successors" (correct title?). There was a short discussion on
<how rich and extensible the language of access rules should be. No consensus
<was reached due to the fact that the discussion did not go into enough level of
<details. It was suggested to continue the discussion of the rule
<language/interface expressiveness in the next calls and e-mail exchanges.

The references are:

1. http://www.dlib.org/dlib/june97/ibm/06gladney.html
 
2. "Access Control for Large Collections", H. M. Gladney, IBM Almaden Research
	Center, ACM Transactions on Information Systems, 15, 2, April 1997, 
	pages 154-194. 

3. Gladney, H. M., 1994, "Condition Tests in Data Server Access Control",
	IBM Res. Rep. RJ 9244, IBM, San Jose, CA

These references provide a reality check on the state of the art in applying
predicates in access control in commercially viable systems. They are very 
implemenation oriented. (3) suggests that an access control mechanism
with extensible predicates can be commercially viable. (2) suggests
that content sensitive access control is still a research topic.

Discussion of extensibility and content sensitivity is in (2) Section 4.1
and the discussion sections of (3). In-depth description of the implementation
approach for extensible predicates is in (3). The less formal description in 
Section 2.3 of (3) summarizes the approach.

jb
----------------
Broadcast message to hrac-rfp from barkley@sdct-sunsrv1.ncsl.nist.gov (John Barkley).
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.