Title :
An authorization plan for commercial service systems
Author_Institution :
GTE Labs. Inc., Waltham, MA, USA
Abstract :
Commercial service systems should allow customers to control their service configurations. The challenge is to make this feature feasible in such a way that the system is easy to administer while ensuring the security of both customer´s service and the control system itself. Simple security mechanisms, such as access control lists used in general-purpose computer systems, are insufficient for administration control and authority delegation in commercial service systems. The author proposes a security policy called an `authorization policy´ suitable for administration and authorization controls. This security policy is enforced through a unified protection mechanism called an `access control hierarchy´. The application of this access control hierarchy is demonstrated by examples
Keywords :
security of data; service industries; access control hierarchy; access control lists; administration control; authority delegation; authorization plan; authorization policy; commercial service systems; customer controlled configurations; security mechanisms; service configurations; unified protection mechanism; Access control; Application software; Authorization; Computer security; Control systems; Data security; Permission; Personnel; Protection; Telephony;
Conference_Titel :
Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-8186-2105-2
DOI :
10.1109/CSAC.1990.143812
