ARPA2 Common Libraries
2.6.2
|
Modules | |
Access Types | |
Access Functions | |
Access Control for Communication | |
Access Control for Documents | |
Access Control for Acting-on-behalf-of | |
Policy Rules for ARPA2 Access Control, Groups, ... | |
Our blog discusses much background in the Access Control series and in the Identity series.
We define an efficient mechanism to evaluate access rights, based on the identity of the requester and a description of what they are trying to use. The latter consists of an Access Domain, a general notion of well-known service that we call Access Type, and to specify this in more detail an Access Name which is a string with additional detail.
This is a minimal abstraction over a framework for Policy Rules that also serves Groups, and possibly more. Further specialisation for kinds of Access Control can subsequently be made for Commmunication, File Access, and so on; these would be specific forms of Access Type.
Access Types specify semantics: they define how Rules Flags are used as Access Rights; and how Rules Variables define Attributes for Access Control; and how Access Names are constructed. The semantics is implement these things in functions, so that a semantic upgrade is possible with new software.