ITrust workshop Glasgow 2-4 Sep 2002

bullet1 1st breakout session: architectures

bullet2 Babak Sadhiki - SICS - Delegen s/w

Decentralized management of privileges, groups and roles

Based on calculus of privileges - Some taken from SULTAN/PONDER (?) earlier work

Constrained delegation, based on regexp

bullet3 Overrides

E.g. allow certain kinds of people to override normal access (e.g. may flag for later review)

Emil: Encodes additional obligation on the system to take additional actions