Report Number: CS-TN-97-53
Institution: Stanford University, Department of Computer Science
Title: A Communication Agreement Framework of Access Control
Author: Roscheisen, Martin
Author: Winograd, Terry
Date: February 1997
Abstract: We introduce a framework of access control which shifts the emphasis from the participants to their relationship. The framework is based on a communication model in which participants negotiate the mutually agreed-upon boundary conditions of their relationship in compact "communication pacts," called "commpacts." Commpacts can be seen as a third fundamental type next to access-control lists (ACLs) and capabilities. We argue that in current networked environments characterized by multiple authorities and "trusted proxies," this model provides an encapsulation for interdependent authorization policies, which reduces the negotiation complexity of general (user- and content-dependent) distributed access control and provides a clear user-conceptual metaphor; it also generalizes work in electronic contracting and embeds naturally into the existing legal and institutional infrastructure. The framework is intended to provide a language enabling a social mechanism of coordinated expectation.