New technologies for Authority Based Access Control

Posted by K Krasnow Waterman on Sun, May 20, 2007 @ 09:05 AM
Traditionally, if someone wanted to restrict access to a computer system,  the first line of defense was a list of authorized users...a list of people, by name.  These systems generally relied on one central administrator to keep track and keep up.  Not surprisingly, in any system with more than a few users, it was hard to keep up with who should and who shouldn't have access.  System administrators had to rely on others to keep them informed when people quit a job or left a group.  There have certainly been occasions when fired employees continue to have access to the systems of their former employers for at least some time.  At the personal or small group level, the name registry sort of security has just been too hard for most and we end up either posting things to the entire internet (like this blog), or not posting things that we might worry about people using inappropriately (like pictures of small kids).   Today, many of us are tackling ways to grant and deny access to information without making and maintaining lists of authorized persons. 

One method is to allow access based upon "attributes."  Instead of trying to identify people by name, we say what kind of people we want to let in.  We might focus on what sort of job they have (anyone in sales can have access) or what their relationship is to us (anyone who is a member of this museum, but not anyone who is an affiliate of a member).  In more complex systems, we can allow for multiple attributes (employees, in the sales department, who work in the western region).  In order for this to be successful, we still must have access to information about the people who will seek access (the employee roster, the membership list).  This model allows for limited decentralization; we can get the attributes from a number of systems that centralize each attribute. In an environment like the government, this could be successful, because the government can mandate a relatively high level of structure and consistency.

Another method is to give people "permissions."  In the physical world, when we want to give someone access to our home or office, we give them a key.  If we trust them, we may give them a key that they can copy (my housekeeper had the set she carried plus the set she made as a back-up at home; my mother-in-law makes a copy for my brother-in-law); if we trust them less, or have more to secure, we give them a key that cannot be copied without special permission or special equipment.  In the virtual world, we can give someone a bit of code that works much the same way.  With software, though, we can create more permutations of the key.  It might only work during certain hours, only work for a certain number of times, or only be shareable with people with a particular type of userID, say a company webname.  This is a distributed trust model; it lets us trust people who have access to our information to make decisions about whether other people should have access. 

Both of these models assume that each system has its own structure and that information presented must be structured in a manner expected by a system.   On the web, we can expand capability even more.  Imagine carrying "keys" that describe all the different aspects of who you are and the verifications of those facts by others.  For example, you have a "key" that says "I'm the den mother of the Girl Scout troop #4566" and a verification from the regional Scouting office.  When you approach a Girl Scout website with that key, the site can calculate and give you appropriate access, say to the phone numbers of the parents of your troop, but not the parents of the troop in the next town. 

Using semantic web technologies, there is work underway to go one step better.  In the prior example, the Girl Scout website could anticipate that you would be coming.  What about the larger world, where you want to go new places, where the people don't know you at all? Say as den mother, you want to get the phone numbers of the troop leaders for other children's groups in the region: Boy Scouts, Campfire Girls, etc.  Or, your girls are doing a project on Korea and you want to get email addresses for girls in a troop there, so that your girls can write and ask them questions.  You could approach these different sites and each would look at your Den Mother key and decide if, according to their own rules, you can have the information you're seeking.  The benefit of the semantic web technologies is that it lets you present your credentials to systems that didn't know or expect you.  This works by including some information with your keys that explains how your keys are structured, how to read and understand them.  The tremendous advantage to this is that everyone doesn't have to use the same software or the same structure.  It can be adopted and used more readily because it doesn't require everyone with a system or everyone with keys to agree in advance how they will be built.  To be fair, it does require some minimal adherence to common principles much the way the internet works today.

One other exciting benefit of these movements in technology is the potential to improve privacy protection.  You could subdivide your virtual keyring.  So, personal facts (I'm Susie's brother; I'm Frank's friend) would not be revealed to a site for which you were seeking job-related access.  Nor would professional facts be shared with friends, volunteer associates, or commercial vendors.  This will be a significant improvement over the cookies that are passed to websites, because most people don't understand what information their computer is giving out or know how to find out.

Topics: technology innovation, technology for business managers