A Framework for Flexible Access Control in Digital Library Systems

  • Indrajit Ray
  • Sudip Chakraborty
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


Traditional access control models are often found to be inadequate for digital libraries. This is because the user population for digital libraries is very dynamic and not completely known in advance. In addition, the objects stored in a digital library are characterized by fine-grained behavioral interfaces and highly-contextualized access restrictions that require a user’s access privileges to be updated dynamically. These motivate us to propose a trust-based authorization model for digital libraries. Access privileges can be associated with both objects and content classes. Trust levels associated with these specify the minimum acceptable level of trust needed of a user to allow access to the objects. We use a vector trust model to calculate the system’s trust about a user. The model uses a number of different types of information about a user, for example, prior usage history, credentials, recommendations etc., to calculate the trust level in a dynamic manner and thus achieve a fine-grained access control.


Access Control Digital Library Trust Relationship Trust Level Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bertino, E., Ferrari, E., Perego, A.: Max: An access control system for digital libraries and the web. In: Proceedings of the 26th IEEE International Computer Software and Applications Conference, Oxford, UK (2002)Google Scholar
  2. 2.
    Gladney, H.M.: Access Control for Large Collections. ACM Transactions on Information Systems 15(2), 154–194 (1997)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA (1996)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Ioannidia, J.: The KeyNote Trust Management System Version 2. Internet Society, Network Working Group. RFC 2704 (1999)Google Scholar
  5. 5.
    Li, N., Mitchell, J.: Datalog with Constraints: A Foundation for Trust-management Languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Winslett, M., Ching, N., Jones, V., Slepchin, I.: Assuring security and privacy for digital library transactions on the Web: client and server security policies. In: Proceedings of the IEEE International Forum on Research and Technology Advances in Digital Libraries, Washington, DC, USA, pp. 140–151 (1997)Google Scholar
  7. 7.
    Skogsrud, H., Benatallah, B., Casati, F.: A Trust Negotiation System for Digital Library Web Services. Journal of Digital Libraries, Special Issue on Security 4(3) (2004)Google Scholar
  8. 8.
    Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.: Adaptive Trust Negotiation and Access Control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (2005)Google Scholar
  9. 9.
    Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A Content-Based Authorization Model for Digital Libraries. IEEE Transactions on Knowledge and Data Engineering 14(2), 296–315 (2002)CrossRefGoogle Scholar
  10. 10.
    Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Proceedings of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, pp. 134–143. ACM Press, New York (2000)Google Scholar
  11. 11.
    Ray, I., Chakraborty, S.: A Vector Model of Trust for Developing Trustworthy Systems. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 260–275. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Ray, I., Chakraborty, S., Ray, I.: VTrust: A Trust Management System Based on a Vector Model of Trust. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 91–105. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Indrajit Ray
    • 1
  • Sudip Chakraborty
    • 1
  1. 1.Colorado State UniversityFort CollinsUSA

Personalised recommendations