Contractual Access Control

  • Babak Sadighi Firozabadi
  • Marek Sergot
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2845)


In this position paper we discuss the issue of enforcing access policies in distributed environments where there is no central system designer/administrator, and consequently no guarantee that policies will be properly implemented by all components of the system. We argue that existing access control models, which are based on the concepts of permission and prohibition, need to be extended with the concept of entitlement. Entitlement to access a resource means not only that the access is permitted but also that the controller of the resource is obliged to grant the access when it is requested. An obligation to grant the access however does not guarantee that it will be granted: agents are capable of violating their obligations. In the proposed approach we discuss a Community Regulation Server that not only reasons about access permissions and obligations, but also updates the normative state of a community according to the contractual performance of its interacting agents.


Access Control Local Policy Virtual Community Resource Provider Virtual Organisation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bandmann, O., Dam, M., Firozabadi, B.S.: Constrained Delegations. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 131–140 (2002)Google Scholar
  2. 2.
    Sadighi Firozabadi, B., Sergot, M., Bandmann, O.: Using Authority Certificates to Create Management Structures. In: Proceedings of the 9th International Workshop on Security Protocols, Cambridge, UK (April 2001) (to appear)Google Scholar
  3. 3.
    Firozabadi, B.S., Sergot, M.: Revocation Schemes for Delegated Authorities. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, Monterey, California, USA, June 2002, pp. 210–213. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar
  4. 4.
    Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the grid: An open grid services architecture for distributed systems integration (January 2002),
  5. 5.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid – Enabling Scalable Virtual Organisations. International Journal of Supercomputer Applications 15(3) (2001)Google Scholar
  6. 6.
    Pearlman, L., Welch, V., Foster, I., Kesselman, C.: A Community Authorisation Service for Group Collaboration. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks, Monterey, California, USA, June 2002, pp. 50–59. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Babak Sadighi Firozabadi
    • 1
  • Marek Sergot
    • 2
  1. 1.Swedish Institute of Computer Science (SICS) 
  2. 2.Imperial College of ScienceTechnology and Medicine 

Personalised recommendations