Delegation of obligations

Obligation policies are one main means of exercising control within an organisation. They specify the actions that some subject has to perform. The authority over these actions needs to be specified in authorisation policies. Current policy notations provide us with the needed structure to represent authorisations and obligations as policy objects for distributed systems management. They support the delegation of authorisations but not of obligations, yet there is a strong relationship between the two policy types, and the delegation of obligations needs to be supported as well, requiring the introduction of a new type of policy which we call a "review". This paper investigates the general principles underlying the delegation of policy objects, putting specific emphasis on the delegation of obligations. The Alloy specification language is used to specify and illustrate these principles. The main issues that are discussed are: the balance between authorisation and obligation policies; the source of obligations and reasons for their delegation; and the need for review policies to help control the delegation of obligations.

[1]  John Dobson,et al.  New security paradigms: what other concepts do we need as well? , 1993, NSPW '92-93.

[2]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[3]  Michael Butler,et al.  Combining B and Alloy , 2001 .

[4]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[5]  Morris Sloman,et al.  Policy Conflict Analysis in Distributed System Management , 1994 .

[6]  Jonathan P. Bowen,et al.  ZB 2002:Formal Specification and Development in Z and B , 2002, Lecture Notes in Computer Science.

[7]  Gill Christy,et al.  Management and Organisational Behaviour , 1985 .

[8]  John Derrick,et al.  Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification , 2001, POLICY.

[9]  Michael J. Butler,et al.  An Approach to Combining B and Alloy , 2002, ZB.

[10]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[11]  Manu Sridharan,et al.  A micromodularity mechanism , 2001, ESEC/FSE-9.

[12]  John E. Dobson,et al.  A framework for expressing models of security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[13]  Daniel Jackson,et al.  Alcoa: the Alloy constraint analyzer , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[14]  Morris Sloman,et al.  The source of authority for commercial access control , 1988, Computer.

[15]  Emil C. Lupu,et al.  Ponder: A Language for Specifying Security and Management Policies for Distributed Systems , 2000 .

[16]  Daniel Jackson,et al.  Micromodels of software: lightweight modelling and analysis with Alloy , 2002 .

[17]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[18]  L. Urwick Notes on the theory of organization , 1952 .