Tuesday, January 17, 2006

Another view of context

Phil Windley posts a note today talking about what he calls "Algorithmic Authorizations", likening them to other formulaic methods of gauging or analyzing (such as credit scores). He says:

"In most authorization regimes, we conceive of a two-dimensional look-up tables that says whether a particular identity or role (one dimension) is allowed access to a particular resource (the second dimension). Building these two dimensional tables to completely specify authorizations for all the roles in a company, say, and all it’s resources is difficult and once done quickly out of date.

Being able to compute authorizations from the attributes associated with an identity would make this problem more tractable.
To me, this is just another way of looking at context-based authorization where the degree of authorization is computed at run-time based on the context of the person desiring access. By answering the questions Who, What, When, Where, How (and, where possible, Why) the system can compute varying degrees of access appropriate to the particular transaction.

I am not sure whether this is what Phil is trying to bring out. He is looking at the authorization as a statistical approach (which I think is more similar to existing ideas of network based learning system that use statistics to decide whether the specific user should be accessing the system) instead of policy based system (where you can have role or rule to describe the policy).
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]