Decentralized administration for a temporal access control model

In this paper we present a temporal access control model that provides for decentralized administration of authorizations. Each access authorization, negative or positive, is associated with a time interval limiting its validity. When the interval expires, the authorization is automatically revoked. The model also permits the specification of rules, based on four different temporal operators, to derive additional authorizations from the presence or absence of other authorizations. Users creating objects can retain complete control over their objects or delegate other users the privilege of administering accesses on the objects. Delegation can also be selectively enforced with reference to specific access modes or time intervals. The resulting model provides a high degree of flexibility and allows to express several protection requirements which cannot be expressed in traditional access control models. (C) 1997 Elsevier Science Ltd.