Abstract
In [1] we have presented our initial investigations into the delegation of obligations and the concept of review as one kind of organisational principle to control such delegation activities. However, this initial approach was too simplistic and failed to explain how a principal may be related to an obligation; how obligations relate to roles; and how the delegation of specific and general obligations may be controlled through the concepts of review and supervision. As a result, we presented a more detailed and refined analysis of organisational controls in the context of a formal framework [2]. This paper summarises some of our investigations.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Schaad, A. and J. Moffett. Delegation of Obligations. in 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002). 2002. Monterey
Schaad, A., A Framework for Organisational Control Principles, PhD Thesis, in Department of Computer Science. 2003, University of York.
Jackson, D. A Micromodularity Mechanism. in 8th Joint Software Engineering Conference. 2001. Vienna, Austria.
Schaad, A., J. Moffett, and J. Jacob. The access control system of a European bank-a case study. in 6th ACM SACMAT. 2001. Chantilly, VA, USA.
Schaad, A. and J. Moffett. Separation, Review and Supervision Controls in the Context of a Credit Application Process-A Case Study of Organisational Control Principles. in ACM Symposium of Applied Computing. 2004.
Damianou, N., et al. The Ponder Policy Specification Language. in Policies for Distributed Systems and Networks..: Springer Lecture Notes in Comp. Science, 2001.
Yao, W., K. Moody, and J. Bacon. A Model of OASIS Role-Based Access Control and its Support for Active Security. in 6th ACM Symposium on Access Control Models and Technologies. 2001. Chantilly, Virginia, USA.
Schaad, A. and J. Moffett. A Framework for Organisational Control Principles. in 18th Annual Computer Security Applications Conference. 2002. Las Vegas, Nevada, USA.
Sandhu, R., et al., Role-based access control model. IEEE Computer, 29(2), 1996.
Minsky, N. and V. Ungureanu, Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems. ACM TOSEM, 2000. 9(3).
Muller, J., Delegation and Management. British Journal of Administrative Management, 1981. 31(7): p. 218–224.
Moffett, J.D., Delegation of Authority Using Domain Based Access Rules, in Dept of Computing. 1990, Imperial College, University of London.
Mintzberg, H., The structuring of organizations, ed. E. Cliffs. 1979, NJ: Prentice-Hall.
Pugh, D., Organization Theory: Selected Readings. 4th ed. 1997: Penguin Books.
Zhang, L., G. Ahn, and C. B. A Rule-based Framework for Role-Based Delegation. in 6th ACM Symposium on Access Control Models and Technologies. 2001, USA.
Bertino, E., P. Samarati, and S. Jajodia, An Extended Authorization Model for Relational Databases. IEEE Trans. on Knowledge and Data Engineering, 1997. 9(1).
Hopwood, A., Accounting and Human Behaviour. 1974, London: Prentice Hall.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
Schaad, A. (2004). An Extended Analysis of Delegating Obligations. In: Farkas, C., Samarati, P. (eds) Research Directions in Data and Applications Security XVIII. IFIP International Federation for Information Processing, vol 144. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8128-6_4
Download citation
DOI: https://doi.org/10.1007/1-4020-8128-6_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8127-9
Online ISBN: 978-1-4020-8128-6
eBook Packages: Springer Book Archive