1.
Introduction ^
2.
Previous and Related Work ^
3.
Structures in Civil Law ^
4.
Comparison ^
Civil law | Access control | Comment |
Legal person | Subject | Used for human user and for computer processes |
Agent | Process | Non-negotiated authorisation |
No agent | Trusted path | Rarely implemented |
Property | Object | Object in access control |
Ownership | Object owner | Defines access list in discretionary policies |
Obligation type | Access mode | Access mode in access control |
Entitlement | Capability | Access rights bound to a subject |
Standard business terms | Non-negotiated policy | Imposed by system owner/vendor |
Table 1: Comparison of terms
5.
Discussion ^
6.
References ^
Blakley, B. The emperor's old armor. In: Proceedings of the 1996 workshop on New security paradigms, NSPW '96, pp. 2-16 (1996).
Brox, H. Allgemeiner Teil des BGB (English: General part of the civil code). Heymanns, Köln, 25th edition (2001).
Dawson, E., Reid, J., Salim, F. Access Control. http://www.nisnet.no/filer/Finse11/Dawson-Authorisation_Course.pdf retrieved 2011-12-19 (2011).
Federal Ministry of Justice. German civil code (BGB). http://www.gesetze-im-internet.de/englisch_bgb/ retrieved 2011-12-19 (2010).
Gama, P., Ferreira, P. Obligation policies: An enforcement platform. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 203-212 (2005).
Irwin, K., Yu, T., Winsborough, W.H. On the modeling and analysis of obligations. In: Proceedings of the 13th ACM CCS, pp. 134-143 (2006).
Jakob, M., Pĕchouček, M., Miles, M., Luck, M. Case studies for contract-based systems. In: Proceedings of AAMAS '08: industrial track, pp. 55-62 (2008).
Krishna, P., Karlapalem, K., Dani, A. From contracts to e-contracts: Modeling and enactment. In: Information Technology and Management, Issue 6, pp. 363-387 (2005).
Lampson, B.W. Protection. In: Proc. Fifth Princeton Symposium on Information Sciences and Systems, Princeton University, March 1971, pp. 437-443, reprinted in: SIGOPS Oper. Syst. Rev., Issue 8, pp. 18-24 (1974).
Le Métayer, D., Maarek, M., Tong, V. V. T., Mazza, E., Potet, M.-L., Craipeau, N., Frénot, S., and Hardouin, R. Liability in software engineering: overview of the LISE approach and illustration on a case study. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, pp. 135-144 (2010).
Linington, P.F., Neal, S. Using policies in the checking of business to business contracts. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 207-218 (2003).
People's Republic of China. Contract Law of the People's Republic of China. http://www.fdi.gov.cn/pub/FDI_EN/Laws/law_en_info.jsp?docid=50943 retrieved 2011-12-19 (1999).
Povey, D. Optimistic security: a new access control paradigm. In: Proceedings of the 1999 workshop on New security paradigms, NSPW '99, pp. 40-45 (2000).
Röscheisen, M., Winograd, T. A communication agreement framework for access/action control. In: IEEE Symposium on Sec. and Priv., pp. 154-163 (1996).
Sandhu, R. Access control: The neglected frontier. In: First Australasian Conference on Information Security and Privacy, Springer, pp. 23-26 (1996).
Seestani, A. Islamic Laws according to the Fatawa of Ayatullah al Uzama Syed Ali Al-Husaini Seestani. http://www.al-islam.org/laws/ retrieved 2011-12-19.
Stieghahn, M., Engel, T. Law-aware access control: about modeling context and transforming legislation. In: Proceedings of JSAI-isAI'09, pp. 73-86 (2010).
The Napoleon Series. The Civil Code Index. http://www.napoleon-series.org/research/government/c_code.html retrieved 2011-12-19 (1995).
Ungureanu, V. Using certified policies to regulate e-commerce transactions. In: ACM Trans. Internet Technol., Issue 5, pp. 129-153 (2005).
University of Saarbrücken, Roman Law branch of the Law-related Internet Project. http://archiv.jura.uni-saarland.de/Rechtsgeschichte/Ius.Romanum/english.html retrieved 2011-12-19 (undated).
Wesel, U., Fast alles, was Recht ist. Eichborn (1991).