An access control mechanism for large scale data dissemination systems

Automatic data dissemination systems are becoming increasingly relevant in internet-based information systems. In such systems, users subscribe to the dissemination service by providing interest profiles. These profiles are then used to determine which information should be delivered to which users, whenever new information is entered into the system. A main shortcoming of existing dissemination systems is the lack of any access control mechanisms, enabling selective information dissemination based for example on security or other regulatory policies. In this paper, we present an access control model suitable for dissemination systems. The model is based on user profiles containing both user interests and user credentials (i.e., a set of attributes characterizing users for access control purposes). information is then filtered before being delivered to users on the basis of both the user interests and credentials. To make authorization manageable when dealing with very large information systems, our model supports authorization domains, that allow one to group together information objects to which the same access control policies apply. Finally, in addition to formally defining our model and developing the related access control algorithm, we outline an implementation strategy.