Multi-party access control - 10 years of successes and lessons learned

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As end-users have been asked to take on management tasks for their content and online resources, access control mechanisms have played an increasingly important role in a broad range of applications. These include data management for personalized medicine, content sharing sites, online communities, and technologies for remote collaborative work To face the need of these emerging user-centered domains, an increasing body of work has recognized the importance of new multi-user (or more generally, stakeholder) access control mechanisms for multiple users. The emphasis on group-centered access control has led to a shift from the traditional approach taken in the access control community for two main reasons. First, the access control community had long investigated models and techniques to facilitate single subjects' access to resources according to well-defined locally-enforceable policies, with little attention given to group-driven access control decisions. Second, the underlying goal had been to maintain confidentiality rather than facilitate controlled sharing. As such, the decisions offered by these early mechanisms are single-user driven and often binary and based on inflexible policies. In the past ten years, researchers have investigated and proposed a variety of multiparty access control mechanisms, and defined rigorous models for content management among multiple users, also developing mechanisms for various applications \citesuch2016resolving,fogues2017sharing,hu2014,hu2011multi,rajtmajer2016constrained,SuchC18,kairam2012talking,patil2012. Some tools for practical applications have also been developed. However, we have also assisted to several "failures" where promising approaches have not gained traction, either among the research community or (even less) the applied world. In this talk I will first discuss unique needs and challenges with addressing access control for multi-owned content, and provide a perspective from various applications. Next, I will summarize main successes and failures of existing approaches, identify open research challenges for future research opportunities in this space.

Original languageEnglish (US)
Title of host publicationSACMAT 2020 - Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages189-190
Number of pages2
ISBN (Electronic)9781450375689
DOIs
StatePublished - Jun 10 2020
Event25th ACM Symposium on Access Control Models and Technologies, SACMAT 2020 - Barcelona, Spain
Duration: Jun 10 2020Jun 12 2020

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference25th ACM Symposium on Access Control Models and Technologies, SACMAT 2020
CountrySpain
CityBarcelona
Period6/10/206/12/20

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'Multi-party access control - 10 years of successes and lessons learned'. Together they form a unique fingerprint.

Cite this