A Flexible and Distributed Architecture to Enforce Dynamic Access Control

Avoiding unauthorized access in an information system usually means enforcing access control mechanisms. Traditional access control only aims at deciding if an access can be granted or not. Dynamic access control goes further as it aims at controlling also if an ongoing access is still authorized while it is running. Rights Expression Languages, such as MPEG-REL, take into account dynamic aspects of access control policy. However, existing access control architectures are not adequate to enforce such dynamic access control. In this paper, we first explain what dynamic access control involves and why existing architectures are not appropriate. We then provide a flexible and distributed architecture where different components interact to enforce dynamic access control. Using temporal logic of actions, we specify the different interactions between components in the architecture and specify more precisely the component in charge of giving the decision. Finally, we discuss about technical and security issues about how the architecture can be implemented to enable Digital Rights Management (DRM) applications.