Specification of Access Rights

It must be possible to specify which principals or groups of principals are authorized for specific operations, as well as who is explicitly denied authorizations, therefore we define positive and negative access rights. All operations defined on the object are grouped by type of access to the object they represent, and named using a tag. For example, the following operations are defined for a file:

Token Type: pos_access_rights
Defining Authority: local_manager
Value: FILE:read,write,execute

However, in a bank application, an object might be a customer account, and the following set of operation might be defined:

Token Type: pos_access_rights
Defining Authority: local_manager
Value: ACCOUNT:deposit,withdraw,transfer

Internally, a tagged bit vector represents access rights. Each bit in the vector corresponds to an access right. The tag indicates how the bits in the bit vector are to be interpreted. In the examples above, for the set of rights associated with the tag FILE the first bit should be interpreted as read, while for the set associated with tag ACCOUNT, the same bit should be interpreted as deposit.