| 摘要 |
A condition-based authorization model for data access is provided. According to the model, the owner of a securable software object, such as a file, folder, or process, may specify a security policy that includes an access condition for accessing the object. The access condition may be based on dynamic user or system state information having a value that is updatable while a user is logged on, such as system time or user location. When a later request is received from a user to perform an action on the object via an application programming interface of a computer operating system, a security subsystem of the computer operating system queries a system resource containing information suitable to evaluate the access condition, and determines whether the access condition is met. If the access condition is met, access by the user to the securable software object is permitted. Otherwise, access is denied.
|
