Safeguarding digital library contents and users: Document access control

Abstract

Digital library services must protect document owners, users, and themselves against misuses of their contents. IBM Research is working on a suite of technical tools which address various perceived risks to library quality. Which tools are useful depends on the circumstances in which a document collection is held. If many independent users need library update privileges, an access control tool is essential. This report sketches an access control method that mimics organizational practice by combining a subject tree with ad hoc role granting, that controls privileges for many operations independently, that treats privileged roles such as auditor and security officer like every other individual authorization, and that makes access control information part of ordinary objects. This Document Access Control Method (DACM) scales efficiently from very small to very large libraries, is functionally flexible, and can be built into a library or be implemented as an external reference monitor for any collection of information objects. A realization exists, performs well, and minimizes human administration needed. A single library can implement different policies for different document classes, such as mandatory access controls (MAC) for defense documents and discretionary access controls (DAC) for other documents.