View article

Pre-obligations denote actions which may be required before access is granted. The successful fulfillment of pre-obligations authorizes the requested access. Thus, preobligations induce interactions between the obligation and authorization policy states. This paper studies these interactionsby formalizing the evolution of the authorization and obligation states when pre-obligations are supported. The main advantage of the presented approach is that pre-obligations are given both declarative semantics based on predicate logic and operational semantics based on Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either(1) statically (an access request is denied if the pre-obligation has not been fulfilled); (2) or dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before …