Multilayer authorization model and analysis of authorization methods

Abstract

There are various methods proposed in the literature to provide authorization control in workows and in-formation systems. Authorization implementations have deficiencies based on procedural scope. Basic login mechanisms grant system-wide access; the provided margins are broad. Access control lists provide limited definition on access restrictions; the authorization is bounded by these definitions. Role based authorizations do not cover regulations in institutions where the regulations describe specific operations and their operational procedures in institutional work-ows. The proposed multilayer authorization model depicts the attributes of authorization mechanisms and analyzes the methods according to their authorization capabilities and contributions to the reliability of documents in the workow. The layered structure provides comparative and integrated analysis of the authorization mechanisms. The incremental authorization structure would be a guide for implementations in that each layer presents the scope of authorization by providing analysis on deficiencies and the methods of solution. An institutional authorization mechanism on documents is also proposed. The proposed mechanism suggests and implements an authorization mechanism to enclose authorization restrictions in institutional regulations. © TÜBITAK.