Child pages
  • custodian_scenario

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Her father Bob is also happy as he knows that his daughter can communicate with her friends in a safe and secure way. He checks his Authorization Manager on a daily basis and composes access control policies if any requests are sent by his daughter's social networking application. Moreover, he audits all access requests and sees how Alice's friends access her pictures and video clips. He hasn't noticed any abuses and is confident in whatever her daughter does. After all, he's fully responsible for her privacy and security and he puts much effort into ensuring that his daughter stays safe and still enjoys the benefits of social networking on the Web.


The architecture for a User-Managed Access for the provided scenario is depicted below.


A user delegates access control functionality for his resources to a component that is managed by a different entity. Therefore, the user is only concerned with creating and submitting resources online. Another entity (custodian) is then responsible for defining access control rules for those resources.


The following scenario shows how a user can delegate access control functionality to a different user. In this case, an owner of a resource decides that a different entity (a custodian) will be responsible for security of their resources. A user is only concerned with producing and submitting content on the Web and a custodian is responsible for ensuring that such content is protected. It is up to the custodian what access control rules will be applied to resources. An Authorization Manager in such setting can be viewed as an access control module externalized from a Web application that is simply under control of a different entity.