The Gap: Assumption that Acess right = Retrievable data
The Gap: Assumption that Acess right = Retrievable data
- Access rights assume a certain partitioning of data
- Domain data are partioned accord to internal needs
- They only match in simple cases / artificial examples
database access &
authorization agent
source is rarely
perfectly
matched to all
access rights
customer
result
query
authentication
Gio Wiederhold TIHI Oct96 *
firewall