Journal of Information Processing
Online ISSN : 1882-6652
ISSN-L : 1882-6652
Authorization by Documents
Hiroyuki Sato
Author information

2017 Volume 25 Pages 766-774


These days, ICT service environments have dramatically changed in their complexity. Accordingly, related business logics for business processes such as provisioning, resource limit, conditional authorization and delegation have grown in its complexity. In this paper, we generalize the idea of access tokens of OAuth, and propose “authorization by documents.” In our model, a user submits a document as evidence of privilege claim, and a server verifies the document to prove the appropriateness of the user's privilege. A document can be complicated, reflecting some business flow in an institution. If the process and result of business flow are expressed by using documents, the evidence as documents can reflect arbitrarily complex business flow. For this purpose, we formalize documents, and define document tree logic (DTL) as a variant of CTL* to express the policies associated with documents. Typical business processes including request and approval, delegation, and approval by document circular are expressed in DTL, and verified by using documents as evidence.

Information related to the author
© 2017 by the Information Processing Society of Japan
Previous article Next article