eg-allow/refuse is an access decision some-act is an action some-attr is a property of some-item ------------------------------------------------------------- CTO can eg-allow/refuse that-act based on that-attr of that-item some-senior-person is at the next level above some-intermediate-person that-senior-person can eg-allow/refuse some-action based on some-attribute of some-item that-senior-person delegates that-allow/refuse for that-action based on that-attribute of that-item -------------------------------------------------------------------------------------- that-intermediate-person can that-allow/refuse that-action based on that-attribute of that-item this-level delegates this-allow/refuse for this-act based on this-attribute of this-item ========================================================================================= CTO allow read security-level file CTO allow read date file CTO allow modify security-level file CTO refuse copy security-level file Administrator allow read security-level file Administrator refuse copy security-level file some-item is a file Administrator can allow read based on security-level of file that-item has security-level secret that-item has date some-date that-date is at least a year ago ------------------------------------------------------------- Administrator allows read on that-item some-item is a file Administrator can allow some-action based on security-level of file that-item has security-level unclassified -------------------------------------------------------------------- Administrator allows that-action on that-item some-act is an action some-attribute is a property of some-item some-level is a possible job-title not : that-level can allow that-act based on that-attribute of that-item not : that-level can refuse that-act based on that-attribute of that-item ------------------------------------------------------------------------- that-level cannot allow or refuse that-act based on that-attribute of that-item this-item has security-level this-value ========================================== memo unclassified salary-plan secret strategic-plan top-secret this-item has date this-value ============================= memo 20010504 salary-plan 20000601 strategic-plan 19991220 this-item is a file =================== memo salary-plan strategic-plan this-attribute is a property of this-item =========================================== security-level file date file this-position is a possible job-title ===================================== Clerk Administrator CTO this-allow/refuse is an access decision ======================================= allow refuse this-act is an action ====================== read modify execute copy this-senior-person is at the next level above this-person ====================================================== CTO Administrator Administrator Clerk the present date is some-year some-month some-day and the time is some-hr some-min some-sec that-month with leading zero if needed is some-0month that-day with leading zero if needed is some-0day that-year followed by that-0month = some-yearmonth that-yearmonth followed by that-0day = some-yearmonthday that-yearmonthday - some-date = some-difference that-difference is greater than or equal 10000 ---------------------------------------------- that-date is at least a year ago some-number consists of some-length symbols letters and digits that-length is greater than 1 ----------------------------------------------------- that-number with leading zero if needed is that-number some-number consists of 1 symbols letters and digits 0 followed by that-number = some-0number ----------------------------------------------------- that-number with leading zero if needed is that-0number