Formalization and Management of Group Obligations

The specification of abstract security policies which indirectly apply to system entities (like subjects and objects) through group relations (like roles or domains) has been shown to simplify policy specification, interpretation and analysis. In this paper, we show how the abstraction of subjects, actions and objects in obligation policies using group relations can enhance the expressiveness of obligation policy languages. More precisely, we introduce the notion of group contexts through which the policy designer can choose different interpretations for group relations in obligation security rules enabling him or her to specify obligations representing shared responsibilities such as "All patients must be checked by a doctor" or obligations expressing sets of alternative actions such as "Every customer should pay either in cash or by check". Management and monitoring requirements of such obligations called group obligations are studied and formalized.