Research issues in authorization models for hypertext systems

Abstract

The proper characteristics of hypertext systems, such as absence of a schema, connections among the different "chunks" of information, and the possibility of navigating in the hypertext, make conventional authorization models inadequate for their protection. These characteristics on the one hand raise new protection requirements, thus making the problem of protection much harder; while on the other hand, they provide a flexibility in the specification of authorizations which is greater than in more structured data models. We are currently working on an authorization model for the protection of information in distributed hypertext systems. In this paper, we illustrate the new requirements that arise and discuss some of the issues we are currently investigating.