Policies: Object-Centric

• Placing trust in objects (or keys)

• Typically, protect resources with keys

  • Hand out the combination to a vault
  • Secret-sharing can require multiple cooperating keyholders (e.g. a safe-deposit box)

• Optionally compartmentalize access

  • Different interfaces have different keys
  • Deposit and Withdraw handles in MS COM-speak

    • Possession of the right pointer limits the visible functions
    • Useful when there are fewer objects than users or actions

Previous slide

Next slide

Back to first slide

View graphic version