Negative Authorization

Negative Authorization

A system that compares a credit card number to a list of lost or stolen numbers. When a credit card is used, the transaction will not be approved if the number matches a number on the list.
References in periodicals archive ?
In the example, one would need to insert a positive authorization for the group employee and a negative authorization for tim.
In terms of the authorizations, Matt should have both the positive authorization for the select privilege on view [V.sub.1] and the negative authorization for the select privilege on view [V.sub.2].
Note that in some cases, users can express protection requirements where a negative authorization on a view v would be required, by defining a view complementary to v and specifying a positive authorization on it.
Analogously, triple (p,-,t> associated with node [s.sub.i] indicates that [s.sub.i] owns a negative authorization for p on t.
In this case the negative authorization should take precedence.
As a matter of fact, the negative authorization is not overridden, but it is applicable to the subject that, although allowed to access the view, will not be allowed to directly access the table itself.
Then, either the CSD algorithm returns FALSE or, at the end of the execution, the positive authorization appears at a level higher than that of the negative authorization for each time instant between [t.sub.min] and max-time.
Further effects are possible if the deleted rule allows the derivation of a negative authorization. In this case the deletion of the rule may also cause the insertion in [TAB.sub.EXT] of the positive authorizations, if any, that were invalidated by the presence of the negative authorization derivable from the rule.
Due to this deletion, now rule [R.sub.2] allows the derivation of authorization (technical-staff, report, write, +, Sam) for each Monday and Friday after 5/20/95, since in the interval [5/21/95, 9/30/95] authorization (technical-staff, report, write, +, Sam) is no longer invalidated by the removed negative authorization. Therefore, authorization (technical-staff, report, write, +, Sam), ({t [[equivalent].sub.7] (y + 1) y = 0, 4}, {5/21/95 [is less than or equal to] t [is less than or equal to] 9/30/95})] must be added to [TAB.sub.EXT].
Theorem 2 ensures that the level of a positive authorization is always greater than that of the corresponding negative authorization for the same instant (if that negative authorization is not in TAB, by Step 2, its corresponding valid() is in [H.sub.1]).
For the sake of simplicity, we suppose that [A.sub.m] is a negative authorization. The proof for positive authorizations is analogous.
Both providers and consumers can be expected to be more accepting of negative authorization decisions if the principles of continuous quality improvement are brought to bear on the authorization process.