dynamic right). Now that the basic authorization rules are understood, it is important to consider the resources which are accessible. They can be of various forms, from documents to specific actions. As far as documents are concerns, some persons may be authorized to read, write, a document, while others are authorized to sign. For actions, some may be able to start them, or stop them, and others may be authorized to carry them. All of this, of course, may be done within specified limits. It can be a time limit, or a number of times, or a period, for example. So as we see, there are many rights that can be set by policy and that are the object of authorization mechanisms. In fact, there is also yet another level, which is the authorization to change the policy itself, yet another level of details using in fact the same authorization mechanisms, but taking as the resource affected the actual policy framework.

Finally, the last leg of access mechanisms is accounting, in a broad sense. Not only are we concerned about particular prices that can be associated with each authorization level and activity, but also about the practices of logging entries, keeping history, and more generally, providing mechanisms to trace, value, and record authorization activities.

Now, the examples we have given were mostly associated with a person accessing a computer, with the computer performing authentication, authorization and accounting. Actually, the mechanisms are exactly the same for a computer accessing a computer. While the computer is not requested to provide biometric iris scans at this point, it has to provide the proof of its identity just like humans do. It’s just that this identity is established by different institutions than for humans. All computers in the world access the network through a network card. And every network card in the world has a number associated with it at manufacture, a unique number called a MAC address (MAC stands for Media Access Control), delivered by the famous Institute of Electrical and Electronics Engineers (IEEE). Here again, we have a trusted institution providing identity to an entity, in this case a computer. However, at this time, there is no mechanism to formally assure that the MAC address given is a bona fide number by questioning the IEEE, just like we described it earlier for human identity. So computer authentication at that level cannot really be trusted, and in fact, secure applications are cognizant of that and use multiple means of authentication to not be dependant on that one alone.

As we said, computers and humans go through the same access mechanisms. This is not surprising, because humans are not directly connected to computers (with some rare exceptions), so they are actually accessing computers via devices and systems that are themselves computer parts or full-computers. So in the end, it’s all computers talking to each other, albeit with some representing humans, and some representing just themselves.

Content model

As we mentioned earlier, we don’t know of an existing, widely accepted, encompassing content model theory, so we’ve attempted to deal with the pieces that exist, and tried to put them together into a coherent whole. If that constitutes an acceptable content theory, then here we have it. Otherwise, we’ll have to wait until either we discover that one exists but that we are not aware of it, or some academic constituency will build around the project of writing a better one than ours. Now, whereas in our earlier discussion we had to elaborate a classification of content based on our understanding of the subject from our observation of social practices, here we are going to complement our earlier work by looking at it from an easier perspective, that of the computer. What makes the perspective easier is that with the computer, we can reverse engineer every piece

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)