In a computing environment, such as a network environment, users identify themselves to a security agent of the computing system using a number of different techniques including, but not limited to, user ids, passwords, and digital certificates. This identifying information is then employed during authentication and authorization processing of the user to determine whether to grant or deny access to a system asset, such as a system resource or data object. This determination is a binary action based on the credentials presented. That is, access to computer system assets is conventionally prohibited when the requesting user is not authorized to access the asset. For example, an NFS server and an HTTP server each typically provide binary access control of data, i.e., deterministic access. In certain computing environments, this deterministic approach unnecessarily restricts work and information flow.
Therefore, enhanced data access authorization processing providing an indeterministic response to a request for authorization made by an authenticated user in a computing environment is believed advantageous.