Recently, access control techniques for controlling particular data and action on the basis of privilege data are increasingly becoming important. For example, access control of action possibility format is widely used.
An example of access control of action possibility format includes access control using privilege data on a document file as a security attribute. Privilege data on a document file assigned to a user is described as action possibility formats such as “viewing allowed” or “editing allowed”. Examples of this kind of privilege data are known to include access control matrix and access control list.
However, in the access control in the action possibility format, it is difficult to describe flexible access control contents such as conditions about an allowed access time or an allowed access location or detailed functional limitation.
Therefore, in recent years, not only the access control in the action possibility format but also access control in access control policy format is used. The access control policy is a set of access control rules, and standard description specifications are disclosed to the public. In the access control in the access control policy format, allowed conditions or detailed functional limitations can be described.
In the access control in the access control policy format, it is determined whether a file is allowed to be opened or not by evaluating an access control policy on the basis of attribute data about access, when an access request to a document file is received, for example. Then, a control such as limitation to a function defined in the access control policy may be made. It should be noted that the access control policy is associated with, for example, each document file.
This kind of technique is also generally referred to as digital rights management (DRM).
By the way, many of currently-known DRM techniques and products thereof aim to protect data of a file format, and for example, objects in a document file (data objects constituting a document such as character strings or images) are uniformly controlled (i.e., all of them are allowed or all of them are disallowed).
In this case, in view of data leakage countermeasure, it is important to control replication (processing) of data.
However, when protection is made in units of files, for example, this greatly reduces the convenience in an application in which each object within a document file is frequently reused such as drawing design support application.
For example, in a case of a design drawing, the degree of importance may be different according to each object (for example, particular component design data or numerical value data). Therefore, even when an object is reused, it is necessary to perform control according to each object (in particular, control of replication).
In contrast, it may be possible to apply the above access control (the access control in the access control policy format) to all the objects.
In this case, the replication processing generally includes two instances of processing (actions), i.e., copy processing (COPY) and paste processing (PASTE). In the copy processing, an object belonging to a resource of replication source (an object in a source document file) is copied to a temporary data storage region (such as clipboard), and in the paste processing, the object is pasted to a resource of replication destination (a destination document file), whereby the replication processing is completed.
In this case, at the time of the copy processing, the resource of the replication destination may not clear, and therefore, attribute data needed for evaluating access control policy may be missing at this moment. In general, in order to determine access determination in access control, various kinds of attribute data are often used as factors serving as basis of determination. Examples of such attribute data include an identifier of a subject making access, role of the subject making access, the degrees of importance of the resource of replication source and replication destination, the type of resource, access time, access location, and the like.
The above attribute data is usually obtained when an action to a resource occurs. In other words, the value of the attribute data may be changed between the time of the copy processing and the paste processing, and the access determination may not be appropriately made in the access control.
Further, at the time of paste processing, the resource of the replication source is not always clear. Thus, at the time of the paste processing, the access control policy itself associated with the resource of the replication source (the document file to be replicated) cannot be always looked up. Therefore, the access determination may not be appropriately made in the access control.