There are currently many situations in which unauthorized persons fraudulently gain access to a resource, causing a large financial loss to the resource provider. For example, international calling card fraud creates a significant level of uncollectable revenue, putting a telecommunications company into an uncomfortable position of either allowing call completions where there is a chance that a specific calling card number has been compromised or, disallowing call completions where the valid user is attempting the call. In the first case, the telecommunications company stands to lose the call revenue, compounded by the fact that when a bill is rendered, it will contain a charge that will likely annoy the valid user. In the second case, a call refusal might be the safe thing to do, but it would aggravate a loyal customer and still incur costs of handling a portion of the call.
The typical method used to control access to a resource depends on two types of facilities--"user permissions" and "access control lists." Generally, user permissions are sets of capabilities or destinations to which a user may connect. These are sometimes called "subject oriented controls". Access control lists are "object oriented controls", defining who may access an object and under what conditions. Based upon this traditional subject/object model of security controls, a "strict" or "hard" decision is made as to whether access should be granted or denied. Unfortunately, a strict decision process works best for simple cases, where the number of classes of subjects and/or objects is relatively small. In the case of many access control applications such as long distance calling, the number of callers, destinations, etc. is likely to be enormous, complicating the problem to the point that effective access control would be burdensome to manage and difficult or impossible to implement.