Access to computing and network resources is often governed by corresponding access control rules or policies. Such resources might include, for example, data stored locally or remotely, processing and memory/storage resources, software applications (services), or virtually any other functional or non-functional asset that may be provided in the context of a particular computing/network platform. Meanwhile, the access control rules or policies generally specify conditions that must be fulfilled by a subject (e.g., a user, service, machine, or client) in order to access one or more such resources. Once granted access, the subject may be authorized to perform one or more actions in conjunction with the access resource, such as, for example, reading or modifying data, requesting a particular service or function to be performed, or generally utilizing features of the granted resource.
In some cases, some such actions may be required by corresponding access control rules or policies, as a post-grant condition for granting access to the corresponding resource. Such actions that are required to be executed after, or in conjunction with, the granting of access, as a condition of the granted access, may also be referred to as obligations. For example, access to a data file may be conditioned upon an obligation on the part of the subject user to delete the data file after a certain amount of time, or a certain number of accesses. In other examples, restrictions may be placed on sharing access to the granted resource, or, conversely, requirements may be made with respect to sharing access to the granted resource with specific other users, or with a certain number of other users.
In addition to the few examples of such obligations just mentioned, many other types of obligations exist and may be implemented in the context of particular access control systems, as desired by an administrator or other provider of such access control systems. Nonetheless, it may be difficult to ensure or enforce compliance with such obligations, because, e.g., actions taken by a subject who has been granted resource access are often not subject to control by the administrator or other provider of the access control system. As a result, it may not be known whether a particular obligation has actually been fulfilled, and, in particular, it may be difficult or impossible to base future resource access decisions on a fulfillment (or non-fulfillment) of previous obligations.