Sharing of resources provides for efficient use of resources in computing systems. With the increased use of the Internet, resources can be shared over an open network. Examples of resources include data, files, network channels, printers, hardware devices, software programs, virtual objects, input/output devices, storage space on storage media, bandwidth on a channel, and the like.
Whether user systems attempting to share resources are connected to the resources via an open network, such as the Internet or a closed network such as a credit card transaction network or local area network (LAN), it is important to ensure that only valid users have access to resources and that only permitted actions are performed by those users. One way of controlling access is by defining access rules and enforcing those access rules. A rule typically specifies the actions that can be performed on a resource. Examples of actions on a resource include creation, deletion, modification, viewing, viewing metadata about the resource, changing metadata about the resource, mounting, unmounting, sharing, unsharing, viewing, modifying or deleting metadata about rules and roles associated with the resource, creating and modifying trusteeships, and the like.
Several authorization control (“AC”) systems are available commercially, however these systems suffer from high computational costs. An AC system requiring 200 to 300 milliseconds per authorization is not problematic where the access is several minutes long and one AC system responds to a few requests per minute, but where the accesses are very quick operations and an AC system must respond to many access requests per second, such a performance would be unacceptably slow.
There are many approaches that AC system vendors have taken to reduce the amount of computational effort needed per access request. Some AC system vendors approach the problem by adding more computing power to the effort so that response times would go down even without any reduction in computational effort. However, in order to be a significant improvement in offerings, an AC system should provide better response for a given amount of computing power. Such is essential on platforms where computing power is limited, such as on handheld computing devices and in large network transaction processing systems, where the computing power used by the AC system is so large that simply adding proportionately more computing power would be a significant investment. Other approaches include the use of 2-3 trees, red-black trees or hashing.