1. Technical Field
The present invention relates in general to access control within a data processing system implemented library and in particular to access control within a data processing system implemented library wherein access to objects is limited to explicitly listed users for each object within the library. Still more particularly, the present invention is directed to a method and system which permits all users within a data processing system, designated groups of users, or a single selected user and his or her designated affinity users or proxies to access an object within a data processing system implemented library without requiring an explicit listing of each user who is permitted access.
2. Description of the Related Art
Electronically implemented "libraries" are rapidly surpassing more traditional information storage in the world today. It is quite common for data processing system implemented libraries to maintain control thousands of different objects, or documents. The rules by which such documents may be altered and/or maintained are typically governed by various standards, such as the International Standard ISO/IEC 10166, Document Filing and Retrieval (DFR).
One problem which exists in such electronic libraries is the management and control of the documents stored therein. Generally, two specific security mechanisms are provided by such electronic libraries. Firstly, authentication of the identity of a particular user is generally addressed in an electronic library. This is generally accomplished utilizing a password known only to the system operator and the user, or, in cases where a user has been previously authenticated elsewhere, by checking a certified identity. An authentication mechanism is usually utilized to verify the credentials of a user requesting access to documents within an electronic library. Access to an electronic library does not, in and of itself, qualify the user to access all objects stored within the library.
The access by a user to a particular object or document within an electronic library is generally controlled by access authorization. Documents or objects within an electronic library generally have designated an Owner who is a user within the system having specific privileges with regard to the owned object or document. Generally each Owner within electronic library may add further owners, or delete existing ones. The Owner of a document may typically specify the authority of other non-owner individuals with respect to a particular object or document within the electronic library. For example, the Owner may grant a particular user read, copy, extended-read, read-modify, or read-modify-delete access to a particular object or document within an electronic library.
Certain electronic libraries are known as explicit access libraries in that in order for a user to access a particular object or document within the electronic library, the identification of that user must be explicitly listed in a control access list associated with the particular object or document. This is particularly true for International Standard ISO/IEC 10166, Document Filing and Retrieval (DFR) systems, as noted above. While such systems permit accurate control of objects or documents stored within the electronic library those skilled in the art will appreciate that an explicit access listing type electronic library rapidly becomes inefficient in that each user within the data processing system permitted to access an object within a library of this type must be explicitly listed within the access control listing for each object.
Therefore, it should be apparent that a need exists for a method and system whereby large groups of designated users or so-called "affinity" users of authorized accessors may be permitted to access an object within a data processing system which is implemented utilizing such an explicit listing access authorization system.