There is no current approach that makes it simple and easy to securely access arbitrary resources, such as media streams, cameras, files and printers. Moreover, there is no current system that allows end users to intuitively specify how they would like to secure access to resources. Some systems allow granting access rights to users by creating Access Control Lists (“ACLs”). ACLs allow people to specify users who will be allowed access and their specific access rights with respect to system resources, such as making a shared file accessible for viewing and editing to a group of named users. But in many systems, users cannot simply give an arbitrary group of users privileges without requiring system administrator intervention or a great deal of effort. For instance, in a UNIX environment, users cannot create a new system group. In an MS Windows environment, users can add arbitrary lists of domain users to the ACL for a file, but cannot reuse that particular ACL for multiple files without having to explicitly list them all for each file. Users also have no way to allow explicit access to particular individuals who are not a member of their security domain. The only way to allow these individuals access would be to allow everyone access. Without the ability to easily provide secure access to files, for example, other approaches must be attempted.
One approach includes sending files as e-mail attachments where the sender is located in a first security domain and the recipient is located in a second security domain. But this would involve complex user configuration, such as for exchanging keys and certificates, to ensure that the files are exchanged securely. Further, both parties must have access to their mail server, which may not always be possible in real-time. Additionally, the delays and bandwidth requirements involved in transporting the files may be unacceptable due to network congestion. Thus, in this example much effort is expended in simply setting up the security technology instead of towards the goal of exchanging files.
Another approach for securely sharing resources includes a first user at a first machine placing documents they wish to share with a second user at a second machine in a password-protected area of a Web server. The first user can send the second user the URL of the shared documents along with the password, allowing the second user to access the shared documents. This approach has a number of drawbacks, such as requiring the second user to remember the URL and the password to access the shared documents, and making it difficult for users to ascertain exactly which resources are shared and with whom they are shared by. Determining this would require investigating the Web server's file space, logs and permissions files.
The approaches discussed above provide mechanisms by which two users can share static documents. Users may, however, desire sharing a variety of other resources to which they have access to. Additionally, it is generally difficult or impossible for users to easily ascertain which resources are being shared and with whom they are being shared with. For example, users cannot determine who has access to certain files unless they explicitly search for the files on their system. Also, users who intend to allow temporary access to their files, for instance, may inadvertently allow that access to indefinitely continue or may instead accidentally allow access to unintended files.