| (I) An access control service that enforces a security policy
based on the identity of system entities and their authorizations
to access system resources. (See: access control list, identity-
based security policy, mandatory access control.)
(C) This service is termed "discretionary" because an entity might
have access rights that permit the entity, by its own volition, to
enable another entity to access some resource.
(O) "A means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. The
controls are discretionary in the sense that a subject with a
certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject." [DOD1]
|
