tag:www.post-issue.org,2010:/2009/5/19/prior-art-and-comments/comments Mephisto Drax 2010-05-19T13:26:53Z Andrew Nobody tag:www.post-issue.org,2009-05-19:3877:4596 2010-05-15T12:14:28Z 2010-05-15T12:14:28Z So, after an admittedly cursory reading, I suspect I may be an expert. (haha on the internet, who knew) The key point seems to be the association of the privileges with the program, and not the target data. So I'll give a brief list of possible pointers. Multics (1965) had 3 security mechanisms: Rings, MAC and DAC. A segment (piece of code) was associated with a ring and code could access only things in lower numbered rings. The multics model is actually beautiful, and was later forgotten, although it totally addresses things like "156. A method in accordance with claim 120, further including storing an indication of the method of combining the authority of said associated program with the programs it calls." Java's ProtectionDomains postdate the patent date, I think, although the sandbox model may count (it's only boolean state) and may not. In any case, it was simply a more powerful reimplementation of the Multics model. A suitable expert may well make an argument based on capability systems (e.g. KeyKos, 1970, etc) although in that, and all the fundamental study of access control (e.g. Harrison, Ruzzo, Ullman) it is clearly stated that the storage of permissions with the program or the object is indistinguishable. Many of the people doing access control research in the late '70s ended up at the NSA and didn't publish again. Largely this seems to be a tedious exercise of going through the features of existing systems, and the claims, and playing match. I don't want my email address or name published, and it isn't clear whether the form publishes them.