Dynamic Access Control with Administrative Obligations: A Case Study.

Administrative obligations in the Next Generation Access Control (NGAC) standard introduce a novel programming concept for attaching administrative commands to access events performed on behalf of users. These commands modify the underlying authorization elements, thereby changing access privileges. We envision administrative obligations as an effective approach to deal with dynamic access control in modern workflow software where access events frequently alter the privileges of different users. However, developing workflow systems with administrative obligations poses challenges in accurately identifying, specifying, and validating runtime privilege changes. To facilitate investigating rigorous quality assurance techniques for obligation-enabled NGAC systems, benchmark applications are crucial. In this paper, we present GPMS-NGAC (Grant Proposal Management System), an open-source application developed alongside the NGAC standard's reference implementation. GPMS-NGAC is the only open-source real-world NGAC application with complex authorization elements and 19 nontrivial obligations. It is a representative system applicable to various domains (e.g., healthcare, finance, and defense) where access privileges within workflows evolve over time. We introduce the design and implementation of GPMS-NGAC, providing the research community with a benchmark application for studying administrative obligations. In particular, researchers can use it to explore and evaluate quality assurance techniques for dynamic access control systems.