In this work we ask the question: what are the challenges of managing a physical or file system access-control policy for a large organization? To answer the question, we conducted a series of interviews with thirteen administrators who manage access-control policy for either a file system or a physical space. Based on these interviews we identified three sets of real-world requirements that are either ignored or inadequately addressed by technology: 1) policies are made/implemented by multiple people; 2) policy makers are distinct from policy implementers; and 3) access-control systems don't always have the capability to implement the desired policy. We present our interview results and propose several possible solutions to address the observed issues.
|Title of host publication||Proceedings of the SIGCHI Conference on Human Factors in Computing Systems|
|Place of Publication||New York, NY, USA|
|Number of pages||10|
|Publication status||Published - 2009|
- access control, policy creation