Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

On the Unification of Access Control and Data Services



David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen


A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file and access control management. Although access control (AC) currently plays an important role in imposing control over the execution of DS capabilities, AC can be more fundamental to computing than one might expect. That is, if properly designed, a single AC mechanism can simultaneously implement, control, and deliver capabilities of multiple DSs. The Policy Machine (PM) is an AC framework that has been designed with this objective in mind. This paper describes the PM features that provide a generic AC mechanism to implement DS capabilities, and comprehensively enforces mission tailored access control policies across DSs.
Conference Dates
August 12-15, 2014
Conference Location
San Francisco, CA
Conference Title
15th IEEE International Conference on Information Reuse and Integration


Access Control, Data Services, Access Control Policy, Policy Machine, Operating Environment


Ferraiolo, D. , Gavrila, S. and Jansen, W. (2014), On the Unification of Access Control and Data Services, 15th IEEE International Conference on Information Reuse and Integration, San Francisco, CA, [online], (Accessed July 25, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created August 15, 2014, Updated November 10, 2018