Un sistema di integrazione di reti per la gestione di informazioni territoriali

The problem of how the users of a capability-based protection system can define their own protection subsystems is dealt with by referring to a specific generalized capability environment. This environment is first briefly described. Then the definition of a protection subsystem is given, and its abstract behaviour is described in detail: a set of active entities, caned accessors of the subsystem, are capable of performing access attempts to a set of passive entities, caLLed. obJects. The subsystem associates specific access rights to each accessor, allowing that accessor to operate on the protected objects in a restricted fashion. The subsystem also performs the required access right checking, and aborts any unauthorized attempt at obJect utilization. A possibLe way of implementing a protection subsystem ,is presented, which mainly consists of two components, namely an Object Manager and a Protection Monitor. The Object Manager implements the objects to be protected. The FPoteation Monitor, on the other hand, is responsible for the management and checking of access rights. The main problem of allowing the Protection Monitor to identify accessors in a secure fashion is solved by utilizing the properties of the extended capability environment mentioned above.