Abstract
In this paper, we propose an access control model that is suitable for a distributed object oriented environment. Our model has two features: authentication with object properties and method categorization by a security level. The object property is meta information of a client, and the client is vested with it in advance. To use the object properties, a server can identify a huge number of clients in the environment by groups that is categorized with the object properties of the clients. And also, to use a combination of multiple object properties in authentication, an administrator of the server can determine the flexible range of target clients. The security level shows how much impact the method affects server's data. If a designer of the server categorizes the server's methods with a security level, an administrator of the server can set an authorization rule to each category instead of each server's method. The categories constitute a tree structure, since a parent category includes child categories. As a result of this, the administrator can set an authorization rule easier than authorization without categorization by the security level. Furthermore, we implemented above the access control model and we evaluated their efficiency.