Issues related to provenance and access control are of great practical
importance to  the intelligence  and defense communities, as well as to the
financial sector.

There are multiple regions in the problem space that have been explored and
for which COTS/GOTS solutions are available.

One approach that might work for you is Role Based Access Control, or RBAC.
There is a nice introduction to the subject area available at NIST - see

I keep wanting to build a sandwich form factor data scanner capable of
reading private keys and other PIV data laser-etched onto thin strips of
pig,  thus implementing Roll Based Access Control using BACACs.  Maybe I
ought to run the idea past the guys at Fort Meat.

 On Nov 2, 2011 11:36 PM, "William Denton" <[log in to unmask]> wrote:

> Some of us at work were talking about a problem the archivist and other
> digitizing people have: showing particular digitized objects to particular
> people with particular restrictions.  We called it GRAP:  the granular
> restricted access problem.
> Here's the archivist's description.  If you also had this problem and
> found a solution, we'd love to know.
> # ----- begin GRAP
> We are generating lots of digital assets (TIFFs of historical photographs,
> WAVs of sound recordings and oral histories, etc.) not only in the course
> of our regular digitization-for-access activities but also as a result of
> researcher requests and requests through Accessibility Services.
> We have a institutional digital repository (DSpace) that works well as a
> mass distribution tool, but as with most primary sources there are often
> additional restrictions on access based on copyright, donor permissions,
> third party privacy issues and other legislation.  We are struggling to
> find ways of promoting these resources that have additional access
> restrictions.
> What we want:
> A system of storing and organizing all digitized materials in one place so
> that everyone (librarians, archivists, technicians, IT, scholars, faculty,
> students) can find them.
> A means of managing and tracking all these objects that will allow:
> - the creation of unique identifiers (to generate statistical metrics,
> track chains of custody, access etc.)
> - quick and easy updating
> - access controls, possibly with time limits, for all material (X to the
> public, Y to this person, Z to students in HUM 101 for one week)
> - seamless streaming of audio and video (with access controls)
> # ----- end GRAP
> Any suggestions welcome.  I'll pass along and report back.
> Thanks,
> Bill
> --
> William Denton
> Toronto, Canada