To understand the access-control needs of distributed applications, we need to look first at the reasons for building such applications. Applications are distributed for a variety of reasons:
Remote Access: A client access remote resources using some remote server. For instance, a file-based client accesses a file kept on a remote file server such as AFS or an interactive client accesses a remote window server such as X.
Replicated Objects: A user manipulates a local replica of some remote object. For instance, a Notes user manipulates a local replica of a Notes document.
Distributed Collaboration: Distributed users collaborate with each other, using the services of synchronous applications such as a chat or whiteboard application or asynchronous applications such as email.
Downloaded code: Code is downloaded and executed on a remote machine. For instance, a Java applet stored in an HTTP server is downloaded and executed on the machine of a Web browser.
With these applications in mind, let us try to answer the two main access control issues: what is the form of the access matrix (that is, what is the nature of the subjects, objects, and rights) and what is its implementation.