{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2014:3VDMOJPOH6J7JOSSMVEI3ARRPT","short_pith_number":"pith:3VDMOJPO","canonical_record":{"source":{"id":"1406.4988","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-06-19T09:29:50Z","cross_cats_sorted":[],"title_canon_sha256":"1f5d89853fb3b588038e73c2faad50007eda6c499beb397366d4d4277bec0b9d","abstract_canon_sha256":"1aa1c291f6693b8ecb81930d87a8ae218c430c54591c724d93557d248c86366e"},"schema_version":"1.0"},"canonical_sha256":"dd46c725ee3f93f4ba5265488d82317cf13c4a2739822cce416b1ef957aae5fe","source":{"kind":"arxiv","id":"1406.4988","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1406.4988","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"arxiv_version","alias_value":"1406.4988v1","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1406.4988","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"pith_short_12","alias_value":"3VDMOJPOH6J7","created_at":"2026-05-18T12:28:11Z"},{"alias_kind":"pith_short_16","alias_value":"3VDMOJPOH6J7JOSS","created_at":"2026-05-18T12:28:11Z"},{"alias_kind":"pith_short_8","alias_value":"3VDMOJPO","created_at":"2026-05-18T12:28:11Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2014:3VDMOJPOH6J7JOSSMVEI3ARRPT","target":"record","payload":{"canonical_record":{"source":{"id":"1406.4988","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-06-19T09:29:50Z","cross_cats_sorted":[],"title_canon_sha256":"1f5d89853fb3b588038e73c2faad50007eda6c499beb397366d4d4277bec0b9d","abstract_canon_sha256":"1aa1c291f6693b8ecb81930d87a8ae218c430c54591c724d93557d248c86366e"},"schema_version":"1.0"},"canonical_sha256":"dd46c725ee3f93f4ba5265488d82317cf13c4a2739822cce416b1ef957aae5fe","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T02:49:21.277483Z","signature_b64":"za3SAx7gE/RCHG8cLCTI2KXqloxRl4sCLBfQS8AA0eFZ334hToehMa43/TUati9c3/a6rGETYN6BRPJEWmolAw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"dd46c725ee3f93f4ba5265488d82317cf13c4a2739822cce416b1ef957aae5fe","last_reissued_at":"2026-05-18T02:49:21.276857Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T02:49:21.276857Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1406.4988","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:49:21Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"dZqzGLe1ue1CjxkNmOZvEoBCQftg/AT6WnvXEzsfK6YWZRzgxRYXqQVZ68EC4K4C6c68FAT8HztgPK5ReJM4Ag==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T01:37:47.962995Z"},"content_sha256":"bf0af839086451fc149524f44743c00ce36c1f1fa44899b181649f788e705563","schema_version":"1.0","event_id":"sha256:bf0af839086451fc149524f44743c00ce36c1f1fa44899b181649f788e705563"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2014:3VDMOJPOH6J7JOSSMVEI3ARRPT","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Path Conditions and Principal Matching: A New Approach to Access Control","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"James Sellwood, Jason Crampton","submitted_at":"2014-06-19T09:29:50Z","abstract_excerpt":"Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what should determine authorization is the relationships that exist between entities in the system. While recent research has considered the possibility of specifying authorization policies based on the relationships that exist between peers in social networks, we are not aware of the application of these ideas to general computing systems. We develop a formal access "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1406.4988","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T02:49:21Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"SkeGgKemTyf4lBEcGglswX3/gKH1PPEdRsv/A92GZR2PXcaR/GpLP1Qd+CYknJaKjQQ5zyCTVbM8f4SoPKiIBA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-31T01:37:47.963615Z"},"content_sha256":"b7b9490b6cf0713adfdd69ed761c20e08175281e0b90a210b0f359e499dbc499","schema_version":"1.0","event_id":"sha256:b7b9490b6cf0713adfdd69ed761c20e08175281e0b90a210b0f359e499dbc499"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/bundle.json","state_url":"https://pith.science/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-31T01:37:47Z","links":{"resolver":"https://pith.science/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT","bundle":"https://pith.science/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/bundle.json","state":"https://pith.science/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/state.json","well_known_bundle":"https://pith.science/.well-known/pith/3VDMOJPOH6J7JOSSMVEI3ARRPT/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2014:3VDMOJPOH6J7JOSSMVEI3ARRPT","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"1aa1c291f6693b8ecb81930d87a8ae218c430c54591c724d93557d248c86366e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-06-19T09:29:50Z","title_canon_sha256":"1f5d89853fb3b588038e73c2faad50007eda6c499beb397366d4d4277bec0b9d"},"schema_version":"1.0","source":{"id":"1406.4988","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1406.4988","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"arxiv_version","alias_value":"1406.4988v1","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1406.4988","created_at":"2026-05-18T02:49:21Z"},{"alias_kind":"pith_short_12","alias_value":"3VDMOJPOH6J7","created_at":"2026-05-18T12:28:11Z"},{"alias_kind":"pith_short_16","alias_value":"3VDMOJPOH6J7JOSS","created_at":"2026-05-18T12:28:11Z"},{"alias_kind":"pith_short_8","alias_value":"3VDMOJPO","created_at":"2026-05-18T12:28:11Z"}],"graph_snapshots":[{"event_id":"sha256:b7b9490b6cf0713adfdd69ed761c20e08175281e0b90a210b0f359e499dbc499","target":"graph","created_at":"2026-05-18T02:49:21Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Traditional authorization policies are user-centric, in the sense that authorization is defined, ultimately, in terms of user identities. We believe that this user-centric approach is inappropriate for many applications, and that what should determine authorization is the relationships that exist between entities in the system. While recent research has considered the possibility of specifying authorization policies based on the relationships that exist between peers in social networks, we are not aware of the application of these ideas to general computing systems. We develop a formal access ","authors_text":"James Sellwood, Jason Crampton","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-06-19T09:29:50Z","title":"Path Conditions and Principal Matching: A New Approach to Access Control"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1406.4988","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:bf0af839086451fc149524f44743c00ce36c1f1fa44899b181649f788e705563","target":"record","created_at":"2026-05-18T02:49:21Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"1aa1c291f6693b8ecb81930d87a8ae218c430c54591c724d93557d248c86366e","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2014-06-19T09:29:50Z","title_canon_sha256":"1f5d89853fb3b588038e73c2faad50007eda6c499beb397366d4d4277bec0b9d"},"schema_version":"1.0","source":{"id":"1406.4988","kind":"arxiv","version":1}},"canonical_sha256":"dd46c725ee3f93f4ba5265488d82317cf13c4a2739822cce416b1ef957aae5fe","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"dd46c725ee3f93f4ba5265488d82317cf13c4a2739822cce416b1ef957aae5fe","first_computed_at":"2026-05-18T02:49:21.276857Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T02:49:21.276857Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"za3SAx7gE/RCHG8cLCTI2KXqloxRl4sCLBfQS8AA0eFZ334hToehMa43/TUati9c3/a6rGETYN6BRPJEWmolAw==","signature_status":"signed_v1","signed_at":"2026-05-18T02:49:21.277483Z","signed_message":"canonical_sha256_bytes"},"source_id":"1406.4988","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:bf0af839086451fc149524f44743c00ce36c1f1fa44899b181649f788e705563","sha256:b7b9490b6cf0713adfdd69ed761c20e08175281e0b90a210b0f359e499dbc499"],"state_sha256":"ac306aa43a533b116470f053a523466693d21888c35e4658a0af0434912a193e"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Q7j+YcuKRoyBeXQrHC1t5Jf/VsUa6aKOVFzTTk2mriJHYWJ87aMLh9WKcKqcYJgpxpdcLmJwwjXXLSnMrhNoBw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-31T01:37:47.966482Z","bundle_sha256":"ea9475142386c9cb191d686e604d35285ab425cfbefdabd291f01c6734721952"}}