Design and Semantics of a Decentralized Authorization Language

Moritz Y. Becker, Cédric Fournet, Andrew D. Gordon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to datalog with constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.
Original languageEnglish
Title of host publication20th IEEE Computer Security Foundations Symposium, CSF 2007, 6-8 July 2007, Venice, Italy
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages3-15
Number of pages13
ISBN (Print)0-7695-2819-8
DOIs
Publication statusPublished - Jul 2007

Fingerprint Dive into the research topics of 'Design and Semantics of a Decentralized Authorization Language'. Together they form a unique fingerprint.

Cite this