A Logic for Multi-domain Authorization Considering Administrators

In multi-domain environments, authorization policies for each administrative domain are determined by either one administrator or through cooperation of multiple administrators. Proposed logic-based models for multi-domain environments´ authorization neither consider an administrator as the legislator of a policy in policies´ representation nor specify the domain of a policy explicitly. Considering legislators in policy specification provides the possibility of presenting composite administration and utilizing administrators´ characteristics in policy analysis such as conflict resolution. In this paper, we propose the syntax, proof theory, and semantics of a logic in which administrators are considered in authorization policies´ specification, composite administration is presented, and each authorization policy is explicitly associated with some administrative domains. We also claim that the logic is sound. The presented logic is based on modal logic and utilizes two calculi named the calculus of administrators and the calculus of administrative domains. A case study of the logic usage is presented.