Design and Semantics of a Decentralized Authorization Language

Author

Becker, Moritz Y. ; Fournet, Cédric ; Gordon, Andrew D.

Author_Institution

Microsoft Res., Cambridge

fYear

2007

fDate

6-8 July 2007

Firstpage

Lastpage

Abstract

We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to datalog with constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.

Keywords

programming language semantics; decentralized authorization language; execution efficiency; policy expressiveness; semantic simplicity; syntactic simplicity; Authorization; Distributed computing; File systems; Legislation; Logic design; Natural languages; Safety; Usability; Web services; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE

Conference_Location

Venice

ISSN

1940-1434

Print_ISBN

0-7695-2819-8

Type

conf

DOI

10.1109/CSF.2007.18

Filename

4271637

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3034891