Design and Semantics of a Decentralized Authorization Language Export

@inproceedings{citeulike:1533849, abstract = {We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.}, address = {Washington, DC, USA}, author = {Becker, Moritz and Fournet, Cedric and Gordon, Andrew}, booktitle = {CSF '07: Proceedings of the 20th IEEE Computer Security Foundations Symposium}, citeulike-article-id = {1533849}, citeulike-linkout-0 = {http://portal.acm.org/citation.cfm?id=1270382.1270639}, citeulike-linkout-1 = {http://dx.doi.org/10.1109/CSF.2007.18}, citeulike-linkout-2 = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4271637}, doi = {10.1109/CSF.2007.18}, isbn = {0-7695-2819-8}, journal = {Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE}, keywords = {authorization, decentralized}, pages = {3--15}, posted-at = {2007-08-03 20:31:40}, priority = {2}, publisher = {IEEE Computer Society}, title = {Design and Semantics of a Decentralized Authorization Language}, url = {http://dx.doi.org/10.1109/CSF.2007.18}, year = {2007} }

TY - CONF ID - citeulike:1533849 L3 - citeulike-article-id:1533849 N2 - We present a declarative authorization language that strikes a careful balance between syntactic and semantic simplicity, policy expressiveness, and execution efficiency. The syntax is close to natural language, and the semantics consists of just three deduction rules. The language can express many common policy idioms using constraints, controlled delegation, recursive predicates, and negated queries. We describe an execution strategy based on translation to Datalog with Constraints, and table-based resolution. We show that this execution strategy is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met. JF - Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE SN - 0-7695-2819-8 AD - Washington, DC, USA EP - 15 TI - Design and Semantics of a Decentralized Authorization Language PB - IEEE Computer Society T2 - CSF '07: Proceedings of the 20th IEEE Computer Security Foundations Symposium SP - 3 KW - authorization KW - decentralized AU - Becker, Moritz AU - Fournet, Cedric AU - Gordon, Andrew PY - 2007/// UR - http://dx.doi.org/10.1109/CSF.2007.18 ER -