HOME

TheInfoList



Click Here for Items Related To - SecPAL
OR:
SecPAL on:   [Wikipedia]   [Google]   [Amazon]

SecPAL is a declarative, logic-based,
security policy language Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
that has been developed to support the complex
access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
requirements of large scale
distributed computing A distributed system is a system whose components are located on different networked computers, which communicate and coordinate their actions by passing messages to one another from any system. Distributed computing is a field of computer sci ...
environments.


Common access control requirements

Here is a partial-list of some of the challenges that SecPAL addresses: * How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries? * How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization? * How can access control policy be authored and reviewed in a manner that is
human readable A human-readable medium or human-readable format is any encoding of data or information that can be naturally read by humans. In computing, ''human-readable'' data is often encoded as ASCII or Unicode text, rather than as binary data. In most ...
- allowing auditors and non-technical people to understand such policies? * How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource? * How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?


Architecture

The SecPAL Research homepage includes links to the following papers which describe the architecture of SecPAL at varying levels of abstraction. * ''SecPAL Formal Model'' ("Design and Semantics of a Decentralized Authorization Language") – Formal description of the abstract types, language semantics and evaluation rules that support deterministic evaluation in efficient time. * ''SecPAL Schema Specification'' – Specification describing a practical XML based implementation of the formal model targeted at supporting access control requirements of distributed applications * ''.NET Research Implementation of SecPAL'' – C# implementation, C# samples for common authz patterns, and comprehensive developer documentation and a getting started tutorial


Additional research

* IEEE Grid 2007 - Fine Grained Access Control Using SecPAL * SecPAL for Privacy


References

{{Microsoft Research Computer languages