A Logic-based Knowledge Representation for Authorization with Delegation

We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open, distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL’s approach to these issues and to the interplay among them borrows from previous work on delegation and trust management in the computer-security literature and previous work on negation and conflict handling in the logic-programming and non-monotonic reasoning literature, but it departs from previous work in some crucial ways. In this introductory paper, we present the syntax and semantics of DL and explain our novel design choices. This first paper focuses on delegation, including explicit treatment of delegation depth and delegation to complex principals; a forthcoming companion paper focuses on negation. Compared to previous logic-based approaches to authorization, DL provides a novel combination of features: it is This extended abstract appeared in the Proceedings of the 12th IEEE Computer Security Foundations Workshop, July 1999. An expanded, Research Report version of this paper is available via the IBM Research Report server website (http://www.research.ibm.com, then navigate) or via the authors. based on logic programs, expresses delegation depth explicitly, and supports a wide variety of complex principals (including but not limited to k-out-of-n thresholds). Compared to previous approaches to trust management, DL provides another novel feature: a concept of proof-of-compliance that is not entirely ad-hoc and that is based on modeltheoretic semantics (just as usual logic programs have a model-theoretic semantics). DL’s approach is also novel in that it combines the above features with smooth extensibility to non-monotonicity, negation, and prioritized conflict handling. This extensibility is accomplished by building on the well-understood foundation of DL’s logic-program knowledge representation.