A Logic Model for Temporal Authorization Delegation with Negation
نویسندگان
چکیده
In this paper, we present a logic based approach to temporal decentralized authorization administration that supports time constrained authorization delegations, both positive and negative authorizations, and implicit authorizations. A set of domain-independent rules are given to capture the features of temporal delegation correctness, temporal conflict resolution and temporal authorization propagation along the hierarchies of subjects, objects and access rights. The basic idea is to combine these general rules with a set of domain-specific rules defined by users to derive the authorizations holding at any time in the system. In addition, some important semantic properties including the unique answer set property are further investigated.
منابع مشابه
Ibm Research Report a Logic-based Knowledge Representation for Authorization with Delegation
We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open, distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and con icts between authorities. DL's approach to these issues and to the i...
متن کاملA Logic-based Knowledge Representation for Authorization with Delegation
We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open, distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL’s approach to these issues and to the ...
متن کاملA Nonmonotonic Delegation Logic with Prioritized Conflict Handling
We extend previous work on Delegation Logic (DL) [11, 12], a tractable and practically implementable logic-based language for authorization in large-scale, open, distributed systems. We expressively generalize the previous version of DL (called D1LP) to have nonmonotonic expressive features, including negation-as-failure, classical negation, and prioritized conflict handling. The resulting form...
متن کاملDecentralized Temporal Authorization Administration
Access control is a significant issue in any secure database system. In this paper, we develop a logic programming based approach for temporal decentralized authorization administration in which users can be delegated, granted or forbidden some access rights for restricted periods of time. Three major aspects are taken into consideration for the semantics of the program, the temporal authorizat...
متن کاملSecPAL: Design and semantics of a decentralized authorization language
We present a declarative authorization language. Policies and credentials are expressed using predicates defined by logical clauses, in the style of constraint logic programming. Access requests are mapped to logical authorization queries, consisting of predicates and constraints combined by conjunctions, disjunctions, and negations. Access is granted if the query succeeds against the current d...
متن کامل