PTaCL: A Language for Attribute-Based Access Control in Open Systems
Jason Crampton, Charles Morisset
TL;DR
PTaCL is a formal language designed for attribute-based access control in open systems, combining target and composition languages to enable expressive and well-defined policy specifications.
Contribution
This paper introduces PTaCL, a novel language that unifies target and composition sub-languages with formal semantics for attribute-based access control.
Findings
PTaCL supports a wide range of policies.
Formal semantics enable precise policy evaluation.
Restrictions are necessary to prevent unexpected policy outcomes.
Abstract
Many languages and algebras have been proposed in recent years for the specification of authorization policies. For some proposals, such as XACML, the main motivation is to address real-world requirements, typically by providing a complex policy language with somewhat informal evaluation methods; others try to provide a greater degree of formality (particularly with respect to policy evaluation) but support far fewer features. In short, there are very few proposals that combine a rich set of language features with a well-defined semantics, and even fewer that do this for authorization policies for attribute-based access control in open environments. In this paper, we decompose the problem of policy specification into two distinct sub-languages: the policy target language (PTL) for target specification, which determines when a policy should be evaluated; and the policy composition…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Cryptography and Data Security · Security and Verification in Computing