Modelling Delegation and Revocation Schemes in IDP

Marcos Cramer; Pieter Van Hertum; Diego Agustin Ambrossio; Marc; Denecker

arXiv:1405.1584·cs.LO·May 8, 2014·1 cites

Modelling Delegation and Revocation Schemes in IDP

Marcos Cramer, Pieter Van Hertum, Diego Agustin Ambrossio, Marc, Denecker

PDF

Open Access

TL;DR

This paper demonstrates how the IDP knowledge base system can efficiently implement various revocation schemes in ownership-based access control systems with delegation chains, using a declarative approach.

Contribution

It introduces a method to model and execute different revocation schemes within IDP for ownership-based access control, combining ASP, SAT, and CP techniques.

Findings

01

IDP effectively models delegation and revocation schemes.

02

Declarative specifications enable flexible revocation strategies.

03

Efficient implementation of revocation schemes demonstrated.

Abstract

In ownership-based access control frameworks with the possibility of delegating permissions and administrative rights, chains of delegated accesses will form. There are different ways to treat these delegation chains when revoking rights, which give rise to different revocation schemes. In this paper, we show how IDP - a knowledge base system that integrates technology from ASP, SAT and CP - can be used to efficiently implement executable revocation schemes for an ownership-based access control system based on a declarative specification of their properties.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAccess Control and Trust · Logic, Reasoning, and Knowledge · Multi-Agent Systems and Negotiation