Policy as Code, Policy as Type

TL;DR

This paper presents a novel approach to policy specification by modeling access control policies as types in dependently typed languages, enabling formal analysis and safer implementation compared to traditional languages like Rego.

Contribution

It introduces a framework that expresses complex ABAC policies as types in Agda and Lean, demonstrating improved safety and formal verification capabilities.

Findings

Dependently typed policies can be expressed in Agda and Lean.

Type-based policies offer superior safety over Rego.

Framework supports analysis, implementation, and communication of policies.

Abstract

Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can be expressed as types in dependently typed languages such as Agda and Lean, providing a single framework to express, analyze, and implement policies. We then go head-to-head with Rego, the popular and powerful open-source ABAC policy language. We show the superior safety that comes with a powerful type system and built-in proof assistant. In passing, we discuss various access control models, sketch how to integrate in a future when attributes are distributed and signed (as discussed at the W3C), and show how policies can be communicated using just the syntax of the language. Our examples are in Agda.