SecPAL
Appearance
SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments.[1][2][3][4]
Common access control requirements
Here is a partial-list of some of the challenges that SecPAL addresses:
- How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries?
- How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization?
- How can access control policy be authored and reviewed in a manner that is human readable - allowing auditors and non-technical people to understand such policies?
- How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource?
- How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?
Architecture
The SecPAL Research homepage includes links to the following papers which describe the architecture of SecPAL at varying levels of abstraction.[5]
- SecPAL Formal Model ("Design and Semantics of a Decentralized Authorization Language") – Formal description of the abstract types, language semantics and evaluation rules that support deterministic evaluation in efficient time.
- SecPAL Schema Specification – Specification describing a practical XML based implementation of the formal model targeted at supporting access control requirements of distributed applications
- .NET Research Implementation of SecPAL – C# implementation, C# samples for common authz patterns, and comprehensive developer documentation and a getting started tutorial
Additional research
References
- ^ "SecPAL - Microsoft Research". research.microsoft.com. Archived from the original on 28 April 2016. Retrieved 12 January 2022.
- ^ "Microsoft Building Security Language for Grids". 13 September 2006.
- ^ "Microsoft Invites Collaboration with Grid Computing Research". 30 April 2007.
- ^ "Access Control in Grid Computing Environments". 7 May 2007.
- ^ "Microsoft – Cloud, Computers, Apps & Gaming". Archived from the original on 2009-11-06.
- ^ Marty Humphrey; et al. (2007). "Fine-grained access control for GridFTP using SecPAL" (Conference paper). 2007 8th IEEE/ACM International Conference on Grid Computing. International Workshop on Grid Computing: IEEE Xplore. pp. 217–225. doi:10.1109/GRID.2007.4354136. ISBN 978-1-4244-1559-5. S2CID 14763595.
- ^ M.Y. Becker; et al. (2010). "A Practical Generic Privacy Language". In S. Jha; A. Mathuria (eds.). Information Systems Security. ICISS 2010. Lecture Notes in Computer Science. Lecture Notes in Computer Science. Vol. 6503. Berlin; Heidelberg: Springer. pp. 125–139. doi:10.1007/978-3-642-17714-9_10. ISBN 978-3-642-17714-9. S2CID 17197217.
- ^ Mo Becker; Alexander Malkis; Laurent Bussard (April 2010). "S4P: A Generic Language for Specifying Privacy Preferences and Policies". Microsoft. Retrieved 14 February 2023.