Jump to content

SecPAL

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 2001:a61:805:d001:670:e283:79af:ac7a (talk) at 20:59, 25 March 2018 (added SecPAL for Privacy references). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments. [1]

Common Access Control Requirements

Here is a partial-list of some of the challenges that SecPAL addresses:

  • How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries?
  • How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization?
  • How can access control policy be authored and reviewed in a manner that is human readable - allowing auditors and non-technical people to understand such policies?
  • How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource?
  • How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?

References

  1. ^ Microsoft Research

The SecPAL Research homepage includes links to the following papers which describe the architecture of SecPAL at varying levels of abstraction.

  • SecPAL Formal Model ("Design and Semantics of a Decentralized Authorization Language") – Formal description of the abstract types, language semantics and evaluation rules that support deterministic evaluation in efficient time.
  • SecPAL Schema Specification – Specification describing a practical XML based implementation of the formal model targeted at supporting access control requirements of distributed applications
  • .NET Research Implementation of SecPAL – C# implementation, C# samples for common authz patterns, and comprehensive developer documentation and a getting started tutorial

Additional Research

Retrieved from "https://en.wikipedia.org/w/index.php?title=SecPAL&oldid=832410550"