SecPAL

From Wikipedia, the free encyclopedia

This article may not meet the general notability guideline or one of the following specific guidelines for inclusion on Wikipedia: Biographies, Books, Companies, Fiction, Music, Neologisms, Numbers, Web content, or several proposals for new guidelines. If you are familiar with the subject matter, please expand or rewrite the article to establish its notability. The best way to address this concern is to reference published, third-party sources about the subject. If notability cannot be established, the article is more likely to be considered for redirection, merge or ultimately deletion, per Wikipedia:Guide to deletion. This article has been tagged since November 2007.

SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments.

[edit] Common Access Control Requirements

Here is a partial-list of some of the challenges that SecPAL addresses:

• How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries?
• How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization?
• How can access control policy be authored and reviewed in a manner that is human readable - allowing auditors and non-technical people to understand such policies?
• How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource?
• How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?

[edit] References

The SecPAL Research homepage includes links to the following papers which describe the architecture of SecPAL at varying levels of abstraction.

• SecPAL Formal Model ("Design and Semantics of a Decentralized Authorization Language") – Formal description of the abstract types, language semantics and evaluation rules that support deterministic evaluation in efficient time.
• SecPAL Schema Specification – Specification describing a practical XML based implementation of the formal model targeted at supporting access control requirements of distributed applications
• .NET Research Implementation of SecPAL – C# implementation, C# samples for common authz patterns, and comprehensive developer documentation and a getting started tutorial

[edit] Additional Research

• IEEE Grid 2007 - Fine Grained Access Control Using SecPAL - http://www.cs.virginia.edu/~humphrey/papers/GridFTP_SecPAL_2007.pdf