Security Authorization Policies
Use rule-based executable specification of security authorization policies, a.k.a. trust management: including delegation, certificates.
- We have the first step of an expressive extension of courteous LP’s to handle delegation and certificates.
Often, authorization policy is really a part of overall business policy, at app-level. This contrasts with authentication.
Advantages of rule-based approach, esp. from declarative semantics:
- principled handling of negation and conflict.
- provable guarantees of behavior of implementation.
- more human-understandable and easy to modify.
- easier integration with general business policy.