Neha Patil (Editor)

SecPAL

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments.

Contents

Common Access Control Requirements

Here is a partial-list of some of the challenges that SecPAL addresses:

  • How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries?
  • How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization?
  • How can access control policy be authored and reviewed in a manner that is human readable - allowing auditors and non-technical people to understand such policies?
  • How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource?
  • How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?

    • Additional Research

  • IEEE Grid 2007 - Fine Grained Access Control Using SecPAL - http://www.cs.virginia.edu/~humphrey/papers/GridFTP_SecPAL_2007.pdf

    • References

    SecPAL Wikipedia
    (Text) CC BY-SA


    Similar Topics