TY - GEN
T1 - Soutei, a logic-based trust-management system system description
AU - Pimlott, Andrew
AU - Kiselyov, Oleg
PY - 2006
Y1 - 2006
N2 - We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness of our evaluator, we describe a fair and terminating backtracking algorithm.
AB - We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness of our evaluator, we describe a fair and terminating backtracking algorithm.
KW - Access control
KW - Backtracking
KW - Datalog
KW - Haskell
KW - Logic Programming
KW - Non-determinism
KW - Security Language
UR - http://www.scopus.com/inward/record.url?scp=33745830075&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745830075&partnerID=8YFLogxK
U2 - 10.1007/11737414_10
DO - 10.1007/11737414_10
M3 - Conference contribution
AN - SCOPUS:33745830075
SN - 3540334386
SN - 9783540334385
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 130
EP - 145
BT - Functional and Logic Programming
T2 - 8th International Symposium on Functional and Logic Programming, FLOPS 2006
Y2 - 24 April 2005 through 26 April 2005
ER -