Sciweavers

ESORICS
2010
Springer

An Authorization Framework Resilient to Policy Evaluation Failures

14 years 18 days ago
An Authorization Framework Resilient to Policy Evaluation Failures
Abstract. In distributed computer systems, it is possible that the evaluation of an authorization policy may suffer unexpected failures, perhaps because a sub-policy cannot be evaluated or a sub-policy cannot be retrieved from some remote repository. Ideally, policy evaluation should be resilient to such failures and, at the very least, fail "gracefully" if no decision can be computed. We define syntax and semantics for an XACML-like policy language. The semantics are incremental and reflect different assumptions about the manner in which failures can occur. Unlike XACML, our language uses simple binary operators to combine sub-policy decisions. This enables us to characterize those few binary operators likely to be used in practice, and hence to identify a number of strategies for optimizing policy evaluation and policy representation.
Jason Crampton, Michael Huth
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2010
Where ESORICS
Authors Jason Crampton, Michael Huth
Comments (0)