Obligations in PTaCL. / Williams, Conrad; Crampton, Jason.

Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings. ed. / Sara Foresti. Springer, 2015. p. 220-235 (Lecture Notes in Computer Science; Vol. 9331).

Research output: Chapter in Book/Report/Conference proceedingChapter

Published

Standard

Obligations in PTaCL. / Williams, Conrad; Crampton, Jason.

Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings. ed. / Sara Foresti. Springer, 2015. p. 220-235 (Lecture Notes in Computer Science; Vol. 9331).

Research output: Chapter in Book/Report/Conference proceedingChapter

Harvard

Williams, C & Crampton, J 2015, Obligations in PTaCL. in S Foresti (ed.), Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings. Lecture Notes in Computer Science, vol. 9331, Springer, pp. 220-235. https://doi.org/10.1007/978-3-319-24858-5_14

APA

Williams, C., & Crampton, J. (2015). Obligations in PTaCL. In S. Foresti (Ed.), Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings (pp. 220-235). (Lecture Notes in Computer Science; Vol. 9331). Springer. https://doi.org/10.1007/978-3-319-24858-5_14

Vancouver

Williams C, Crampton J. Obligations in PTaCL. In Foresti S, editor, Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings. Springer. 2015. p. 220-235. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-24858-5_14

Author

Williams, Conrad ; Crampton, Jason. / Obligations in PTaCL. Security and Trust Management: 11th International Workshop, STM 2015, Vienna, Austria, September 21-22, 2015, Proceedings. editor / Sara Foresti. Springer, 2015. pp. 220-235 (Lecture Notes in Computer Science).

BibTeX

@inbook{ef1f6e64ce874ffaa5710560111be2e7,
title = "Obligations in PTaCL",
abstract = "Obligations play an increasingly important role in authorization systems and are supported by languages such as XACML. However, our understanding of how to handle obligations in languages such as XACML, particularly in exceptional circumstances, is hampered by a lack of formality and rigor in the existing literature, including the XACML standard. PTaCL is an attribute-based policy language that makes use of tree-structured policies and targets, like XACML. However, PTaCL is more general than XACML and has rigorous operational semantics for request evaluation, from which a policy decision point can be implemented. In this paper, we enhance PTaCL by extending the policy syntax to include obligations and defining the obligations that should be associated with an authorization decision. Our final contribution is to extend our analysis to cases where policy evaluation may return an indeterminate value. We demonstrate that obligation semantics for PTaCL coincide with those of XACML when there is no indeterminacy. More importantly, we show that our obligation semantics provide a principled method for determining obligations for any policy-combining algorithm and the set of possible obligations in the presence of indeterminacy, thereby providing considerable advantages over existing approaches.",
author = "Conrad Williams and Jason Crampton",
year = "2015",
month = sep,
day = "22",
doi = "10.1007/978-3-319-24858-5_14",
language = "English",
isbn = "978-3-319-24857-8",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "220--235",
editor = "Sara Foresti",
booktitle = "Security and Trust Management",

}

RIS

TY - CHAP

T1 - Obligations in PTaCL

AU - Williams, Conrad

AU - Crampton, Jason

PY - 2015/9/22

Y1 - 2015/9/22

N2 - Obligations play an increasingly important role in authorization systems and are supported by languages such as XACML. However, our understanding of how to handle obligations in languages such as XACML, particularly in exceptional circumstances, is hampered by a lack of formality and rigor in the existing literature, including the XACML standard. PTaCL is an attribute-based policy language that makes use of tree-structured policies and targets, like XACML. However, PTaCL is more general than XACML and has rigorous operational semantics for request evaluation, from which a policy decision point can be implemented. In this paper, we enhance PTaCL by extending the policy syntax to include obligations and defining the obligations that should be associated with an authorization decision. Our final contribution is to extend our analysis to cases where policy evaluation may return an indeterminate value. We demonstrate that obligation semantics for PTaCL coincide with those of XACML when there is no indeterminacy. More importantly, we show that our obligation semantics provide a principled method for determining obligations for any policy-combining algorithm and the set of possible obligations in the presence of indeterminacy, thereby providing considerable advantages over existing approaches.

AB - Obligations play an increasingly important role in authorization systems and are supported by languages such as XACML. However, our understanding of how to handle obligations in languages such as XACML, particularly in exceptional circumstances, is hampered by a lack of formality and rigor in the existing literature, including the XACML standard. PTaCL is an attribute-based policy language that makes use of tree-structured policies and targets, like XACML. However, PTaCL is more general than XACML and has rigorous operational semantics for request evaluation, from which a policy decision point can be implemented. In this paper, we enhance PTaCL by extending the policy syntax to include obligations and defining the obligations that should be associated with an authorization decision. Our final contribution is to extend our analysis to cases where policy evaluation may return an indeterminate value. We demonstrate that obligation semantics for PTaCL coincide with those of XACML when there is no indeterminacy. More importantly, we show that our obligation semantics provide a principled method for determining obligations for any policy-combining algorithm and the set of possible obligations in the presence of indeterminacy, thereby providing considerable advantages over existing approaches.

U2 - 10.1007/978-3-319-24858-5_14

DO - 10.1007/978-3-319-24858-5_14

M3 - Chapter

SN - 978-3-319-24857-8

T3 - Lecture Notes in Computer Science

SP - 220

EP - 235

BT - Security and Trust Management

A2 - Foresti, Sara

PB - Springer

ER -