A Formalization of Distributed Authorization with Delegation

  • Shujing Wang
  • Yan Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)


Trust management is a promising approach for the authorization in distributed environment. There are two key issues for a trust management system: how to design high-level policy language and how to solve the compliance-checking problem [3,4]. We adopt this approach to deal with distributed authorization with delegation. In this paper, we propose an authorization language \({\cal AL}\), a human-understandable high level language to specify various authorization policies. We define the semantics of \({\cal AL}\) through Answer Set Programming. Language \({\cal AL}\) has rich expressive power which can not only specify delegation, threshold structures addressed in previous approaches, but also represent structured resources and privileges, positive and negative authorizations, separation of duty, incomplete information reasoning and partial authorization and delegation. We also demonstrate the application of language \({\cal AL}\) through an authorization scenario.


Access control trust management authorization delegation answer set programming knowledge representation nonmonotonic reasoning 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)zbMATHCrossRefGoogle Scholar
  2. 2.
    Bertino, E., Buccafurri, F., Ferrari, E., Rullo, P.: A Logical Framework for Reasoning on Data Access Control Policies. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop(CSFW-12), pp. 175–189. IEEE Computer Society Press, Los Alamitos (1999)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the Symposium on Security and Privacy, pp. 164–173. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance-checking in the PolicyMaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The Role of Trust Management in Distributed Systems. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Jajodia, S., Samarati, P., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)zbMATHCrossRefGoogle Scholar
  7. 7.
    Li, N., Feigenbaum, J., Grosof, B.N.: A logic-based knowledge representation for authorization with delegation (extended abstract). In: Proceedings of the IEEE Computer Security Foundations Workshop (CSFW-12), June, pp. 162–174. IEEE Computer Society Press, Los AlamitosGoogle Scholar
  8. 8.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)Google Scholar
  9. 9.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation Logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security (TISSEC) (February 2003)Google Scholar
  10. 10.
    Syrjänen, T.: Lparse 1.0 User’s Mannual,
  11. 11.
    Wang, S., Zhang, Y.: Handling Distributed Authorization with Delegation through Answer Set Programming (2005) (manuscript)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Shujing Wang
    • 1
  • Yan Zhang
    • 1
  1. 1.University of Western SydneyAustralia

Personalised recommendations