DKAL: Distributed-Knowledge Authorization Language

DKAL is an expressive declarative authorization language based on existential fixed-point logic. It was inspired by SecPAL but is considerably more expressive within the same bounds of computational complexity. Distributed knowledge is the most conspicuous distinguishing feature of DKAL; in particular it makes DKAL appropriate for user-centric access control. Other distinguishing features include targeted communication that is beneficial with respect to efficiency, privacy, security and liability aspects, information order of facts that makes computations more efficient, reflection that allows principals to speak about what has been said to them, stronger delegation.

First appeared as Microsoft Research technical report MSR-TR-2007-116, August 2007. (Under related items.)

This version is Microsoft Research technical report MSR-TR-2008-09, January 2008.