The goal of the Security Policy Assertion Language (SecPAL) project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft's Chief Research and Strategy Officer and Microsoft Research Cambridge.
Overview
The development of large-scale, decentralized distributed computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfy these needs. They typically lack precision and/or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management.
The goal of the SecPAL project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft's Chief Research and Strategy Officer and Microsoft Research Cambridge.
Project Members
Researchers
Incubation Team Members
- Blair Dillaway
- Gregory Fee
- Jason Hogg
- Larry Joy
- Brian LaMacchia
- John Leen
- Jason Mackay
Publications
- Moritz Y. Becker, Cedric Fournet and Andrew D. Gordon. Design and Semantics of a Decentralized Authorization Language. In 20th IEEE Computer Security Foundations Symposium (CSF), 3--15, 2007
- Moritz Y. Becker, Cedric Fournet, Andrew D. Gordon, SecPAL: Design and Semantics of a Decentralized Authorization Language, Technical Report MSR-TR-2006-120, Microsoft Research, September 2006.
- Blair Dillaway, A Unified Approach to Trust, Delegation, and Authorization in Large-Scale Grids, Technical Paper, Microsoft Corporation, September 2006.
Downloads
- Security Policy Assertion Language (SecPAL) Specification, Version 1.0, 15 February 2007
- SecPAL Schema, Version 1.0
- SecPAL Research Release for .NET, Version 1.1
- SecPAL parser sample
External Links
- SecPAL Forum
- Blair Dillaway, A Unified Approach to Trust, Delegation, and Authorization in Grids, Talk at GridWorld/GGF18, Washington DC, USA, September 2006 [slides].
