Soutei, a Logic-Based Trust-Management System

9 years 2 months ago
Soutei, a Logic-Based Trust-Management System
We describe the design and implementation of a trust-management system Soutei, a dialect of Binder, for access control in distributed systems. Soutei policies and credentials are written in a declarative logic-based security language and thus constitute distributed logic programs. Soutei policies are modular, concise, and readable. They support policy verification, and, despite the simplicity of the language, express role- and attribute-based access control lists, and conditional delegation. We describe the real-world deployment of Soutei into a publish-subscribe web service with distributed and compartmentalized administration, emphasizing the often overlooked aspect of authorizing the creation of resources and the corresponding policies. Soutei brings Binder from a research prototype into the real world. Supporting large, truly distributed policies required non-trivial changes to Binder, in particular mode-restriction and goal-directed top-down evaluation. To improve the robustness o...
Andrew Pimlott, Oleg Kiselyov
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Authors Andrew Pimlott, Oleg Kiselyov
Comments (0)