Re: [xacml] Proposed Agenda - October 30

[Polar Humenn <polar@syr.edu>]

On Wed, 29 Oct 2003, Frank Siebenlist wrote:

> I'm sorry, but I won't be able to make tomorrow's call as I'm on the road.
>
> After the discussions Polar, Simon and I had at the end of the F2F, I'm in the
> process of writing another note to describe the more formal approach that we
> could take to implement the delegation. I believe that the three of us we pretty
> much in agreement, and the most difficult thing seems to be the notation to use,
> so I reading up on what others have published about that...

Ah ha!

On the same note, when Frank and I those things, we though a language to
talk about XACML would be greatly beneficial. If you know me, I'd prefer
this language to be a formal one. :)

So, I am in the midst of writing a fairly lengthy report, (Yikes! 58
pages!) called "Formal Semantics of XACML." The Draft is ready. Seth also
had someone him, and in turn, asked me, if there was a formal semantics
for XACML.  So, here it is!

Instead of doing quasi-standard denotational semantic notation, I used
Haskell, which has a formal denotational semantics of its own. So, by
transitivity, my semantic description of XACML 1.1 has a formal semantics.
(Provided implementations follow it :). All the Haskell in there feeds
into a Haskell interpreter (Hugs 98) and works. I can even get a good
policy decision out of from the sample request context and policy out of
her.

The analysis brought up some interesting points on ambiguities (mostly
dealing with Indeterminate), and how combinators are evaluated, and how
obligations are processed.

Michiharu and Satoshi should look at my approach on the combinators with
obligations, please.

And as Seth pointed out, the semantics of return status is completely
punted on.

The PDF will be attached in a following message.

Cheers,
-Polar