Re: [xacml] Proposed Agenda - October 30

[Frank Siebenlist <franks@mcs.anl.gov>]

Please blame Polar, but I won't have anything to show for tomorrow's telcon. 
I've been spending time trying to understand his document, which also forced me 
to do a quick crash course in Haskell...

What I understand so far is that Polar's document is a true tour de force. He 
also convinced me that by mapping the xacml language in a pure functional 
declarative language, it gives us a very good foundation to reason and discuss 
the xacml language semantics and feature, and to discover the possible 
inconsistencies and ambiguities.

My hope is that it will also give use a good language to tackle the issue of how 
best to add these delegation features to the language in a clean and concise 
way. Intuitively, I feel that only minimum changes will be needed, but I need 
some more time to figure out how to speak xacml in Haskell good enough to go to 
the next step.

Regards, Frank.

PS. For those of you diving into Haskell for the first time, I can recommend Hal 
Daume's "Yet Another Haskell Tutorial" (http://www.isi.edu/~hdaume/htut), which 
is somewhat more "gentle" for a novice than "A Gentle Introduction to Haskell".


Polar Humenn wrote:

> On Wed, 29 Oct 2003, Frank Siebenlist wrote:
> 
> 
>>I'm sorry, but I won't be able to make tomorrow's call as I'm on the road.
>>
>>After the discussions Polar, Simon and I had at the end of the F2F, I'm in the
>>process of writing another note to describe the more formal approach that we
>>could take to implement the delegation. I believe that the three of us we pretty
>>much in agreement, and the most difficult thing seems to be the notation to use,
>>so I reading up on what others have published about that...
> 
> 
> Ah ha!
> 
> On the same note, when Frank and I those things, we though a language to
> talk about XACML would be greatly beneficial. If you know me, I'd prefer
> this language to be a formal one. :)
> 
> So, I am in the midst of writing a fairly lengthy report, (Yikes! 58
> pages!) called "Formal Semantics of XACML." The Draft is ready. Seth also
> had someone him, and in turn, asked me, if there was a formal semantics
> for XACML.  So, here it is!
> 
> Instead of doing quasi-standard denotational semantic notation, I used
> Haskell, which has a formal denotational semantics of its own. So, by
> transitivity, my semantic description of XACML 1.1 has a formal semantics.
> (Provided implementations follow it :). All the Haskell in there feeds
> into a Haskell interpreter (Hugs 98) and works. I can even get a good
> policy decision out of from the sample request context and policy out of
> her.
> 
> The analysis brought up some interesting points on ambiguities (mostly
> dealing with Indeterminate), and how combinators are evaluated, and how
> obligations are processed.
> 
> Michiharu and Satoshi should look at my approach on the combinators with
> obligations, please.
> 
> And as Seth pointed out, the semantics of return status is completely
> punted on.
> 
> The PDF will be attached in a following message.
> 
> Cheers,
> -Polar
> 

-- 
Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory