diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-14 11:42:44 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-14 11:42:44 -0600 |
| commit | 80f1b83544b3482cbcdab8cdf521a92f2afdfa16 (patch) | |
| tree | bcd49ee93146e38294198c874a1966f4de8cadae | |
| parent | 9ecf8c07697f3ffad2ea52a6521ef76175abec05 (diff) | |
docs: describe the ReBAC policy expressed as a formula
| -rw-r--r-- | doc/share/authz/README.md | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/share/authz/README.md b/doc/share/authz/README.md index fd72bbc9..6ff649a2 100644 --- a/doc/share/authz/README.md +++ b/doc/share/authz/README.md @@ -175,6 +175,35 @@ essentially formulating the following policy: `grant p to user u if R(u)`. PriMA is another recently proposed privacy protection mechanism for SNSs. +Policy + +Let `U` be the set of all users in the system. +Accesses are directed against resources. A resource may represent one or more +objects or certain system operations. Let `R` be the set of resources protected +by the SNS. A typical member of `R` is denoted by `r`. + +Assocated with every access request are therefore the following: + +* a protected resource that is being accessed +* the owner of that resource +* the accessor of that resource who requests access. + +Owner of a resource implies that the accessor must be in a specific kind of +relationship with the owner in order be granted. Huh? + +Associated with every resource is an `access control policy`. +Policy is modeled as a ternary predicate: `U x U x G(U, I) => {0, 1}`. + +A protection system N is a 7-tuple (I, U, R, C, C0, policy, owner) where: + +* `I` is the set of relation identifiers (See my question in the README about resource identifiers in our system) +* `U` is a finite set of users in the system +* `R` is a finite set of resources to be protected by the system. +* `C` is a _infinite_ universe of `access contexts`. + * `C0` is the root context. (* Could this be the root `Organization` that a `User` belongs to?) +* `R => PP(U, I)` assigns a policy predicate to every resource in the system. (This means that every resource is addressable through a universal identifier, right? Goodbye `bigint`? Yay!) +* `owner: R -> U` is a function that assigns an owner to every resource in the system. + References * [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf) |