Piero A. Bonatti, Fabio Mogavero:
Comparing rule-based policies.
Abstract
Policy comparison is useful for a variety of applications,
including policy validation and policy-aware service selection. While
policy comparison is somewhat natural for policy languages based on
description logics, it becomes rather difficult for rule-based policies.
When policies have recursive rules, the problem is in general
undecidable. Still most policies require some form of recursion to
model-say-subject and object hierarchies, and certificate chains. In
this paper, we show how policies with recursion can be compared by
adapting query optimization techniques developed for the relational
algebra. We prove soundness and completeness of our method, discuss the
compatibility of the restrictive assumptions we need w.r.t. our reference
application scenarios, and report the results of a preliminary set of
experiments to prove the practical applicability of our approach.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2008-037
@inproceedings{REWERSE-RP-2008-037, author = {Piero A. Bonatti and Fabio Mogavero}, title = {Comparing rule-based policies}, booktitle = {Proceedings of 2008 IEEE Workshop on Policies for Distributed Systems and Networks, Palisades, NY, USA (2nd--4th June 2008)}, year = {2008}, organization = {IEEE}, pages = {11--18}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2008-037} }