Abduction and Deduction in Logic Programming for Access Control for Web Services
Lecturer(s):Hristo Koshutanski (University of Trento)
Type:Advanced Course
Section:Logic and Computation
Time: 11.00-12.30 (Slot 2)
Room:EM 3.06


Controlling access to services is a key aspect of Web Services and the
last few years have seen the domination of policy-based access
control. The intuition is that actions of nodes ``controlling" the
communication are automatically derived from policies. Policies can be
``simple'' event-action rules for Linux firewalls or complex
logical policies expressed in languages such as Ponder

      Abstracting away the details of the policy implementation, we
can observe that only one reasoning service is actually used by policy
based self-management: deduction. Given a policy and a set of
additional facts and events, we find out all consequences (actions or
obligations) of the policy and the facts, i.e. whether granting the
request can be deduced from the policy and the current facts.

      One of the problem for Web services is that no partner may guess
a priori what kind of credentials will be sent by clients and clients
may not know a priori which credentials are required for completing a
business process. So Web Services needs at least another reasoning
service: abduction. Loosely speaking, abduction is deduction in
reverse: given a policy and a request for access to services, find the
credentials/events that would grant access, i.e. a (possibly minimal)
set of facts that added to the policy would make the request a logical

      In this course we will show a logical framework for reasoning
about access control for Web services based on answer set
programming. Our model is based on interaction and exchange of
requests for supplying or declining missing credentials between two
partners each of them possibly running his/hers deduction and
abduction algorithm.

      During the course we will see the formal reasoning services
(deduction, abduction, consistency checking) that characterise the
problem. We discuss the issue of soundness, and completeness, the
problem of disclosure of policy information and step-wise deduction.

Prerequisite: Logic or Answer Set Programming or Datalog. 


© ESSLLI 2005 Organising Committee 2005-07-12