SecPAL

SecPAL is a declarative, logic-based, security policy language that has been developed to support the complex access control requirements of large scale distributed computing environments.^[1]^[2]^[3]^[4]

Common access control requirements

Here is a partial-list of some of the challenges that SecPAL addresses:

How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries?
How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization?
How can access control policy be authored and reviewed in a manner that is
human readable
- allowing auditors and non-technical people to understand such policies?
How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource?
How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?

Architecture

The SecPAL Research homepage includes links to the following papers which describe the architecture of SecPAL at varying levels of abstraction.^[5]

SecPAL Formal Model ("Design and Semantics of a Decentralized Authorization Language") – Formal description of the abstract types, language semantics and evaluation rules that support deterministic evaluation in efficient time.
SecPAL Schema Specification – Specification describing a practical XML based implementation of the formal model targeted at supporting access control requirements of distributed applications
.NET Research Implementation of SecPAL – C# implementation, C# samples for common authz patterns, and comprehensive developer documentation and a getting started tutorial

Additional research

IEEE Grid 2007 - Fine Grained Access Control Using SecPAL^[6]
SecPAL for Privacy^[7]^[8]

References

^ "SecPAL - Microsoft Research". research.microsoft.com. Archived from the original on 28 April 2016. Retrieved 12 January 2022.
^ "Microsoft Building Security Language for Grids". 13 September 2006.
^ "Microsoft Invites Collaboration with Grid Computing Research". 30 April 2007.
^ "Access Control in Grid Computing Environments". 7 May 2007.
^ "Microsoft – Cloud, Computers, Apps & Gaming". Archived from the original on 2009-11-06.
S2CID 14763595
.

S2CID 17197217
.

^ Mo Becker; Alexander Malkis; Laurent Bussard (April 2010). "S4P: A Generic Language for Specifying Privacy Preferences and Policies". Microsoft. Retrieved 14 February 2023.

v
t
e
Microsoft Research (MSR)
Main
projects
Languages, compilers

Bartok

Bosque

Cω

F*

Lean

P

Project Verona

Phoenix

Polyphonic C#

SecPAL

Distributed–grid computing

BitVault

Confidential Consortium Framework

DeepSpeed

Orleans

Internet, networking

AjaxView

Avalanche

Conference XP

Gazelle

HoneyMonkey

Penny Black

Wallop

WikiBhasha

Other projects

Automatic Graph Layout

Cognitive Toolkit

Digits

Holoportation

IllumiRoom

Image Composite Editor

Infer.NET

LightGBM

LiveStation

MyLifeBits

Neural Network Intelligence

NodeXL

OneFuzz

PhotoDNA

SEAL

SLAM

T2 Temporal Prover

WorldWide Telescope

Z3 Theorem Prover

Operating systems

Barrelfish

HomeOS

Midori

Singularity

Verve

APIs

Accelerator

Dryad

Joins

mimalloc

SXM

Launched as products

C#

Comic Chat

Detours

F#

Sideshow

PixelSense (TouchLight)

SenseCam

ClearType

Group Shot

Allegiance

TrueSkill

Songsmith

Xbox
Kinect

MSR Labs
applied
research
Live Labs
Current

Pivot

Seadragon
Deep Zoom

Discontinued

Deepfish

Listas

Live Clipboard

Photosynth

Volta

FUSE Labs

Docs.com

Kodu

Other labs

Academic Search

adCenter Labs

Office Labs

Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=SecPAL&oldid=1172345358"

[1] "SecPAL - Microsoft Research". research.microsoft.com. Archived from the original on 28 April 2016. Retrieved 12 January 2022.

[2] "Microsoft Building Security Language for Grids". 13 September 2006.

[3] "Microsoft Invites Collaboration with Grid Computing Research". 30 April 2007.

[4] "Access Control in Grid Computing Environments". 7 May 2007.

[5] "Microsoft – Cloud, Computers, Apps & Gaming". Archived from the original on 2009-11-06.

[6] S2CID 14763595
.

[7] S2CID 17197217
.

[8] Mo Becker; Alexander Malkis; Laurent Bussard (April 2010). "S4P: A Generic Language for Specifying Privacy Preferences and Policies". Microsoft. Retrieved 14 February 2023.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]