Fakultät für Informatik und Mathematik


Paper Description

BibTeX entry

author={Christopher Alm, Ruben Wolf},
title={{The Definition of the OPL Access Control Policy Language}},
institution={{Fakult{\"a}t f{\"u}r Informatik und Mathematik, Universit{\"a}t Passau, Germany}},


Existing policy languages suffer from having a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [24], binding of duty [17], context constraints [21], Chinese wall [7], and obligations [19]. Furthermore, it is often difficult to extend a language in order to retrofit these features once required or it is necessary to make use of complicated and complex language constructs to express a concept. In particular, the latter may cause human mistakes in the policy administration.
To address this problem, this report introduces a flexible, new policy language. The full language specification is given including a formal semantics written in Object Z and a formal syntax defined in XML. OPL can represent a wide range of access control principles directly by providing dedicated XML tags for each supported principle. It can be easily extended with further principles if necessary. Since OPL is based on a module concept, it can cope with the language complexity that usually comes with a growing expressiveness. Altogether OPL is suitable to be used in an enterprise environment: it combines the required expressiveness with the simplicity necessary for an appropriate administration. A considerable reference scenario is included in this report.

Paper itself