Trust management (TM) is a promising approach for authorization and access control in distributed systems, based on signed distributed policy statements expressed in a policy language. Although several TM languages are semantically equivalent to subsets of DATALOG, DATALOG is not sufficiently expressive for fine-grained control of structured resources. We define the class of linearly decomposable unary constraint domains, prove that DATALOG extended with constraints in any combination of such constraint domains is tractable, and show that permissions associated with structured resources fall into this class. We also present a concrete declarative TM language, RT_1~C, based on constraint DATALOG, and use constraint DATALOG to analyze another TM system, KeyNote, which turns out to be less expressive than RT_1~C in significant respects, yet less tractable in the worst case. Although constraint DATALOG has been studied in the context of constraint databases, TM applications involve different kinds of constraint domains and have different computational complexity requirements.
展开▼
