Monday, July 30th

SecPAL and Software Licenses


The CARMEN project and in particular its consortium have identified a novel way of processing license information attached to software resources. We believe that SecPAL's formal model provides a grammar rich enough to capture lisence information. We have started work on the CreativeCommons Lisence with other lisences to follow.

By attaching these lisences expressed as SecPAL policies into resources we can predict whether the desired objective of a workflow enactment (for example identifying the function of a set of brain neurons and publicizing it) would be prohibited due to lisence constraints of the individual pieces of data or services used to accomblished the desired goal. the Following is the CC license example.

Creative commons license

1. to Share — to copy, distribute and transmit the work
2. to Remix — to adapt the work

Under the following conditions:

1. Attribution. You must attribute the work in the manner specified by the author or licensor(but not in any way that suggests that they endorse you or your use of the work).

2. For any reuse or distribution, you must make clear to others the license terms of this work. The best way to do this is with a link to this web page.

3. Any of the above conditions can be waived if you get permission from the copyright holder.

4. Nothing in this license impairs or restricts the author's moral rights.

SecPAL Definition

We assume x is the owner of a resource r
We assume that y is any user

FACTS
x can distribute r
x can copy r
x can transmit r

CLAIMS
y can act as x if y possesses "credential c1"
**credential c1 refers to the written permission given to y by x (condition 3)
ASSERTION
x can say y can act as x

periorellis on 07.30.07 @ 04:55 PM gmt [link]


SecPAL Development


The folllowing snipet of code is the JAVA implementation of the canActAs example that you can find in the .NET implementation. I find it cool that both API's (NET and JAVA) are identical (well almost) as this promotes interoperability between Linux/Windows developers. In addition it allows developers to build on their .NET experience (from the released version) rather than learn the JAVA API from scratch. I will put some screenshots up from a GUI that demonstrates SecPAL policies soon.

package org.secpal.test;

import org.secpal.*;
import java.util.ArrayList;
import java.util.List;

public class CanActAsScenario {

private KeyHolderPrincipal stsPrincipal = new KeyHolderPrincipal("K-STS");

public List getPolicies() {
List policies = new ArrayList();
List claims = new ArrayList();


claims.add(
new Claim(
new CanSayFact(
this.stsPrincipal,
new PossessFact(
new PrincipalVariable("p"),
new AttributeVariable("a"),
new FactQualifier(
new DateTimeVariable("t1"),
new DateTimeVariable("t2"),
new LocationVariable("f"),
new DurationVariable("ts")))),
new Constraint[] {
new DurationConstraint("t1", "t2", 366, 0, 0, 0),
new TemporalConstraint("t1", "t2"),
new AttributeMatchConstraint(
"a",
AttributeType.RFC_822_NAME,
new String[] {".*@fabrikam\\.com"}) }));

claims.add(
new Claim(
new ActionFact(
new PrincipalVariable("p"),
ActionVerbs.READ,
new Resource(
"digitalContent",
"file:///public/")),
new Fact[]{new PossessFact(
new PrincipalVariable("p"),
new AttributeVariable("a"))},
new Constraint[]{ new AttributeMatchConstraint(
"a",
AttributeType.RFC_822_NAME,
new String[]{".*@fabrikam\\.com"})}));


claims.add(
new Claim(
new CanSayFact(
this.stsPrincipal,
new CanActAsFact(
new PrincipalVariable("x"),
new PrincipalVariable("y")))));

policies.add(
new Policy(
new PrincipalIssuer(new LocalAuthorityPrincipal()),
claims));

return policies;
}
}

periorellis on 07.30.07 @ 04:28 PM gmt [link]

Tuesday, July 3rd

SecPAL Progress


I blogged a few weeksback about my interest in SecPAL and in particular evaluating the language itself against a large Grid type project. I have managed to convince my manager and fellow colleagues to try using SecPAL on the CARMEN project. The complexity and specificity of the requirements of the resource owners make a good test bed for any such technology.

Microsoft made SecPAL and in particular the Schema and the .NET implementation available a few months back and I decided -as a hobby mostly -but also to freshen up my programming skills to develop a JAVA API for it.

I am proud to submit the actual object model of the SecPAL Schema for JAVA. The package contains a set of classes which can also be found in the .NET implementation but also a couple of additional classes for exception handling and general management purposes.

SecPAL JAVA API documentation is here. This will be shortly followed by another package that has entirely to do with passing SecPAL policies to Datalog (i.e. transforming SecPAL policies into datalog scripts)

Having failed to find a decent datalog engine on the web (Can't believe nobody has actually implemented one that i could use) I decided to build my own. I wish i'd started earlier on this. In any case, the final package which is eagerly awaited by my collegues is the SecPAL Datalog engine which should be avail within a couple of weeks from now.

SecPAL for JAVA is almost HERE. Watch this space as i will start blogging examples on about the usage of the API. More soon....


panos on 07.03.07 @ 04:11 PM gmt [link]