[FoRK] Declarative DSLs and decentralized authorization language

Jeff Bone < jbone at place.org > on > Fri Sep 15 21:59:48 PDT 2006

Found on LtU today...  from the abstract:

	http://research.microsoft.com/projects/SecPAL/

   We present a declarative authorization language. Policies and
   credentials are expressed using predicates defined by logical
   clauses, in the style of constraint logic programming. Access
   requests are mapped to logical authorization queries, consisting
   of predicates and constraints combined by conjunctions, disjunctions,
   and negations. Access is granted if the query succeeds against the
   current database of clauses. Predicates ascribe rights to particular
   principals, with flexible support for delegation and revocation.  
At the
   discretion of the delegator, delegated rights can be further  
delegated,
   either to a fixed depth, or arbitrarily deeply.

--

Meta-interest:  this is one of a few recent examples of the use of  
constraint logic programming languages (usually Datalog or variants)  
as the host language for embedding declarative DSLs that very  
concisely describe complex problems.  Another example of this of note  
is the Network Datalog stuff also mentioned on LtU a couple of weeks  
ago;  in that project networking protocols are described concisely  
and efficiently;  a routing discovery protocol implementation is  
described "in about 8 lines of code."

	http://db.cs.berkeley.edu/papers/sigmod06-declar.pdf

   First, we motivate and formally define the Network Datalog (NDlog)  
language
   for declarative network specifications.Second, we introduce and  
prove correct
   relaxed versions of the traditional semi-naive query evaluation  
technique, to
   overcome fundamental problems of the traditional technique in an  
asynchronous
   distributed setting. Third, we consider the dynamics of network  
state, and formalize
   the “eventual consistency” of our programs even when bursts of  
updates can arrive
   in the midst of query execution. Fourth, we present a number of  
query optimization
   opportunities that arise in the declarative networking context,  
including applications
   of traditional techniques as well as new optimizations. Last, we  
present evaluation
   results of the above ideas implemented in our P2 declarative  
networking system,
   running on 100 machines over the Emulab network testbed.
--

This is all giving me a sort of "back to the future" moment, a kinda  
deja vu flashback of sitting listening to John McCarthy expound  
passionately about situational calculus and higher-order predicate  
logic.  But why not?  This approach seems to have a lot to offer for  
a wider range of applications than might be immediately obvious;   
it's apparently quite straightforward to create a wide range of  
domain specific languages for widely different and complex problems  
in a concise, correct, and efficient fashion.  So --- is constraint  
logic programming the Next Big Thing?



jb



More information about the FoRK mailing list