In this section we review prior research in representation and evaluation of authorization. Formal semantics for policy representation and evaluation has been used by other researches, in particular Woo and Lam [15].
Their work addresses general concerns as ours, in particular, positive and negative authorizations and providing computable semantics. In our model, authorization is given a precise semantics independent of underlying policy requirements. This distinguishes our work from [15] where a formal notion of an authorization policy has different semantics for each set of authorization requirements.
The Policy Maker system described in the papers by Blaze, et al. [4], [5] focuses on construction of a practical algorithm for determining trust decisions. Policies and credentials encode a set of trust relationships among the issuing sources.
In Policy Maker's terminology, ``proof of compliance question'' asks if the request 3#3, supported by a set of credentials complies with a policy 4#4. This is equivalent to the authorization question that we consider in our work: ``is request 3#3 authorized by the policy 4#4 (in our model credentials are contained in the request)''. Their approach, however, is different from ours.
In our approach, the information passed to the authorization engine with the authorization request is used to evaluate conditions in the relevant policy statements. Each condition is evaluated just one time. The order of condition evaluation is important.
In Policy Maker, the credentials and policy (called assertions) are used collectively to compute a proof of compliance. The assertions can be run in arbitrary order (and possibly many times) and produce intermediate results, that then can be fed into other assertions. Policies, representable in the Policy Maker, are restricted to the set of policies which do not produce side-effects, resulting in change of the system state. The Policy Maker can be integrated in our model as a component for evaluation of the trust constraints conditions.
Detailed formal language specification based on set and function formalism is given in the paper by Sandhu [2] for specific constraints of separation of duty in role based environment. The language semantics is defined by a restricted form of the first order logic. The formal language provides a useful model to study properties of conflict of interests, in particular separation of duty.
The paper by Abadi, et al. [1] presents a logical language for access control lists. They study the notions of delegation, roles and groups using their logical language and rules for making access control decisions.
The exploratory work by Moffet and Sloman [11] is aimed to understanding policy semantics. The two aspects of a policy are considered: motivation and actual ability to carry out actions.