PeerAccess: a logic for distributed authorization.

ABSTRACTThis paper introduces the PeerAccess framework for reasoning about authorization in open distributed systems, and shows how a parameterization of the framework can be used to reason about access to computational resources in a grid environment. The PeerAccess framework supports a declarative description of the behavior of peers that selectively push and/or pull information from certain other peers. PeerAccess local knowledge bases encode the basic knowledge of each peer (e.g., Alice's group memberships), its policies governing the release of each possible piece of information to other peers, and information that guides and limits its search process when trying to obtain particular pieces of information from other peers. PeerAccess proofs of authorization are verifiable and nonrepudiable, and their construction relies only on the local information possessed by peers and their parameterized behavior with respect to query answering, information push/pull, and information release policies (i.e., no omniscient viewpoint is required). We present the PeerAccess language and peer knowledge base structure, the associated formal semantics and proof theory, and examples of the use of PeerAccess in constructing proofs of authorization to access computational resources.