Skip to content

Latest commit

 

History

History
60 lines (43 loc) · 6.84 KB

README.md

File metadata and controls

60 lines (43 loc) · 6.84 KB
Raw

Example Access Control Rules and Reasoning

This Milestone documents interesting access control use cases for Solid. The aim is to see how these rules could be written out as an extension to Solid WAC, and the reasoning that would be needed by a client to work out if it can access a resource according to those rules and a guard to verify a proof sent to it.

The work consisted in

  1. Documenting decentralized use cases of access control (from single ACLs to foaf networks to Verifiable credential-based ones, delegation, etc.)
  2. Extensions to Solid Web Access Control needed to implement those use cases
  3. Describing in natural language the type of reasoning the client needs to follow to know it could satisfy the ACL rules
  4. Describe in natural language the type of reasoning the server needs to follow if given proof by the client
  5. Writing up summaries of key Access Control Logics for decentralized access control as the concepts used there became used in the examples to formalize the reasoning
  6. Start mapping the "says" logic to N3
  7. Interact with W3C N3, RDF Surfaces, and Verifiable Credentials Community Groups, EYE N3 reasoner, for questions and to point them to these use cases

This work is ongoing. But it is already proving useful in conversations with various people around the Solid ecosystem and beyond.

The aim is also to use these to develop mini test-cases that we can then deploy on the solid server to test the Wallet.

I put together a repository collecting both

  1. information about the Access Control Logics for decentralised systems
  2. a set of use cases to test and stretch those Access Control Logics

The research led me to start working more closely with the N3 Community Group, the RDF Surfaces CG and the W3C Verifiable Credentials.

1. Logics

This section collects research on Logics for access control. The main logic is the "says" logic developed by Abadi, Needham, Burrows in the 1990s with some very interesting updates in 2009 by Deepak Garg. Furthermore in 2009 Dan Connolly also worked on mapping these to N3 at the W3C TAG. See discussion in N3 issue 203, which led to me writing up an argument on ACLsDont.

  • RelBac - a description logic for access control based on simple relations designed for web access control
  • Says - the basic modal logics of "Saying that" started in the early 1990s by Burrows, Abadi, Needham, Garg and others.
  • ACL - from Access Control Lists to Access Control Logics
  • ACLsDon't - an analysis of the argument against ACLs and in favor of capabilities. I argue that the proof objects of AC Logic are the capabilities, and that can help understand the Confused Deputy Problem.
  • Verifiable Credentials - a description of the Verifiable Credentials Data Model, mapping the JsonLD examples to N3, and drawing them out as graphs, to make it clear who is saying what about whom. Doing that led to VC Data Model issue 1248 where I argue that the model is placing the signature in a context whereas it should be placing the claim in the graph context. This makes the signature useless, as soon as the graph is merged with another one as explained in my 3rd comment. The VC community is working on the VC Data Model and Vocabulary 2.0, so there is a chance to fix this for the next version.

2. Use Cases

In this section, we explore important use cases of access control for Solid, and the type of reasoning that would be needed on the client and on the server for those to succeed. The idea is to see if one can think of intuitive reasoning strategies for individual cases, and then to see if there is a way to generalize those, by applying the says logic of the previous section. The use cases need not all be implemented immediately but are meant to push the design requirements as far as possible so that we can then choose the best logic and reasoning strategy for our needs.

A strong intuition of mine is that all interesting Access Control Use cases can be done by extending Web Access Control spec used by Solid (WAC+). This has the advantage that at its core WAC is very simple, so it is easy to reason about. A few years ago we started on a comparison with ACP, and this was looking good for WAC+.

  • Basic looks at the basic authentication use cases using a public key and then extending it to a WebId to make it easier to maintain access control rules
  • Foaf explores the important social networking use cases that launched interest in this whole enterprise to start with. We look at a simple friend network, followed by a friend of a friend of a friend. This last one brings up an unavoidable scale problem: assume each person has 100 non-overlapping friends, we would end up creating a social network 100100100=1 000 000=1 million people large
  • Client Auth looks at the problem of limiting Apps. We distinguish two types of limitations from the client side and the server side. We show how these map to says logic.
  • Delegation looks at Delegation use cases
  • Deepak Garg's Phd Deepak Garg's 2009 PhD built a detailed extension of the says logic for access control purposes with full proof-procedures. We want to see how far we can adapt those to the Web. (very much work in progress)
  • Verifiable Credentials looks at how one can use W3C Verifiable Credentials standards for access control
  • WoN.md the certificate-based examples will often require a Web of Nations infrastructure. We look at examples of these.

This will be ongoing work as the project proceeds and for the Ph.D.