Obligations in PTaCL

  • Jason Crampton
  • Conrad Williams
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9331)


Obligations play an increasingly important role in authorization systems and are supported by languages such as XACML. However, our understanding of how to handle obligations in languages such as XACML, particularly in exceptional circumstances, is hampered by a lack of formality and rigor in the existing literature, including the XACML standard. PTaCL is an attribute-based policy language that makes use of tree-structured policies and targets, like XACML. However, PTaCL is more general than XACML and has rigorous operational semantics for request evaluation, from which a policy decision point can be implemented. In this paper, we enhance PTaCL by extending the policy syntax to include obligations and defining the obligations that should be associated with an authorization decision. Our final contribution is to extend our analysis to cases where policy evaluation may return an indeterminate value. We demonstrate that obligation semantics for PTaCL coincide with those of XACML when there is no indeterminacy. More importantly, we show that our obligation semantics provide a principled method for determining obligations for any policy-combining algorithm and the set of possible obligations in the presence of indeterminacy, thereby providing considerable advantages over existing approaches.


Policy Language Policy Evaluation Target Evaluation Access Control Policy Access Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alqatawna, J., Rissanen, E., Firozabadi, B.S.: Overriding of access control in XACML. In: 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2007), pp. 87–95. IEEE Computer Society (2007).
  2. 2.
    Ardagna, C.A., di Vimercati, S.D.C., Foresti, S., Grandison, T., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Comput. Secur. 29(8), 848–858 (2010). CrossRefGoogle Scholar
  3. 3.
    Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 197–206 (2009)Google Scholar
  4. 4.
    Cheng, P., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In: 2007 IEEE Symposium on Security and Privacy (S&P 2007), pp. 222–230. IEEE Computer Society (2007).
  5. 5.
    Crampton, J., Huth, M.: An authorization framework resilient to policy evaluation failures. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 472–487. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  6. 6.
    Crampton, J., Morisset, C.: PTaCL: a language for attribute-based access control in open systems. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 390–409. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  7. 7.
    Dimmock, N., Belokosztolszki, A., Eyers, D.M., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 156–162 (2004)Google Scholar
  8. 8.
    Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  9. 9.
    Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 134–143. ACM (2006).
  10. 10.
    JASON Program Office: Horizontal integration: Broader access models for realizing information dominance. Technical Report JSR-04-132, MITRE Corporation (2004)Google Scholar
  11. 11.
    Kleene, S.: Introduction to Metamathematics. D. Van Nostrand, Princeton (1950) zbMATHGoogle Scholar
  12. 12.
    Li, N., Chen, H., Bertino, E.: On practical specification and enforcement of obligations. In: Bertino, E., Sandhu, R.S. (eds.) Second ACM Conference on Data and Application Security and Privacy, CODASPY 2012, pp. 71–82. ACM (2012).
  13. 13.
    Li, N., Wang, Q., Qardaji, W.H., Bertino, E., Rao, P., Lobo, J., Lin, D.: Access control policy combining: theory meets practice. In: Carminati, B., Joshi, J. (eds.) SACMAT 2009, 14th ACM Symposium on Access Control Models and Technologies, Proceedings, pp. 135–144. ACM (2009).
  14. 14.
    Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0 OASIS Standard (2005).
  15. 15.
    Ni, Q., Bertino, E., Lobo, J.: D-algebra for composing access control policy decisions. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 298–309. ACM (2009)Google Scholar
  16. 16.
    Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0 OASIS Standard (2012).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Royal HollowayUniversity of LondonLondonUK

Personalised recommendations