1. IntroductionThe trust policy language (TPL) is a language used to define groups and rules for becoming a group member. Rules are functions on certificate fields and to become a member in a group one has to present a certificate. Groups can represent roles and thus, a role based access control system can use the TP system to assign roles to a non predefined population. This situation is typical to e-business where the accessed population in not known in advance.
See Policy DTD for the exact syntax of the Policy.
The TPL syntax is written in XML. At the top level are groups
and under each group are rules for group membership. Each rule has some inclusion statements to define the valid
certificates that it should check and a function, which is implemented
as a computation tree with conditions on certificate's fields.
Example - A retailer who give discounts to preferred customersThe policy below defines that a preferred customer is an employee of a department of a partner company. The policy defines a "partners" group whose members are set by certificates signed by the retailer. Then, there is a "departments" group whose members are departments in one of the "partners" companies. A preferred customer (the "customers" group) is an employee of one of the departments.
2. The language release 1.0The <POLICY> tag
The <GROUP> tag
The <RULE> tag
The <INCLUSION> tag
The <EXCLUSION> tag
The <FUNCTION> tag
The <AND>, <OR> tags
The <NOT> tag
The <EQ>, <NE>, <GT>, <GE>, <LT>, <LE> tags
The <FIELD> tag
The <CONST> tag
2.1 The <POLICY> tagThis is the root node in the tree.
2.1.2 ChildrenThe Groups that forms the policy.
2.2 The <GROUP> tagA group is an entity that is used to group members where a member is represented by a public key. A group can be used as a role group in role based access control systems. A special group is the 'self' group, which includes the self public key.
2.3 The <RULE> tagA rule is a function on certificate's fields and it is used to determine group membership.
2.4 The <INCLUSION> tagAn Inclusion statement stands for "Exist a certificate X" such that the function holds. Note that the function refers to fields of certificate X.
2.6 The <FUNCTION> tagThe function is a set of constraints on certificates fields. A function is built as a computation tree where internal nodes are logical operators (AND, OR, NOT) and relations (EQ, GT etc) and leaves are FIELDS and Constants . A certificate instance is a tuple of certificates (C1, ... Ck,Ck+1,...Cn) where k is the number of INCLUSION tags and n-k is the number of EXCLUSION tags in the RULE and certificate Ci passed the i'th INCLUSION filter. Evaluation of the function tree is done independently for each certificate instance and the function is true if at least one instance satisfies the function.
2.6.2 ChildrenAny operator or logical relation tag.
2.7 The <AND>, <OR> tagsA logical And/Or between two children.
2.7.2 ChildrenMust have two children; each one is a logical operator and/or relation.
2.8 The <NOT> tagA logical Not of a child.
2.8.2 ChildrenMust have one child that is a logical operator and/or relation.
2.9 The <EQ>, <NE>, <GT>, <GE>, <LT>, <LE> tagsA relation between two children each one is a Field and/or a Constant . The order of the children is important (i.e. <GT> is true if the first child is greater than the second child).
2.9.2 ChildrenTwo children each one is a Field and/or a Constant .
2.10 The <FIELD> tagThe field tag is used to extract a value from a certificate.
2.11 The <CONST> tagA constant value.
2.11.2 ChildrenA constant value.
3. Future extensions to the language