Modal Logic for Access Control from Henry Story on 2019-04-11 (public-solid@w3.org from April 2019)

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 11 Apr 2019 16:11:09 +0200
To: public-solid@w3.org
Message-Id: <13184A37-EF57-4646-A046-B1952A07A3FB@bblfish.net>

I have been looking around for a high level logics of access control.
It seemed like it had to be modal logic, was related to contexts, and
also from programming was related to monads as used in Functional Programming.

So I rediscovered the logic that Dan Connolly had explored with 
N3 in [1]: Namely  M. Abadi, M. Burrows, B. Lampson and G. Plotkin
work, starting with "A Calculus for Access Control in 
Distributed Systems” [2]

It is really the logic of "A says P", which is the minimal speech act.

There are tutorial notes here 
  http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.157.9610&rep=rep1&type=pdf

And the relation to Monads is made clear the article 
"Access Control in a Core Calculus of Dependency” [3].

So when someone presents a credential they are "saying that” the content is true.
The same happens when you dereference a WebID: since you have to fetch the document
at that location, which is a saying (your client is asking and the server is saying).

It also comes with a lattice of Agents, which can be used to analyse a number of things:
 * delegation as when one allows an agent to speak for another
 * speaking for, ie the agent A|O which is just a short hand for A says O says
   and that we have in navigators when we have the browser pass on information from
   a JS Agent: The server needs to understand that A|O is different from A.
 * hierarchies or groups of agents.
   …

So I think this is general enough to cover any use case of authentication, access
control, and can help explain quite a lot, for example why OWL is not sufficient to
do any of this (though it will be very useful tool to do a lot more flexible stuff
that what can currently be done in Solid)

Henry


[1] https://www.w3.org/2001/tag/dj9/refi_ex.html
[2] http://homepages.inf.ed.ac.uk/gdp/publications/Calculus_for_Access_Control.pdf
   Note that Mike Burrows was the author of the AltaVista search engine.
[3] https://www.sciencedirect.com/science/article/pii/S1571066107000746

Received on Thursday, 11 April 2019 14:11:37 UTC