Policy languages require the same composition mechanisms as programming languages

Current policy languages come with a monolithic syntax and support only a limited set of security formalisms. Thus, contemporary policies can only inadequately prescribe the correct behavior of a distributed business application w.r.t. different views, such as usage control, safety properties, or governance. To support composing policies that involve multiple views, we propose to include well-established composability mechanisms into policy languages. In this paper, we propose an extensible security DSL that composes multiple mechanisms---namely inheritance, scoping, aspects, and different paradigms---into one composite policy language.

[1]  Michael Eichberg,et al.  Incremental concrete syntax for embedded languages , 2011, SAC '11.

[2]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[3]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[4]  Michael Eichberg,et al.  An architecture for composing embedded domain-specific languages , 2010, AOSD.

[5]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[6]  Éric Tanter,et al.  Beyond static and dynamic scope , 2009, DLS '09.

[7]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[8]  Paul Hudak,et al.  Building domain-specific embedded languages , 1996, CSUR.

[9]  Anne H. Anderson An introduction to the Web Services Policy Language (WSPL) , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..