Hapi: A Domain-Specific Language for the Declaration of Access Policies
Resumo
Access policies specify what are the actions that different actors can perform on the available resources. Access policies are a core notion in multiuser environments, such as operating systems and distributed databases. Currently, most of these systems use general data specification languages, such as JSON, XML and YAML to describe access policies. Yet, domain-specific languages are also available for this task. One of such languages is Legalease, from Microsoft. This paper presents a new version of Legalease, called Hapi. Hapi replaces Legalease’s notion of a lattice with a partially ordered set (poset). We demonstrate that posets already give all the expressivity of Legalease, while simplifying its specification and the implementation of verification algorithms. Hapi is currently publicly available. The language is distributed with tools for translating programs to YAML and for visualizing access rights. Hapi provides developers with an Intermediary Representation of policies that allows this language to be easily embedded in any project. Said representation generalizes the notion of actors, actions and resources to user-defined entities; hence, being more flexible than typical data-access description languages.
Publicado
30/09/2021
Como Citar
JULIÃO, Vinícius; HOLMQUIST, Alexander; LÚCIO, Flávio; SIMÕES, Celso; PEREIRA, Fernando.
Hapi: A Domain-Specific Language for the Declaration of Access Policies. In: SIMPÓSIO BRASILEIRO DE LINGUAGENS DE PROGRAMAÇÃO (SBLP), 25. , 2021, Joinville.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 9–16.