Abstract
Abstract Protocols in distributed settings usually rely on the interaction of several parties and often identify the roles involved in communications. Roles may have a behavioral interpretation, as they do not necessarily correspond to sites or physical devices. Notions of role authorization thus become necessary to consider settings in which, e.g., different sites may be authorized to act on behalf of a single role, or in which one site may be authorized to act on behalf of different roles. This flexibility must be equipped with ways of controlling the roles that the different parties are authorized to represent, including the challenging case in which role authorizations are determined only at runtime. We present a typed framework for the analysis of multiparty interaction with dynamic role authorization and delegation. Building on previous work on conversation types with role assignment, our formal model is based on an extension of the π -calculus in which the basic resources are pairs channel-role, which denote the access right of interacting along a given channel representing the given role. To specify dynamic authorization control, our process model includes (1) a novel scoping construct for authorization domains, and (2) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error then corresponds to an action involving a channel and a role not enclosed by an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, including when parties dynamically acquire authorizations.
Highlights
Distributed systems operation is based on cooperating remote parties that communicate with each other to coordinate their local actions
We address the issue of dynamic role authorizations in multiparty interactions from the perspective of formal models of communication equipped with behavioral types [HLV+16]
Our contribution is based on previous work on conversation types [CV10] and their extension with dynamic assignment of roles to several parties in a concurrent system [BCVV12]
Summary
Distributed systems operation is based on cooperating remote parties that communicate with each other to coordinate their local actions. Different notions of role-based specifications can be found in modern distributed information systems, ranging from access control to structured interactions in communication-centered systems. These notions sometimes build on the assumption that distinct participants (e.g., users at different physical locations) may belong to the same role, and that a single participant may implement several different roles. In the model that we propose here, it is essential to ensure that communication capabilities are carried out by parties that are granted to do so This is important when considering that access to channels may be dynamically acquired, and that roles may be flexibly implemented in the system. We motivate our development on top of role-based interacting systems so as to capture and control authorizations for communication capabilities
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
