[Cryptography] What is the state of the art in policy specification systems?

John Ioannidis jayeye at gmail.com
Sun Aug 21 16:33:22 EDT 2016


What do people use these to specify authorization/access-control policies?
AWS uses their own declarative (and adequate for the job) policy
language, but it only works for their own resources; ditto for the
Google compute engine. I've seen things like the zope security policy
stuff, but it looks a mess, and it will probably take me less time to
roll my own than fit it to my use case.

KeyNote (https://www.cs.columbia.edu/~angelos/keynote.html), of
course, is what I really want, but nobody seems to have touched it in
over ten years, and I don't have the resources to have a modern
version written now.

Thanks,

/ji


More information about the cryptography mailing list