FACPL - Formal Access Control Policy Language PDF Print E-mail

The FACPL language is the basis of a user-friendly, feasible and effective approach for developing, operating and maintaining policy-based autonomic systems. The language permits the expression of high-level policies regulating various aspects of a computer system, e.g., access control, resource usage and adaptation. It has a compact and intuitive syntax and is endowed with a denotational semantics providing a full formal account of the security model.

FACPL specifications are hierarchically structured in terms of FACPL elements, i.e., rules, policies and policy sets. These elements specify a name, the effect of a positive evaluation (i.e., permit or deny), target and conditions for applicability, the algorithm for combining the results of the evaluation of the contained elements, and a set of obligations, i.e., supplemental actions as for example updating a log file, sending a message, setting an attribute.


The evaluation of a request with respect to a FACPL element triggers the processing of the element. If the element‘s target does not match the request, the element does not apply.

Otherwise, in case of policies and policy sets, the processing proceeds by recursively evaluating the enclosed elements and by composing their resulting decisions through the specified combining algorithm; in the case of rules, the processing proceeds by evaluating the condition, if present, and by returning the rule’s effect as a decision. The final decision is then established on the basis of the result of obligation discharge.

Further Information:

Last Updated on Monday, 09 March 2015 14:27