...
- Subjects can be persons or groups
- Roles, Actions and Resources can inherit <<Privileges>> <<privileges, (policy statements)?>> from other Roles, Actions and ResourcesWildcards may be used for Subject, Action, or Resource
- Limits can be expressed as a sequence of atomic predicates "X Rel Verb Y" joined by logical operators, AND, OR, NOT, XOR.
- X Verb Y Rel defines any relationship where X specifies some attriibute value of the elements of the policy expression or some environmental/contextual variable, Y is a proposition and Rel X Verb Y evaluates to T or F for any values of X and Y.
- The whole Limit expression evaluates to True or False
- By definition, True = Allow and False = Deny
Abstract Definitions of Policy Elements:
...