A Credential-Based Access Control Requirements Language

Access control and authentication systems are currently undergoing a paradigm shift towards openness and user-centricity where service providers communicate to the users what information they need to provide to gain access to a given resource. This paradigm shift is a crucial step towards allowing users to manage their identities and privacy. To ensure the service provider of the validity of the presented information, the latter is typically attested to by a trusted issuer or identity provider. There are multiple means to transmit such attestation to the service provider including X.509 certificates, anonymous credentials, and OpenIDs. In this paper, we abstract all attestation means into the concept of a 'credential' and provide a language that allows service providers to specify the credentials a user is required to present to get access to a given resource. Our language does not only allow one to express conditions on the credentials that the user has to present, but also which attributes have to be disclosed, and to whom, and which statements the user has to consent to before being granted access. To clarify our language and facilitate its use, we provide a formal semantics that defines what a particular credential realization must implement. We discuss the relationship and possible integration with existing access control languages such as XACML. Thus, our language allows one to build an access control system that can use any of the known realizations of credentials to satisfy the stated requirements. As the language also incorporates the advanced functionalities provided by anonymous credentials, it can serve as an enabler in the paradigm shift towards user-centric and privacy-enhancing identity management.

The expanded and updated version of this Research Report has been published as RZ3762 "A Language Enabling Privacy-Preserving Access Control" by Jan Camenisch, Sebastian Moedersheim, Gregory Neven, Franz-Stefan Preiss, and Dieter Sommer