@@ -175,6 +175,35 @@ essentially formulating the following policy: `grant p to user u if R(u)`.
PriMA is another recently proposed privacy protection mechanism for SNSs.
+Policy
+
+Let `U` be the set of all users in the system.
+Accesses are directed against resources. A resource may represent one or more
+objects or certain system operations. Let `R` be the set of resources protected
+by the SNS. A typical member of `R` is denoted by `r`.
+
+Assocated with every access request are therefore the following:
+
+* a protected resource that is being accessed
+* the owner of that resource
+* the accessor of that resource who requests access.
+
+Owner of a resource implies that the accessor must be in a specific kind of
+relationship with the owner in order be granted. Huh?
+
+Associated with every resource is an `access control policy`.
+Policy is modeled as a ternary predicate: `U x U x G(U, I) => {0, 1}`.
+
+A protection system N is a 7-tuple (I, U, R, C, C0, policy, owner) where:
+
+* `I` is the set of relation identifiers (See my question in the README about resource identifiers in our system)
+* `U` is a finite set of users in the system
+* `R` is a finite set of resources to be protected by the system.
+* `C` is a _infinite_ universe of `access contexts`.
+ * `C0` is the root context. (* Could this be the root `Organization` that a `User` belongs to?)
+* `R => PP(U, I)` assigns a policy predicate to every resource in the system. (This means that every resource is addressable through a universal identifier, right? Goodbye `bigint`? Yay!)
+* `owner: R -> U` is a function that assigns an owner to every resource in the system.
+
References
* [Relationship-Based Access Control: Protection Model and Policy Language by Philip W. L. Fong](https://cspages.ucalgary.ca/~pwlfong/Pub/codaspy2011.pdf)