Access Control » History » Revision 6

« Previous | Revision 6/10 (diff) | Next »
Suravi Regmi, 11/25/2025 05:49 PM

Access Control + Policy Structure¶

Access Control¶

{width:450px}

Policy¶

Goal: limit data access to only authorized users based on terms of use and privacy risks
Default access: Data owner


policy-id        <unique-id> requesters-names <names>
attribute-filters
{
  allow 
  {
    <attribute 1>
    <attribute 2>
    …
  }  
  deny
  {
    <attribute 1>
    <attribute 2>
    …
  }
}



policy-id          A
requesters-names   /ndn/uofm, /edu/mit/alice
attribute-filters
{
  allow 
  {
    /org/md2k/mperf/dd40c
    /org/md2k/ATTRIBUTE/location/home
    /org/md2k/ATTRIBUTE/location/gym
    /org/md2k/ATTRIBUTE/date > 20210901
  }  
  deny
  {
    /org/md2k/ATTRIBUTE/activity/sleeping
  }
}

Policy Structure and Components
policy-id
requester-names
attribute-filters
Allow
Deny (optional)

Example policy with evolution from old → new format

Filter semantics

Mapping to attributes

Files (2)

Updated by Suravi Regmi 20 days ago · 10 revisions

ck-flow.png (150 KB) ck-flow.png		Suravi Regmi, 11/28/2025 08:46 PM
policy-format.png (114 KB) policy-format.png		Suravi Regmi, 11/28/2025 08:47 PM

Project

General

Profile

mGuard

Wiki

Access Control » History » Revision 6

Access Control + Policy Structure¶

Access Control¶

Policy¶