Classic access control approaches are designed for strong consistency, which is incompatible with weakly consistent data replication. This paper describes a weakly consistent access control system that relies on specifying policies using SecPAL. SecPAL is a declarative, decentralized authorization language that expresses policies and credentials as logical assertions. By treating access requests as logical queries, the system reduces enforcement to a proof-generation process by translating the SecPAL assertions into constrained Datalog programs.

As part of this seminar, you will get the chance try out SecPAL for yourself or instead explore how you can implement such policies directly in Datalog.