Association for Computing Machinery
To ensure that a trust negotiation succeeds whenever possible, authorization policy compliance checkers must be able to find all minimal sets of their owners' credentials that can be used to satisfy a given policy. If all of these sets can be found efficiently prior to choosing which set should be disclosed, many strategic benefits can also be realized. Unfortunately, solving this problem using existing compliance checkers is too inefficient to be useful in practice. Specifically, the overheads of finding all satisfying sets using existing approaches have been shown to rapidly grow exponentially in the size of the union of all satisfying sets of credentials for the policy, even after optimizations have been made to prune the search space for potential satisfying sets.