Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can be expressed as types in dependently typed languages such as Agda and Lean, providing a single framework to express, analyze, and implement policies. We then go head-to-head with Rego, the popular and powerful open-source ABAC policy language. We show the superior safety that comes with a powerful type system and built-in proof assistant. In passing, we discuss various access control models, sketch how to integrate in a future when attributes are distributed and signed (as discussed at the W3C), and show how policies can be communicated using just the syntax of the language. Our examples are in Agda.

翻译：策略旨在区分正确与错误的行为；它们即是类型。然而类型错误的行为可能不会引发编译错误，却会导致财务与声誉损害。我们展示了即使最复杂的基于属性的访问控制（ABAC）策略也能在依赖类型语言（如Agda和Lean）中表达为类型，从而为策略的表达、分析与实现提供统一框架。随后我们与当前流行且功能强大的开源ABAC策略语言Rego进行直接比较，展示了强大类型系统与内置证明辅助工具所带来的卓越安全性。文中还探讨了多种访问控制模型，勾勒了在属性分布式存储与数字签名（如W3C标准所述）的未来场景中的集成方案，并演示了如何仅通过语言语法实现策略传递。所有示例均采用Agda语言实现。