Consumable Credentials in Logic-Based Access Control

We present a framework to support consumable credentials in a logic-based distributed authorization system. Such credentials convey use-limited authority (e.g., to open a door once) or authority to utilize resources that are themselves limited (e.g., to spend money).We design a framework based on linear logic to enforce the consumption of credentials in a distributed system, and to protect credentials from nonproductive consumption as might result from misbehavior or failure. Finally, we give several usage examples in the framework, and evaluate the performance of our implementation for use in a ubiquitous computing deployment at our institution.