Global Types with Internal Delegation and Connecting Communications - - PowerPoint PPT Presentation

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global Types with Internal Delegation and Connecting Communications

joint work with Ilaria Castellani, Paola Giannini and Ross Horne Nobuko meeting 9/10/2020

1 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

ko

− →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

date

← − − −

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

date

← − − −

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

date

← − − −

price

− − − →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

date

← − − −

price

− − − →

channel

− − − − − →

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Alice Cat Bank Example

title

− − − →

price

← − − −

• k

− →

card

− − − →

date

← − − −

price

− − − →

channel

− − − − − →

channel

← − − − − −

2 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Two Global Types

Gac Gcb A

title

− − − − → C; C

price

− − − − → A; ( ( A

• k

− − → C; C

price

− − − − → B; C T − → B; A

card

− − − → C; B T′ − → C; End C

date

− − − → A; End ) ⊞ A

ko

− − → C; End ) T = A? card ; T′ T′ = A! date ; End

3 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C;

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A;

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C;

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; connecting communication

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B; forward delegation

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C;

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C; backward delegation

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

One Global Type

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

4 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Start with Forward delegation

C◦

• B
• B

C◦

• Terminology (active/passive):

active forward delegation ◦

• B

passive forward delegation C◦

• .

5 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Message sent to Cat goes directly to Bank

C◦

• B;

A

card

− − − → C C! card ;

• B

C◦

• ;

A? card Trust assumption: Cat does not have authority to handle card.

6 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

End with backward delegation

C◦

• B;

A

card

− − − → C; B•

• C;

C! card ;

• B; B•
• C◦
• ;

A? card ;

• C

Terminology (active/passive): active backward delegation •

• C

passive backward delegation B•

• .

7 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi external choices of inputs

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi internal choices of outputs

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P forward delegation with principal

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P forward delegation with deputy

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P backward delegation with principal

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P

| q•

• ; P backward delegation with deputy

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P

| q•

• ; P

| µX.P | X |

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P

| q•

• ; P

| µX.P | X |

internal and external choices must not be ambiguous

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P

| q•

• ; P

| µX.P | X |

internal and external choices must not be ambiguous

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Processes

Λ ranges over λ and

λ

↔

P ::= Σi∈Ipi?Λi; Pi | ⊕i∈I pi!Λi; Pi | p◦

• ; P

|

• p; P

|

• q; P

| q•

• ; P

| µX.P | X |

internal and external choices must not be ambiguous A? title ; A! price ; (A? ok ; B!

price

↔ ; ◦

• B; B•
• ; A! date + A? ko )

8 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Networks

A[ [ C! card ; C? date ] ] C[ [ ◦

• B; B•
• ; A! date ]

] B[ [ C◦

• ; A? card ; •
• C ]

]

◆ ◆ ◆

9 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Networks

A[ [ C! card ; C? date ] ] C[ [ ◦

• B; B•
• ; A! date ]

] B[ [ C◦

• ; A? card ; •
• C ]

] ⇓ A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

]

◆ ◆ ◆

9 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Networks

A[ [ C! card ; C? date ] ] C[ [ ◦

• B; B•
• ; A! date ]

] B[ [ C◦

• ; A? card ; •
• C ]

] ⇓ A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

] ⇓ A[ [ C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ •

• C ]

]

◆ ◆ ◆

9 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Networks

A[ [ C! card ; C? date ] ] C[ [ ◦

• B; B•
• ; A! date ]

] B[ [ C◦

• ; A? card ; •
• C ]

] ⇓ A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

] ⇓ A[ [ C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ •

• C ]

] ⇓ A[ [ C? date ] ] C[ [ A! date ] ] B[ [ 0 ] ]

◆ ◆ ◆

9 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Networks

A[ [ C! card ; C? date ] ] C[ [ ◦

• B; B•
• ; A! date ]

] B[ [ C◦

• ; A? card ; •
• C ]

] ⇓ A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

] ⇓ A[ [ C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ •

• C ]

] ⇓ A[ [ C? date ] ] C[ [ A! date ] ] B[ [ 0 ] ]

◆ ::= p[ [ P ] ] |

• p[

[ P ] ] | ◆ ◆

9 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

Σi∈Ipi?Λi; Pi

pj?Λj

− − − → Pj j ∈ I [ExtCh]

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

Σi∈Ipi?Λi; Pi

pj?Λj

− − − → Pj j ∈ I [ExtCh] ⊕i∈Ipi!Λi; Pi

pj!Λj

− − − → Pj j ∈ I [IntCh]

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

P

q!Λ

− − → P′Q

p?Λ

− − → Q′ [Com] p[ [ P ] ] q[ [ Q ] ]

pΛq

− − → p[ [ P′ ] ] q[ [ Q′ ] ]

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

P

q!Λ

− − → P′Q

p?Λ

− − → Q′ [Com] p[ [ P ] ] q[ [ Q ] ]

pΛq

− − → p[ [ P′ ] ] q[ [ Q′ ] ] p[ [ ◦

• q; P ]

] q[ [ p ◦

• ; Q ]

]

p◦

• q

− − − → p[ [ P ] ] p[ [ Q ] ] [BDel]

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

P

q!Λ

− − → P′Q

p?Λ

− − → Q′ [Com] p[ [ P ] ] q[ [ Q ] ]

pΛq

− − → p[ [ P′ ] ] q[ [ Q′ ] ] p[ [ ◦

• q; P ]

] q[ [ p ◦

• ; Q ]

]

p◦

• q

− − − → p[ [ P ] ] p[ [ Q ] ] [BDel]

• p[

[ q •

• ; P ]

] p[ [ •

• p; Q ]

]

q•

• p

− − − → p[ [ P ] ] q[ [ Q ] ] [EDel]

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Operational Semantics

P

q!Λ

− − → P′Q

p?Λ

− − → Q′ [Com] p[ [ P ] ] q[ [ Q ] ]

pΛq

− − → p[ [ P′ ] ] q[ [ Q′ ] ] p[ [ ◦

• q; P ]

] q[ [ p ◦

• ; Q ]

]

p◦

• q

− − − → p[ [ P ] ] p[ [ Q ] ] [BDel]

• p[

[ q •

• ; P ]

] p[ [ •

• p; Q ]

]

q•

• p

− − − → p[ [ P ] ] q[ [ Q ] ] [EDel] ◆

φ

− → ◆′ [Ct] ◆ ◆′′ φ − → ◆′ ◆′′ φ ranges over pΛq, p◦

• q, q•
• p

10 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

a process offering more inputs and less outputs is better

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

a process offering more inputs and less outputs is better

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = = connecting communications are better than 0

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = = connecting communications are better than 0

[Sub-In-Skip]

Σi∈Ipi?

λi

↔; Pi ≤ 0

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-In-Skip]

Σi∈Ipi?

λi

↔; Pi ≤ 0 δ ranges over p◦

• ◦
• q q•
• •
• p

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-In-Skip]

Σi∈Ipi?

λi

↔; Pi ≤ 0 δ ranges over p◦

• ◦
• q q•
• •
• p

[Sub-Del]

P ≤ Q δ; P ≤ δ; Q

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Partial Order on Processes

[Sub-In]

∀i ∈ I : Pi ≤ Qi Σi∈I∪Jpi?Λi; Pi ≤ Σi∈Ipi?Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-Out]

∀i ∈ I : Pi ≤ Qi ⊕i∈Ipi!Λi; Pi ≤ ⊕i∈I∪Jpi!Λi; Qi = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

[Sub-In-Skip]

Σi∈Ipi?

λi

↔; Pi ≤ 0

[Sub-Del]

P ≤ Q δ; P ≤ δ; Q

[Sub-0]

0 ≤ 0

11 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

no ambiguity of choices between all simple or all connecting communications

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

no ambiguity of choices between all simple or all connecting communications each occurrence of p◦

• q is

followed by an occurrence of q•

• p

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

no ambiguity of choices between all simple or all connecting communications each occurrence of p◦

• q is

followed by an occurrence of q•

• p

no atomic interaction involving q

• ccurs between p◦
• q and q•
• p

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

no ambiguity of choices between all simple or all connecting communications each occurrence of p◦

• q is

followed by an occurrence of q•

• p

no atomic interaction involving q

• ccurs between p◦
• q and q•
• p

no choice occurs between p◦

• q

and q•

• p

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Global types

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

G ::= ⊞i∈I pΛiqi; Gi | p◦

• q; G | q•
• p; G

| µt.G | t | End

no ambiguity of choices between all simple or all connecting communications each occurrence of p◦

• q is

followed by an occurrence of q•

• p

no atomic interaction involving q

• ccurs between p◦
• q and q•
• p

no choice occurs between p◦

• q

and q•

• p

no delegation involving p occurs between p◦

• q and q•
• p

12 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Projection: Example

A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

13 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Projection: Example

A? title ; A! price ; ( A? ok ; B!

price

↔ ;

• B;

B•

• ;

A! date ; + A? ko ) A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End )

13 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Projection: Example

A? title ; A! price ; ( A? ok ; B!

price

↔ ;

• B;

B•

• ;

A! date ; + A? ko ) A

title

− − − − → C; C

price

− − − − → A; ( A

• k

− − → C; C

price

↔

− − − → B; C◦

• B;

A

card

− − − → C; B•

• C;

C

date

− − − → A; End ⊞ A

ko

− − → C; End ) C◦

• ;

A? card ;

• C

13 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

Meet

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

Meet (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi + p?Λ; P

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

Meet (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi + p?Λ; P (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi if p = pj and Λ = Λj and P = Pj for some j ∈ I

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

Meet (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi + p?Λ; P (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi if p = pj and Λ = Λj and P = Pj for some j ∈ I (Σi∈Ipi?

λi

↔; Pi) 0 = Σi∈Ipi?

λi

↔; Pi

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

Meet (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi + p?Λ; P (Σi∈Ipi?Λi; Pi) p?Λ; P = Σi∈Ipi?Λi; Pi if p = pj and Λ = Λj and P = Pj for some j ∈ I (Σi∈Ipi?

λi

↔; Pi) 0 = Σi∈Ipi?

λi

↔; Pi 0 0 = 0

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q}

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1 (µt.G)↾p =      G↾p if t does not occur in G µt.G↾p if p ∈ part(G)

• therwise

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1 (µt.G)↾p =      G↾p if t does not occur in G µt.G↾p if p ∈ part(G)

• therwise

t↾p = t

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1 (µt.G)↾p =      G↾p if t does not occur in G µt.G↾p if p ∈ part(G)

• therwise

t↾p = t End↾p = 0

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1 (µt.G)↾p =      G↾p if t does not occur in G µt.G↾p if p ∈ part(G)

• therwise

t↾p = t End↾p = 0 (p◦

• q; G)↾r =

    

• q; G↾1(p, q)

if r = p p◦

• ; G↾2(p, q)

if r = q G↾r

• therwise

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Direct Projection

( pΛq; G )↾r =      q!Λ; G↾p if r = p p?Λ; G↾q if r = q G↾r if r ∈ {p, q} ( ⊞i∈I pΛiqi; Gi )↾r =

• ⊕i∈I( pΛiqi; Gi )↾r

if r = p

• i∈I( pΛiqi; Gi )↾r
• therwise

where |I| > 1 (µt.G)↾p =      G↾p if t does not occur in G µt.G↾p if p ∈ part(G)

• therwise

t↾p = t End↾p = 0 (p◦

• q; G)↾r =

    

• q; G↾1(p, q)

if r = p p◦

• ; G↾2(p, q)

if r = q G↾r

• therwise

(q•

• p; G)↾r = G↾r

if r ∈ {p, q}

14 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Delegation Projection

( rΛs; G )↾2(p, q) =      s!Λ; G↾2(p, q) if r = p and s = q r?Λ; G↾2(p, q) if s = p and r = q G↾2(p, q) if {r, s} ∩ {p, q} = ∅

15 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Delegation Projection

( rΛs; G )↾2(p, q) =      s!Λ; G↾2(p, q) if r = p and s = q r?Λ; G↾2(p, q) if s = p and r = q G↾2(p, q) if {r, s} ∩ {p, q} = ∅ ( rΛs; G )↾1(p, q) = G↾1(p, q) if r = q and s = q

15 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Delegation Projection

( rΛs; G )↾2(p, q) =      s!Λ; G↾2(p, q) if r = p and s = q r?Λ; G↾2(p, q) if s = p and r = q G↾2(p, q) if {r, s} ∩ {p, q} = ∅ ( rΛs; G )↾1(p, q) = G↾1(p, q) if r = q and s = q (q•

• p; G)↾1(p, q) = q•
• ; G↾p

(q•

• p; G)↾2(p, q) = •
• p; G↾q

15 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Delegation Projection

( rΛs; G )↾2(p, q) =      s!Λ; G↾2(p, q) if r = p and s = q r?Λ; G↾2(p, q) if s = p and r = q G↾2(p, q) if {r, s} ∩ {p, q} = ∅ ( rΛs; G )↾1(p, q) = G↾1(p, q) if r = q and s = q (q•

• p; G)↾1(p, q) = q•
• ; G↾p

(q•

• p; G)↾2(p, q) = •
• p; G↾q

(r◦

• s; G)↾1(p, q) = (r•
• s; G)↾1(p, q) = G↾1(p, q)

if {r, s} ∩ {p, q} = ∅

15 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Delegation Projection

( rΛs; G )↾2(p, q) =      s!Λ; G↾2(p, q) if r = p and s = q r?Λ; G↾2(p, q) if s = p and r = q G↾2(p, q) if {r, s} ∩ {p, q} = ∅ ( rΛs; G )↾1(p, q) = G↾1(p, q) if r = q and s = q (q•

• p; G)↾1(p, q) = q•
• ; G↾p

(q•

• p; G)↾2(p, q) = •
• p; G↾q

(r◦

• s; G)↾1(p, q) = (r•
• s; G)↾1(p, q) = G↾1(p, q)

if {r, s} ∩ {p, q} = ∅

(r◦

• s; G)↾2(p, q) = (r•
• s; G)↾2(p, q) = G↾2(p, q)

if {r, s} ∩ {p, q} = ∅

15 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Typing Rule

qi•

• ; Pi ≤ G↾1(pi, qi)

(i ∈ I) Qi ≤ G↾2(pi, qi) (i ∈ I) Rj ≤ G↾rj (j ∈ J) part(G) ⊆ {pi | i ∈ I} ∪ {qi | i ∈ I} ∪ {rj | j ∈ J} all participants distinct ⊢ Πi∈I

• pi[

[ qi•

• ; Pi ]

] Πi∈I pi[ [ Qi ] ] Πj∈J rj[ [ Rj ] ] : G

16 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Typing Rule

qi•

• ; Pi ≤ G↾1(pi, qi)

(i ∈ I) Qi ≤ G↾2(pi, qi) (i ∈ I) Rj ≤ G↾rj (j ∈ J) part(G) ⊆ {pi | i ∈ I} ∪ {qi | i ∈ I} ∪ {rj | j ∈ J} all participants distinct ⊢ Πi∈I

• pi[

[ qi•

• ; Pi ]

] Πi∈I pi[ [ Qi ] ] Πj∈J rj[ [ Rj ] ] : G A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

]

16 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Typing Rule

qi•

• ; Pi ≤ G↾1(pi, qi)

(i ∈ I) Qi ≤ G↾2(pi, qi) (i ∈ I) Rj ≤ G↾rj (j ∈ J) part(G) ⊆ {pi | i ∈ I} ∪ {qi | i ∈ I} ∪ {rj | j ∈ J} all participants distinct ⊢ Πi∈I

• pi[

[ qi•

• ; Pi ]

] Πi∈I pi[ [ Qi ] ] Πj∈J rj[ [ Rj ] ] : G A[ [ C! card ; C? date ] ]

• C[

[ B•

• ; A! date ]

] C[ [ A? card ; •

• C ]

] A

card

− − − → C; B•

• C;

C

date

− − − → A; End

16 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Subject Reduction

If ⊢ ◆ : G and ◆

φ

− → ◆′, then ⊢ ◆′ : G′ for some G′.

17 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Session Fidelity

If ⊢ ◆ : G and ◆

pΛq

− − → ◆′, then G = φ1; . . . ; φn; (⊞i∈I pΛiqi; Gi ⊞ pΛq; G′), where φj for 1 ≤ j ≤ n is an atomic interaction not involving p and q. ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆

18 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Session Fidelity

If ⊢ ◆ : G and ◆

pΛq

− − → ◆′, then G = φ1; . . . ; φn; (⊞i∈I pΛiqi; Gi ⊞ pΛq; G′), where φj for 1 ≤ j ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

p◦

• q

− − − → ◆′, then G = φ1; . . . ; φn; p◦

• q; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆

18 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Session Fidelity

If ⊢ ◆ : G and ◆

pΛq

− − → ◆′, then G = φ1; . . . ; φn; (⊞i∈I pΛiqi; Gi ⊞ pΛq; G′), where φj for 1 ≤ j ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

p◦

• q

− − − → ◆′, then G = φ1; . . . ; φn; p◦

• q; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

q•

• p

− − − → ◆′, then G = φ1; . . . ; φn; q•

• p; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆

18 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Session Fidelity

If ⊢ ◆ : G and ◆

pΛq

− − → ◆′, then G = φ1; . . . ; φn; (⊞i∈I pΛiqi; Gi ⊞ pΛq; G′), where φj for 1 ≤ j ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

p◦

• q

− − − → ◆′, then G = φ1; . . . ; φn; p◦

• q; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

q•

• p

− − − → ◆′, then G = φ1; . . . ; φn; q•

• p; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : ⊞i∈IpΛiqi; Gi, then ◆ = p[ [ ⊕i∈I ′qi!Λi; Pi ] ] ◆0 with I ′ ⊆ I and ◆

pΛiqi

− − − → ◆i and ⊢ ◆i : Gi for all i ∈ I ′. ◆ ◆ ◆ ◆

18 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Session Fidelity

If ⊢ ◆ : G and ◆

pΛq

− − → ◆′, then G = φ1; . . . ; φn; (⊞i∈I pΛiqi; Gi ⊞ pΛq; G′), where φj for 1 ≤ j ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

p◦

• q

− − − → ◆′, then G = φ1; . . . ; φn; p◦

• q; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : G and ◆

q•

• p

− − − → ◆′, then G = φ1; . . . ; φn; q•

• p; G′,

where φi for 1 ≤ i ≤ n is an atomic interaction not involving p and q. If ⊢ ◆ : ⊞i∈IpΛiqi; Gi, then ◆ = p[ [ ⊕i∈I ′qi!Λi; Pi ] ] ◆0 with I ′ ⊆ I and ◆

pΛiqi

− − − → ◆i and ⊢ ◆i : Gi for all i ∈ I ′. If ⊢ ◆ : φ; G, then ◆

φ

− → ◆′ and ⊢ ◆′ : G.

18 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Strong Progress

If ◆ = p[ [ ⊕i∈Iqi!Λi; Pi ] ] ◆0, then ◆

− → φ pΛiqi

− − − − − → ◆′ for some − → φ and for all i ∈ I. ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆

19 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Strong Progress

If ◆ = p[ [ ⊕i∈Iqi!Λi; Pi ] ] ◆0, then ◆

− → φ pΛiqi

− − − − − → ◆′ for some − → φ and for all i ∈ I. If ◆ = p[ [ Σi∈Iqi?λi; Pi ] ] ◆0, then ◆

− → φ qiλip

− − − − − → ◆′ for some − → φ and for some i ∈ I. ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆

19 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Strong Progress

If ◆ = p[ [ ⊕i∈Iqi!Λi; Pi ] ] ◆0, then ◆

− → φ pΛiqi

− − − − − → ◆′ for some − → φ and for all i ∈ I. If ◆ = p[ [ Σi∈Iqi?λi; Pi ] ] ◆0, then ◆

− → φ qiλip

− − − − − → ◆′ for some − → φ and for some i ∈ I. If ◆ = p[ [ ◦

• q; P ]

] ◆0, then ◆

− → φ p◦

• q −

→ φ′ q•

• p

− − − − − − − − − − → ◆′ for some − → φ and − → φ′. ◆ ◆ ◆ ◆

19 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Strong Progress

If ◆ = p[ [ ⊕i∈Iqi!Λi; Pi ] ] ◆0, then ◆

− → φ pΛiqi

− − − − − → ◆′ for some − → φ and for all i ∈ I. If ◆ = p[ [ Σi∈Iqi?λi; Pi ] ] ◆0, then ◆

− → φ qiλip

− − − − − → ◆′ for some − → φ and for some i ∈ I. If ◆ = p[ [ ◦

• q; P ]

] ◆0, then ◆

− → φ p◦

• q −

→ φ′ q•

• p

− − − − − − − − − − → ◆′ for some − → φ and − → φ′. If ◆ = q[ [ p◦

• ; Q ]

] ◆0, then ◆

− → φ p◦

• q −

→ φ′ q•

• p

− − − − − − − − − − → ◆′ for some − → φ and − → φ′.

19 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Internal versus Channel Delegation

pro

20 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Internal versus Channel Delegation

pro

internal delegation allows a better control of the whole conversation

20 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Internal versus Channel Delegation

pro

internal delegation allows a better control of the whole conversation internal delegation assures progress with a simple type system

20 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Internal versus Channel Delegation

pro

internal delegation allows a better control of the whole conversation internal delegation assures progress with a simple type system

con

20 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Internal versus Channel Delegation

pro

internal delegation allows a better control of the whole conversation internal delegation assures progress with a simple type system

con

channel delegation can represent more protocols

20 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

nested delegation

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

nested delegation deputies to make choices

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

nested delegation deputies to make choices . . .

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

nested delegation deputies to make choices . . .

coherence of sets of session types

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Future Work

global types allowing

nested delegation deputies to make choices . . .

coherence of sets of session types integration with reversibility

21 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

An application that delegates to an Oauth 2.0 server

Resource Untrusted App OAuth Server Owner

initiate(app ID,scope)

↔

begin delegation login page(app ID, scope) authorize(name, password) end delegation authorisation code(code) exchange(app ID, secret, code) access token(token) request(token) response(data) recursion revoke choice at Resource

22 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

An application that delegates to an Oauth 2.0 server

Untrusted App OAuth Server Owner

initiate(app ID,scope)

↔

begin delegation

login page(app ID, scope) authorize(name, password)

end delegation

authorisation code(code)

22 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Allowing the deputy to make a choice is useful

Resource Untrusted App OAuth Server Owner

initiate(app ID,scope)

↔

begin delegation login page(app ID, scope) authorize(name, password) end delegation authorisation code(code) exchange(app ID, secret, code) access token(token) request(token) response(data) recursion revoke choice at Resource choice at Server no release choice at Server deny end delegation error release choice at Owner

23 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Allowing the deputy to make a choice is useful

Untrusted App OAuth Server Owner

initiate(app ID,scope)

↔

begin delegation login page(app ID, scope) authorize(name, password) end delegation authorisation code(code) exchange(app ID, secret, code) access token(token) no release deny end delegation error

23 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Related Papers

Kohei Honda, Nobuko Yoshida, and Marco Carbone. Multiparty asynchronous session types. Journal of the ACM, 63(1):9, 2016.

24 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Related Papers

Kohei Honda, Nobuko Yoshida, and Marco Carbone. Multiparty asynchronous session types. Journal of the ACM, 63(1):9, 2016. Pierre-Malo Deni´ elou and Nobuko Yoshida. Dynamic multirole session types. In POPL, pages 435–446. ACM Press, 2011.

24 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Related Papers

Kohei Honda, Nobuko Yoshida, and Marco Carbone. Multiparty asynchronous session types. Journal of the ACM, 63(1):9, 2016. Pierre-Malo Deni´ elou and Nobuko Yoshida. Dynamic multirole session types. In POPL, pages 435–446. ACM Press, 2011. Raymond Hu and Nobuko Yoshida. Explicit connection actions in multiparty session types. In FASE, volume 10202 of LNCS, pages 116–133. Springer, 2017.

24 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Related Papers

Kohei Honda, Nobuko Yoshida, and Marco Carbone. Multiparty asynchronous session types. Journal of the ACM, 63(1):9, 2016. Pierre-Malo Deni´ elou and Nobuko Yoshida. Dynamic multirole session types. In POPL, pages 435–446. ACM Press, 2011. Raymond Hu and Nobuko Yoshida. Explicit connection actions in multiparty session types. In FASE, volume 10202 of LNCS, pages 116–133. Springer, 2017. Alceste Scalas, Ornela Dardha, Raymond Hu, and Nobuko

• Yoshida. A linear decomposition of multiparty sessions for safe

distributed programming. In ECOOP, volume 74 of LIPIcs, pages 24:1–24:31. Schloss Dagstuhl, 2017.

24 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Questions

25 / 26

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion

Thank you

26 / 26