关键词: 访问控制，策略合并，逻辑，融合框架，推理系统

Abstract: In multi-domain environment, the composition of access control policies is the key for aggregated resources when several domains are organized to form a new one. To formally express the composition and guarantee the correctness,a logical framework of composing policies was proposed. The framework is described at the attribute level. It not only fertilizes the existing algebraic models but also can express the dynamic composing scenery which they don't support, Several examples were introduced to demonstrate its expressing ability. The framework involves a logic deduction system which is sound. Based on the system, a compound policy can be formally verified whether it meets each party's protection needs. At last, how to evaluate a compound policy for an access request to some aggregated resource was dis- cussed.

Key words: Access control, Policies composition, Logical, Composing framework, Deduction system