Prose2Policy (P2P): A Practical LLM Pipeline for Translating Natural-Language Access Policies into Executable Rego
arXiv:2603.15799v1 Announce Type: new Abstract: Prose2Policy (P2P) is a LLM-based practical tool that translates natural-language access control policies (NLACPs) into executable Rego code (the policy language of Open Policy Agent, OPA). It provides a modular, end-to-end pipeline that performs policy detection, component extraction, schema validation, linting, compilation, automatic test generation and execution. Prose2Policy is designed to bridge the gap between human-readable access requirements and machine-enforceable policy-as-code (PaC) while emphasizing deployment reliability and auditability. We evaluated Prose2Policy on the ACRE dataset and demonstrated a 95.3\% compile rate for accepted policies, with automated testing achieving a 82.2\% positive-test pass rate and a 98.9\% negative-test pass rate. These results indicate that Prose2Policy produces syntactically robust and behaviorally consistent Rego policies suitable for Zero Trust and compliance-driven environments.
arXiv:2603.15799v1 Announce Type: new Abstract: Prose2Policy (P2P) is a LLM-based practical tool that translates natural-language access control policies (NLACPs) into executable Rego code (the policy language of Open Policy Agent, OPA). It provides a modular, end-to-end pipeline that performs policy detection, component extraction, schema validation, linting, compilation, automatic test generation and execution. Prose2Policy is designed to bridge the gap between human-readable access requirements and machine-enforceable policy-as-code (PaC) while emphasizing deployment reliability and auditability. We evaluated Prose2Policy on the ACRE dataset and demonstrated a 95.3\% compile rate for accepted policies, with automated testing achieving a 82.2\% positive-test pass rate and a 98.9\% negative-test pass rate. These results indicate that Prose2Policy produces syntactically robust and behaviorally consistent Rego policies suitable for Zero Trust and compliance-driven environments.
Executive Summary
The Prose2Policy (P2P) tool translates natural-language access control policies into executable Rego code, bridging the gap between human-readable requirements and machine-enforceable policy-as-code. P2P achieves a 95.3% compile rate and high automated testing pass rates, indicating its potential for reliable deployment in Zero Trust and compliance-driven environments. The tool's modular pipeline and emphasis on auditability make it a significant contribution to the field of access control policy implementation.
Key Points
- ▸ Prose2Policy translates natural-language access control policies into executable Rego code
- ▸ The tool achieves a 95.3% compile rate for accepted policies
- ▸ P2P demonstrates high automated testing pass rates, including 82.2% positive-test and 98.9% negative-test pass rates
Merits
Modular Pipeline
The tool's end-to-end pipeline allows for efficient and reliable policy translation, validation, and testing
High Compile Rate
P2P's high compile rate indicates its effectiveness in translating natural-language policies into executable code
Demerits
Limited Dataset Evaluation
The tool's evaluation is limited to the ACRE dataset, which may not be representative of all possible access control policy scenarios
Expert Commentary
The Prose2Policy tool represents a significant advancement in the field of access control policy implementation. Its ability to translate natural-language policies into executable Rego code can simplify the policy implementation process and reduce errors. However, further evaluation and testing are necessary to ensure the tool's effectiveness in diverse scenarios. Additionally, the tool's output must be carefully reviewed and validated to ensure compliance with relevant regulations and standards. Overall, Prose2Policy has the potential to contribute to the development of more secure and compliant access control systems.
Recommendations
- ✓ Further evaluate Prose2Policy using diverse datasets and scenarios to ensure its effectiveness and reliability
- ✓ Develop guidelines for the review and validation of Prose2Policy's output to ensure compliance with relevant regulations and standards