Portions of this blog entry were written by AI by referencing my source code, chat conversations, and documentation about the process
In modern web application development, security is typically modeled using static paradigms: Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC). While these paradigms are well-understood, they often struggle in highly dynamic, real-time, or distributed environments where capabilities must be dynamically delegated, revoked, or transferred between processes.
To solve this, we can turn to the π-calculus —a mathematical framework designed to model concurrent, communicating systems whose network topology changes during execution.
This post covers the foundational theory of the π-calculus and explains how we built a working prototype (pi-ui), a Blazor-based dynamic UI simulator that translates formal process calculus concepts into real-time, capability-based frontends.
Developed by computer scientist Robin Milner in the early 1990s as a successor to CCS (Calculus of Communicating Systems), the π-calculus is to concurrent computing what the λ-calculus (lambda calculus) is to sequential computing.
Rather than focusing on functions and evaluating expressions, the π-calculus focuses on processes interacting via channels.
In π-calculus, we describe systems using processes (P,Q) and names (x,y,z). Names represent both communication channels and the values passed over them. The core syntax includes:
The defining feature of the π-calculus is mobility: the ability to pass channel names over other channels.
Consider this reduction rule (β-reduction/reaction):
When an output process on channel x interacts with an input process on channel x, the channel name is transmitted. The receiving process Q substitutes z with y.
If Q did not previously know about channel y, it now has the capability to read from or write to it. This dynamic rewriting of the communication graph allows processes to pass access rights, establish private links, and dynamically restructure the software architecture at runtime.
To demonstrate this theory in a web application, we created a demo prototype called pi-ui using C# and ASP.NET Core Blazor. In this system:
Here is how the components interact under the hood:

PiSecurityEnvironment: An environment manager that translates an authenticated user’s identity claims (roles, permissions), custom channel assignments stored in the database, and real-time administrative overrides into a set of active capability channels (e.g., chan_view_dashboard, chan_edit_profile, chan_view_metrics).PiChannelStateService: A client-scoped state provider that tracks active, base, and revoked channels. It exposes events that components subscribe to for reactive UI updating.PiConditional: A declarative custom Razor component wrapper:<PiConditional ChannelName="chan_view_sensitive_data"> <!-- Secure UI Components Go Here --></PiConditional>PiChannelStateService, the child content renders. If it’s revoked or inactive, structural reduction is simulated by returning nothing (_isActive = false).To make the system truly representative of the π-calculus, channels are not static hard-coded permissions. They can be assigned, delegated, or revoked dynamically.
In ApplicationUser.cs, we represent channel assignments directly on the user entity:
public class ApplicationUser
{
public Guid Id { get; set; }
public string Username { get; set; } = string.Empty;
public string Roles { get; set; } = string.Empty; // e.g. "Admin,User"
public string Permissions { get; set; } = string.Empty; // e.g. "EditBio"
public string AssignedChannels { get; set; } = string.Empty; // Comma-separated list
public IEnumerable<string> GetAssignedChannelList() =>
string.IsNullOrWhiteSpace(AssignedChannels)
? Enumerable.Empty<string>()
: AssignedChannels.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
}
When a user logs in, the PiSecurityEnvironment calculates the available channel set by combining:
Admin automatically maps to chan_admin_settings, chan_view_metrics).EditBio maps to chan_edit_bio).AssignedChannels).When an administrator toggles a channel assignment on the dashboard, the application:
AssignedChannels string to the database using Entity Framework Core.IHubContext<PiProcessHub>:await HubContext.Clients.All.SendAsync("UserChannelsUpdated", username, activeChannels, baseChannels, revokedChannels);
Clients listening to this hub stream automatically update their local PiChannelStateService instances, triggering an instantaneous, smooth UI transition without requiring a page refresh.
The prototype also implements self-documenting capabilities. By utilizing custom C# attributes, we map domain models directly to their corresponding security channels:
public class UserProfileDTO
{
[PiChannel("chan_view_dashboard")]
public string Username { get; set; }
[PiChannel("chan_view_sensitive_data")]
public string Email { get; set; }
[PiChannel("chan_edit_bio")]
public string Bio { get; set; }
}
At runtime, the prototype’s JsonSchemaGenerator uses reflection to inspect the class structure, generating a JSON Schema containing custom OpenAPI-style extension keys:
{
"type": "object",
"properties": {
"Username": {
"type": "string",
"x-pi-channel": "chan_view_dashboard"
},
"Email": {
"type": "string",
"x-pi-channel": "chan_view_sensitive_data"
},
"Bio": {
"type": "string",
"x-pi-channel": "chan_edit_bio"
}
}
}
This schema can be fed directly into large language models (LLMs) or dynamic renderers, allowing them to dynamically structure, render, and validate secure forms and layouts depending on the active channel state of the current user session.
By mapping the formal semantics of the π-calculus onto modern web constructs, we gain a highly resilient, real-time approach to application security. The pi-ui prototype demonstrates that concurrency models aren’t just for theoreticians—they provide an elegant blueprint for building reactive, capability-driven user interfaces.
Whether managing IoT device authorization grids, multi-tenant workflows, or real-time admin panels, treating channels as first-class variables simplifies how we build secure systems.