Role-Based Access Control Models
Computer
Policy Contexts: Controlling Information Flow in Parameterised RBAC
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
A composite rbac approach for large, complex organizations
Proceedings of the ninth ACM symposium on Access control models and technologies
Access-Control Language for Multidomain Environments
IEEE Internet Computing
An RBAC Framework for Time Constrained Secure Interoperation in Multi-domain Environments
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Role-based access management for ad-hoc collaborative sharing
Proceedings of the eleventh ACM symposium on Access control models and technologies
Constraint-Enabled Distributed RBAC for Subscription-Based Remote Network Services
CIT '06 Proceedings of the Sixth IEEE International Conference on Computer and Information Technology
Domain Based Access Control Model for Distributed Collaborative Applications
E-SCIENCE '06 Proceedings of the Second IEEE International Conference on e-Science and Grid Computing
| Hi-index | 0.00 |
Inter-domain collaborations comprise of a series of tasks, whose run-time environment stretches over heterogeneous systems governed by different set of policies and where participating organizations desire to preserve control over their resources. One of the major security challenges in modeling those inter-domain collaborations is providing a decentralized authorization solution. At the core of this challenge lie two problems: 1) an authorization decision maker does not know who a principal is and 2) which set of privileges this principal owns if the principal is originated from outside of the decision maker's domain. Currently, a number of different approaches tackle this problem and claim to provide a full-fledged solution. These approaches, however, often require particular use of infrastructures and their own policy languages. In this paper, we propose a lightweight model using the concept of distributed roles from the dRBAC model to bridge different domain boundaries. Based on e-Government collaboration scenarios, we identify a set of requirements of decentralized authorization and propose an extension to the current XACML specification as a realization of our model.