User-credential based role mapping in multi-domain collaborative environments

Abstract

Collaboration between multiple organizations creates new opportunities for businesses. With such collaborations becoming a reality, it is necessary to have an access control policy integration approach to form a global policy consistent with the partner organizations. Research on policy integration has led to the proposal of several frameworks to uniformly express policies and to integrate such policies. But most of these frameworks are complex and compromise the privacy of the constituent domains by sharing all the components of an access control policy including access control lists. In this thesis, a unique policy integration technique is described to merge Role-Based Access Control (RBAC) policies of multiple-security domains in a heterogeneous environment. The proposed mechanism uses user credentials associated with roles as the main criteria in mapping inter-domain roles. Integration of the proposed policy greatly minimizes the administration overhead while efficiently merging the policies in a heterogeneous environment. Then, an approach to extend the community-based authorization framework to include the proposed integration tool is presented. A practical implementation is provided that enables collaboration among autonomous domains. Keywords. Policy Integration, Role-Based Access Control (RBAC), Community Authorization Service (CAS)