Interoperability of Context Based System Policies Using O2O Contract

Abstract

The evolution of today's markets and the high volatility of business requirements put an increasing emphasis on the ability for systems to accommodate the changes required by new organizational needs while maintaining security objectives satisfiability. This is even more true in case of collaboration and interoperability between different organizations and thus between their information systems.Usual solutions do not anticipate interoperability security requirements or do it in a non satisfactory way. In this paper, we propose contract and compatibility principles to achieve a secure interoperation. Contracts are used to explicitly represent the rules that determine the way interaction between organizations must be controlled to satisfy secure accesses to resources. Compatibility relations make it possible to derive interoperability security policies.