Interoperability among access control models

Abstract

In the era of distributed computing and multi-user environment, federated organizations need to collaborate and access each other's resources. In order to access resources user must be authenticated seamlessly and authorized to perform access request. Existing centralized solution such as Single Sign On suffers with single point of failure. In our research, we propose a distributed solution by making access control models, existing in different organizations, interoperable. We show how decentralized and distributed yet federated organizations with heterogeneous access control models can share valuable resources/services in secure, reliable and efficient manner with no or minimal changes to their existing infrastructure. Our solution converts the existing policies of collaborating organization into ABAC model by a model transformation utility. Any cross organization transactions are handled by our plug-in based system without requiring any changes in the current authentication and authorization workflow of both collaborating parties.