Integrated provenance data for access control in group-centric collaboration

Abstract

In a provenance-aware environment, as data objects are created and used, the transaction information is captured as provenance data. Provenance-based access control utilizes the captured provenance information to control access to the underlying data. In a group-centric collaboration environment, data objects are shared and modified by multiple organizations/systems while the relevant provenance data are captured and stored in the local systems. While captured provenance data are readily available for access control within the local system, provenance-based access control in a group-centric collaboration environment requires integrated use of provenance data from other collaborating systems for effective access control. However, some provenance information maintained by a system may be too sensitive to be directly viewed or used by other systems. In this paper, we demonstrate and discuss the issue relating the incorporation of an access control model in the context of group-centric secure collaboration environment. We also discuss two potential solution approaches and their significance in building the foundation for further research.