Abstract
In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
