Distributed multiple organizations interact with each other. If the domains employ role-based access control, one method for interaction between domains is role-mapping. However, it may violate constraints in the domains such as role hierarchy, separation of duty, and cardinality. Therefore, autonomy of the domains is lost. This paper proposes secure interoperation in multidomain environments. For this purpose, a cross-domain is created by foreign permission assignment. In an effort to maintain the autonomy of every domain, several rules are defined formally. Then, a decentralized scheme is used to provide permission mapping between domains. At the next stage, the proposed cross-domain is specified using Alloy, the first logic language. Subsequently, validity of the rules is analyzed through Alloy analyzer.
Read full abstract