Fourth European Symposium on Research in Computer Security (ESORICS 96)

An Authorization Model for Federated Systems

Sabrina De Capitani di Vimercati, Pierangela Samarati

Keywords : Federated systems, access control, authorization administration, authorization autonomy

Abstract : We present an authorization model for federated systems based on a tightly coupled architecture. The model supports authorizations to build and maintain the federation as well as authorizations to access the federated data. At each component site owners declare the objects they wish to export and the access modes executable on them by users of the federation. Inclusion of objects into the federation requires their subsequent import by the federation administrator. Different degrees of authorization autonomy are supported, whereby users can retain or delegate the federation administrator the task of specifying authorizations. A site can require to authenticate the user at each access or accept his identity as communicated by the federation. An access control algorithm describing controls to be enforced at the federation and at each local site under the different authentication and administrative options is presented.

