Role-based Access Control For Distributed Cooperation Environment

The development of internet and its related technologies has made cooperation among distributed organizations become a reality. In distributed cooperation environment, access control is one of the most concerns how to maximize resource sharing and exchanging while at the same time disable unauthorized access and valuable information destruction.Access control in such distributed cooperation environment is a challenging task as new environment introduces new requirements. The wild spread acceptance of role-based access control model, an ideal for single domain environment, has motivated considerable recent works to incorporate RBAC into distributed cooperation environment by role mapping. However, role-mapping approach has a number of problems, such as security violation problems, coarse-grained user-role assignment, access permission leakage, and cooperation dependence. More over, recent works merely concerned security cooperation only, while the other problems remain uncovered.In this paper, we treat access control in distributed cooperation environment in two ways. Firstly, in role mapping approach, we apply a method that fits distributed cooperation environment to solve role-assignment problem. This method continuously solve the role-assignment problem in two domain in an iteration way. The role-assignment problem in two domains is reduced to minimum vertex cover problem in the corresponding bipartite graph, which is constructed based on the original problem. Then, the minimum vertex cover problem in bipartite graph is reduced to the minimum cut problem in the flow network, which is constructed based on the original bipartite graph. The heurist behind this method is that access permission is not allowed to transmit across domains in reality. In this way, we can not only solve role-assignment problem in polynomial time complexity but also get better approximate solution than what previous approach gets. Secondly, we proposed a role-based access control model called RBAC-DC to meet new requirements of distributed cooperation environment. In stead by defining role mapping, RBAC-DC achieves cooperation by service providing domain providing roles, permissions and user-role assignment privilege of those roles to service requesting domain. In addition, RBAC-DC disables transitivity of access permissions among domains. RBAC-DC avoids the problems of role mapping approach, achieves the goal of meeting new requirements of distributed cooperation environment. Further, it has a set of properties compared to role mapping approach, such as maximizing degree of cooperation and more control power.