A Theoretical Study on Access Control Model in Federated Systems

Abstract

The federation is a special case of open system where the resources are controlled and accessed by cooperation of one or more roles in the federation. The federation system needs a few special treatments like a subset ownership (i.e. multiple user ownership) of the objects, dynamic access right allocation etc. The treatments can not be handled by any combination of mandatory, discretionary and role-based access control models (i.e. MAC, DAC and RBAC). This paper gives a theoretical study on an access control model in federating systems by analysing the nature of subjects, objects and their relationships; and then proposes a generic access control model for any federation system. The safety proof shows that the federation system always remains in a safe state using the proposed federation access control model. © Springer-Verlag Berlin Heidelberg 2014.