Extending Role Based Access Control Model for Distributed Multidomain Applications

This paper presents the results related to the development of a flexible domain-based access control infrastructure for distributed Grid-based Collaborative Environments and Complex Resource Provisioning. The paper proposes extensions to the classical RBAC model to address typical problems and requirements in the distributed hierarchical resource management such as: hierarchical resources policy administration, user roles/attributes management, dynamic security context and authorisation session management, and others. It describes relations between the RBAC and the generic AAA access control models and defines combined RBAC-DM model for domain-based access control management and suggests mechanisms that can be used in the distributed service-oriented infrastructure for security context management. The paper provides implementation details on the use of XACML for finegrained access control policy definition for domain based resources organisation and roles assignments in RBAC-DM. The paper is based on experiences gained from the major Grid-based and Grid-oriented projects in collaborative applications and complex resource provisioning.