Request-driven role mapping framework for secure interoperation in multi-domain environments

This paper proposes a request-driven role mapping framework for secure interoperation in multi-domain environments. To support flexible policy expression and inter-domain policy mapping, we present a convenient and effective method to perform the privilege query in general hybrid role hierarchies for special external requests based on the minimal unique set (MUS). Role mappings are the basic approach for the interoperation among multiple individual domains. To describe the relationships between roles practically, role mappings are divided into three types: I-mapping, A-mapping and IA-mapping. These mappings denote the forms of the different role hierarchies respectively. Role mappings are the major causes for various types of conflicts and inconsistencies in multi-domains. This paper analyses the reasons for generating these conflicts and presents the algorithms to resolve them. Compared to other researches, this method can ensure that the external user requests will be satisfied and the local role hierarchies will be furthest preserved. Finally, the study of the instance for interoperation among the various offices of a county shows the validity of this role mapping framework.