An Integrated Framework for Trust-Based Access Control for Open Systems

An important requirement of systems or application domains in emerging open environments is the capability to share information and services with other application domains that have different sets of protection requirements. When a domain needs to allow entities from previously unknown domains to access its resources, mechanisms should be in place to allow negotiating trust and services based on the sharing requirements of the interacting domains. We emphasize that a holistic framework for requirements-driven trust based secure interoperation is needed to facilitate interacting domains to access each other's local resources through access control policy mapping between the domains. In this paper, we present our ongoing work on developing a comprehensive framework for a trust based access control for secure interoperation, which tightly integrates role-based access control and inter-domain policy mapping mechanism with an integrated, game-theory based trust and service negotiation process. The framework being developed aims to address the complex requirements of an environment that represents the convergence of grid, peer-to-peer and mobile environments and workflow and multimedia technologies.