Delegation of access rights in multi-domain service compositions

Today, it becomes more and more common to combine services from differentproviders into one application. Service composition is however difficult and cumbersomewhen there is no common trust anchor. Hence, delegation of access rights across trustdomains will become essential in service composition scenarios. This article specifiesabstract delegation, discusses theoretical aspects of the concept, and provides technicaldetails of a validation implementation supporting a variety of access controls andassociated delegation mechanisms. Abstract delegation allows to harmonize themanagement of heterogeneous access control mechanisms and to offer a unified userexperience. The authors observe standardization efforts to reduce application and domainspecificdelegation mechanisms, but this variety is very unlikely to completely disappear