A SIP-based architecture model for contextual coalition access control for ubiquitous computing

A significant deterrent to the ability to connect in a spontaneous manner in cross-enterprise collaborative applications is the difficulty in users from different domains being able to access resources or services located and owned by other entities. Coalition access control encompasses control mechanisms dealing with access between users of two or more different security domains. In this paper we present an approach to add contextual information to the distributed role based access control (dRBAC) model to support spontaneous coalition. The dRBAC model is a relatively new approach for coalition access control based on a delegation model but has been targeted towards pre-arranged delegations among distributed enterprises. A delegation architecture is presented that leverages SIP communication sessions to discover delegation security managers that can automatically exchange roles and delegations based on location and communication session contexts.