Constraint-Enabled Distributed RBAC for Subscription-Based Remote Network Services

There is growing interest in collaboration and resource sharing among institutions and organizations. Identity based security policies are not enough to address access control in such distributed environments. In this paper, we investigate the problems of identity management inherent in distributed subscription-based resource sharing. We extend Role Base Access Control (RBAC) to a distributed environment and implement a distributed role based access control model (DRBAC). We define the concept of subject, role, distributed role, permission and autonomous organization as applicable to the distributed remote resource sharing service. Access is allowed based on the distributed roles, subject to certain constraints. Enforcing distributed role based access control policies allows organizations to ease the administrative overhead in a distributed environment.