A Trust-based Access Control Model for Virtual Organizations

Virtual organizations normally use role-based access control mechanisms to assign permissions that allow users to access resources or services. Role-based access control mechanisms, however, have three limitations. First, as only one type of trust relationship - resource trusts role - exists in the mechanisms, more trust relationships that support more types of access controls in virtual organizations can not be established. Second, as roles are created in and limited to specific collaborative work places, the permissions only take effects in the local work places, and no global permissions can be set up. Finally, the attributes of users or groups, as important resources, have no control in the mechanisms. In other words, those attributes can not be released to any other user or group. To overcome these limitations, our research provides a trust-based access control model for virtual organizations. This paper presents the model, algorithm, implementations, and experimental results