A role-based access control model for information mediation

With the increasing demands for data integration and exchange among distributed heterogeneous sources, many applications require secure interoperation and the information sharing. Mediation techniques provide an extended amalgamation of searching and querying in heterogeneous systems, but enlarge the space of possible threats to local data sources. How to encourage data sharing while enforce required protection to resources is a challenging problem. Traditional access control mechanisms and methods are inadequate to reflect the heterogeneous environment and the flexible access control requirements. This paper presents a mediation security architecture for information integration based on role-based access control (RBAC). An adorned XML model (AXM) is used to homogenize security data modeling. Security requirements of mediation systems are specified by constraints over various RBAC dimensions. An incremental security enforcement method is proposed to integrate RBAC modules into the mediation architecture. The method supports adaptive and scalable design of secure mediation systems.