In order to eliminate the security threats faced by the information systems of large organizations which usually involve multiple autonomous domains, this paper introduces an architecture of access control collaboration, which takes a distributed authoritative domain as the leading core of the unified cross-domain access control. Through applying the ABAC model in the authoritative domain, the global strategies formulated by the authoritative domain can be compatible with those local strategies of each autonomous domain. The global strategies are designed to be described by a group of authoritative attributes, which are limited in quantity but adequate to generalize all the subjects within the global scope. For system realization, a rule-based dynamic mechanism of attributes conversion is used to automatically generate the information of authoritative attributes. The cross-domain access control method in this paper can be directly applied to typical large organizations, such as government, military and large enterprises.
Abductive Analysis of Administrative Policies in Rule-Based Access Control