Authorization Models for Secure Information Sharing:A Survey and Research Agenda

This article presents a survey of authorisation models and considers their`tness-for-purpose in facilitating information sharing. Network-supportedinformation sharing is an important technical capability that underpinscollaboration in support of dynamic and unpredictable activities such asemergency response, national security, infrastructure protection, supply chainintegration and emerging business models based on the concept of a virtual organisation . The article argues that present authorisation models are inexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new exible authorisation model that addresses the needs of information sharing. It proposes that a exible and scalable authorisation model must allow an explicit specication of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-Based AccessControl concept is presented.