An architecture for Web application session switching in virtual organizations

Role management may be hard to achieve in dynamic virtual organizations. In such entities, the users are usually unknown by the participating organizations except their home organization. The issue comes from the difficulty to apply the access control policies of the users´ home organizations into a different organization. Insofar, to use roles is relevant to define permissions for unknown users. The works described take place in a context where users have a position, a function, defining which are the resources and the necessary authorizations they need. Moreover, they work in a virtual organization set-up dynamically at the time of an unexpected event. In that situation, a high turnover of the users involved is also considered that leads to users succeeding to other ones in the execution of their duties. An access control system is designed in order to assign roles to functions, and to use certified identity attributes, issued from the users´ home organizations, to dynamically assign functions to users. It is also taken in account that some data are only recorded in the application sessions of users. The architecture designed allows the controlled switching of application sessions between users. As an illustration, the use case of an accident scene, in which a national agency operates a service for tracking the people involved, and a demonstrator, are presented.