Role-based domain discovery in decentralized secure interoperations

Multi-domain collaborative environments are becoming a reality as can be witnessed in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such multi-domain environments is a crucial challenge. Decentralized secure interoperation approaches are becoming promising since it requires no centralized administration and thus can accommodate very large scale collaborations. In decentralized secure interoperation approaches, the resource-requesting domain itself needs to first identify the specific domains that contains the requested resources since there is no centralized administrative domain. Such a problem becomes more challenging when Role Based Access Control (RBAC) is employed since the permissions over resources are encapsulated as roles and the least privilege principle has to be ensured. In this paper, we define such a problem as role-based domain discovery problem and propose efficient solutions to address it. In particular, we use a role mapping algorithm to ensure the least privilege principle and propose three discovery approaches to identify the domains containing the requested resources: Linear Propagation Approach (LPA), Broadcasting Approach (BA), and Hybrid Approach (HA). We conduct a comprehensive simulation to evaluate and compare the three proposed discovery approaches using various criteria.