Bridging the Gap between User Attributes and Service Policies with Attribute Mapping

People, companies, and public authorities can now have a strong online presence and a huge amount of interactions on the Internet, made possible by the impressive growth of the World Wide Web and of Web technologies. Many independent parties provide services and exchange information in a plural, dynamic, and open environment. This scenario, where interacting parties are often strangers, naturally brings to attribute based access control solutions, as traditional identity based systems are usually inadequate to large open environments. User attributes certified by external authorities, however, tend to be rather general purpose and to reflect a user point of view, thus they often do not coincide with the concepts that are relevant for the service. In this paper we propose a framework to decouple the user point of view and the service point of view on user attributes: following our model, the service access control policy can focus on the concepts that are relevant for the service logic, whereas a separate attribute mapping policy establishes the bridge between the two domains.