Access control in a collaborative session in multi tenant environment

Today collaborative applications may enable collaboration among users from the same or different tenants of a given cloud provider. During such collaborations, the participants need to access and use resources held by other collaborating users. These resources often contain sensitive data. They are meant to be shared only during specific collaborative sessions. A collaborative session is an abstract entity, comprising a set of users, called members of the session, playing the same or different roles. These users may have concurrent access to the shared objects during a session depending on their roles. In this work, we propose an approach that ensures access control to the shared resources in a collaborative session in multi-tenants environments. We suggest CRBAC, the Collaboration Role-based Access Control. CRBAC consists of an extended version of the RBAC model. CRBAC defines new entities to support access control in collaborative sessions. The suggested model has been implemented within Swift component in the open source cloud-computing platform OpenStack.