Jump label

Service navigation

Main navigation

You are here:

Sub navigation

Main content


Horst F. Wedde und Mario Lischka
Composing Heterogenous Access Policies between Organizations
Proceedings of the IADIS International Conference e-Society 2003, S. 477-484, IADIS Press, Lisbon, Portuagal, 2003-06-03


One crucial aspect of information technology for e-Society is security, where authorization is one of the three important factors, besides availability and integrity. During the past years Role-Based Access Control (RBAC) has been proven a sound method of modeling the authorization within an organization. Recently we introduced a novel distributed concept RBAC which is based on distributed generation and administration of access rules through distributed authorization spheres. In this approach called Modular Authorization, we were able to provide techniques for a decentralized definition of access policies, which are inherited along the organizational structure. But in an e-Society exchange of information and therefore access to information is not limited to a single organization. In this paper we present an extended version of the Modular Authorization which allows to define access policies across the boundaries of an organization, thus taking into account both distributed and heterogeneous authorization structures.