Laurent Bussard, Anna Nano, and Ulrich Pinsdorf
Today, it becomes more and more common to combine services from different providers into one application. Service composition is however difficult and cumbersome when there is no common trust anchor. Hence, delegation of access rights across trust domains will become essential in service composition scenarios. This article specifies abstract delegation, discusses theoretical aspects of the concept, and provides technical details of a validation implementation supporting a variety of access controls and associated delegation mechanisms. Abstract delegation allows to harmonize the management of heterogeneous access control mechanisms and to offer a unified user experience. The authors observe standardization efforts to reduce application and domainspecific delegation mechanisms, but this variety is very unlikely to completely disappear.
|Published in||Identity in the Information Society|
All copyrights reserved by Springer 2007.