Using Semantics for Automatic Enforcement of Access Control Policies Among Dynamic Coalitions

In a dynamic coalition environment, organizations should be able to exercise their own local ne-grained access control policies while sharing resources with external entities. In this paper, the authors propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. The approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions.