Cross-domain attribute conversion for authentication and authorization

Abstract

In bio-security emergencies, such as an outbreak of an exotic animal disease, it is essential that the organizations involved in combating this outbreak collaborate effectively and efficiently. To achieve such a collaboration potentially confidential infrastructure and resources need to be shared amongst members of the participating organizations. In AU2EU we demonstrate the combination of existing data minimizing authentication, attribute-based authorization technologies to dynamically enable collaborations between these organization. However, a key problem that occurs during the establishment of such collaboration is different terminologies for similar authorization attributes. To overcome these differences and to minimize the overhead for new organizations to join an existing consortium we propose an ontology-based solution for converting attributes from one domain vocabulary to another. Additionally, we propose a methodology to construct a shared domain vocabulary. Using a shared domain vocabulary in the conversion process decreases the amount of alignments required for collaborating. We integrate and demonstrate the feasibility of this approach in a real-life scenario within the scope of AU2EU. This paper presents preliminary work, which is currently being deployed and will be evaluated in the upcoming months.