We describe a metamodel for access control, designed to take into account the specific requirements of distributed environments. We see a distributed system consisting of several sites, each with its own resources to protect, as a federation, and propose a framework for the specification (and enforcement) of global access control policies that take into account the local policies specified by each member of the federation. The framework provides mechanisms to specify heterogeneous local access control policies, to define policy composition operators, and to use them to define conflict-free access authorisation decisions. We use a declarative formalism in order to give an operational semantics to the distributed metamodel. We then show how properties of policies can be directly obtained from standard results for the operational semantics of access request evaluation.

• 出版日期2014-11