There is a growing need to support secure interaction among autonomous domains/systems for developing distributed applications. As domains operate according to their individual security and access control policies, supporting secure interactions among domains for distributed workflows is a complex task prone to subtle errors that can have serious security implications. In this paper we propose a framework for verifying secure composibility of distributed workflows in an autonomous multi-domain environment. The objective of workflow composibility verification is to ensure that all the users or processes executing the designated workflow tasks conform to the security policy specifications of all collaborating domains. A key aspect of such verification is to determine the time-dependent schedulability of distributed workflows, assumed to be invoked on a recurrent basis. We use a two-step approach for verifying secure workflow composibility. In the first step, a distributed workflow is decomposed into domain-specific projected workflows and is verified for conformance with the respective domain
Federated systems are an emerging paradigm for information sharing and inte- gration. Such systems require access management policies that not only protect user privacy and resource security but also allow scalable and seamless interopera- tion. Current solutions to distributed access control generally fail to simultaneously address both dimensions of the problem. This work describes the design of a policy- engineering framework, called X-FEDERATE, for specification and enforcement of access management policies in federated systems. It has been designed from the perspectives of both security management and software engineering to not only al- low specification of requirements for federated access management but also allow development of standardized policy definitions and constructs that facilitate policy deployment and enforcement in a federated system. The framework comprises of an access control language specification that is an extension of the well-accepted Role Based Access Control (RBAC) standard. The language extends RBAC to incorpo- rate various essential features for federated access management. The framework also includes the design of an administrative model targeted at access control policy ad- ministration in a decentralized environment. The framework has been implemented as a research prototype that illustrates the use of X-FEDERATE as an enabling technology for secure Web-based federation with applications in federated digital libraries and federated electronic healthcare management.