Abstract
Current mechanisms for distributed access management are limited in their capabilities to provide federated information sharing while ensuring adequate levels of resource protection. This work presents a policy-based framework designed to address these limitations for access management in federated systems. In particular, it supports: (i) decentralized administration while preserving local autonomy, (ii) fine-grained access control while avoiding rule-explosion in the policy,(iii) credential federation through the use of interoperable protocols, (iv) specification and enforcement of semantic and contextual constraints, and (v) usage control in resource provisioning through effective session management. The paper highlights the significance of our policy-based approach in comparison with related mechanisms. It also presents a system architecture of our implementation prototype.