Design and development of the dynamic DRBAC model using PMI and xacml-based authorization

In the distributed computing environment, collaboration and resource sharing among several organizations are subjects of concern. Well-established authentication and authorization are thus vital. This paper proposes a novel design and implementation of Distributed RBAC (DRBAC) and Single Sign-On (SSO) system that spans over multiple administrative domains. Our key idea is based on Multi-Agent Systems (MAS) technique owing to its modularity, autonomy, distributedness, flexibility, and scalability. All agents serve their specific purposes. We use PKI technology to secure both intra- and interdomain agents communication as well as to establish trust relationships. The Security Assertion Markup Language (SAML) is adopted to support the exchange of authentication and authorization information in the architecture. The authorization scheme is based on the Privilege Management Infrastructure (PMI). In addition, we incorporate the XACML authorization concept into the MAS engine to support the relying parties or organizations whose their access control systems are written in XACML policy. Finally, we reported our extended implementation status and introduce the multi-instance processing technique to enhance the performance of the overall system.