Trustless Blockchain-based Access Control in Dynamic Collaboration Mouhamad Almakhour Layth Sliman Abed Ellatif Samhat Walid Gaaloul Lebanese University, Faculty of EFREI Engineering Lebanese University, Faculty of Telecom SudParis Engineering-CRSI, Univ. Campus, School-Paris Engineering-CRSI, Univ.Campus, Evry, France Hadath, Lebanon Villejuif, France Hadath, Lebanon walid.gaaloul@mines-telecom.fr mohammadmakhour@gmail.com layth.sliman@efrei.fr samhat@ul.edu.lb Abstract—AC (Access Control) is the process of ensuring this authorization process via smart contracts. To validate our that an authenticated user accesses only what he or she is proposal, we implement cross-organizations authorization authorized to do with respect to certain models and security process as a smart contract, which is deployed on the Testnet policies. In business collaboration systems, services are BlockChain of Ethereum. designed to conduct actions requested by a customer, using service provider’s infrastructure. In such context, the The rest of the paper is organized as follows: in section II, agreement on a conventional access management system is we present the related works, mainly the different identity difficult because it will depend on different infrastructures and management models as well as the existent model of access security policies implemented by each involved party. In this management. In section III, we discuss the proposed solution paper, we investigate the authorization process that manages and the motivation of the adopted models. The permissions and rights of access to shared services in a implementation of the proposed solution is presented in federation of enterprises and we propose a solution based on section IV where different scenarios are given also. Section the Ethereum Blockchain platform and the Attribute Based V concludes this paper. Access Control Model (ABAC) to define this authorization process. II. RELATED WORKS Keywords— Access Control, collaboration, Trust, The concept of virtual team or virtual company was born BlockChain, ABAC in the 1990s to describe the new forms of management and digital exchanges between teams or between companies. The I. INTRODUCTION virtual organization is defined as "a temporary alliance of independent, connected, geographically dispersed Trust is a major factor in business collaboration. organizations, institutions, industries, enterprises, etc., Managing trust involves complex and costly processes and including a high level of trust, who collaborate and share brings its own risks to companies’ information systems their resources and skills in order to respond to customer because relying on trust often involves the presence of a requests "[2]. The difficulty lies in the differences in “trusted” third party and may compromise the security. infrastructure and security policies implemented by each However, the lack of trust may lead to major business partner. Each of them must interconnect with others and opportunities lose, for instance in “on the fly” collaboration. share resources while maintaining the security of their own In such scenarios companies collaborate by conducting organization. All must provide a means of communication actions on each other’s’ system in order to achieve the that ensures the integrity and confidentiality of the data. common objective. One of the most interesting technologies Similarly, they must have a way to verify the identity of the that may resolve this dilemma is Blockchain. The people and systems involved in the collaboration. Then Blockchain provides trust without a trusted third party. Access management should guarantee to each and all people Blockchain is a technology that provides a decentralized involved in the organization's projects, at all times, all the “database” on a network that is scalable, secure, tamper- means necessary to carry out the mission entrusted to them, proof, and accessible by each peer on the network. Thus, with respect to the permissions and security policies of the using Blockchain allows coping with both trust and data different involved organizations. That these means be at integrity issues. However, managing identity and access every moment limited to the just necessary. Below, we control in Blockchain based collaboration brings its own briefly describe the different identity management models as issues. Conventional methods to manage access control reach well as the different access management models. their limitations in such a context taking into consideration the constraints related to the Blockchain infrastructure on one side and the heterogeneous access control policies A. Identity Management Models implemented by each involved party, on the other side. 1) Isolated identity In this paper, we consider the authorization process that manages permissions and rights of access to shared services In this model, each service provider uses its own identity in a federation of enterprises. To do so, we propose a domain, that is, its own identity provider. A user must use a solution based on the Ethereum Blockchain platform and the different ID and credential to authenticate with each domain. Attribute Based Access Control Model (ABAC) to define From the point of view of each identity provider, identity 27 management is simpler. In addition, in case of identity computer markets, with Microsoft Windows for example, corruption in an identity domain, the other service providers and servers with UNIX and Linux systems. This model is are not impacted. This model also allows to define a different based on a matrix composed of a finite set of entities, target level of security for credentials (length of the password, resources and rules. It leads to the establishment of a number of credentials to be presented, etc. . .) Indeed, the comprehensive list of access rights i.e. Access Control List latter must repeat the steps of authentication and (ACL). This implies that any unauthorized access is identification with each of the identity domains attached to prohibited. Thus, the rights are assigned directly to the user the service providers. Therefore, he must manage and accounts (each right is assigned by name). One of the remember as many identifiers and information useful for implementations of the IBAC model is Discretionary Access authentication as services he must access. This increases the Control (DAC) [4], which is based on the concept of the risk of forgetting or losing this information, especially for owner of the resource. The latter has total control over the services that are rarely accessed. In addition, this situation resource he or she has created and for which he or she is can be a source of weak adherence to the organization's responsible. It determines which entity has permission to security policy, which will be deemed too restrictive. conduct what type of action on its resource. The complexity of ACLs increases according to the number of identities and 2) Federated identity the number of resources since it is necessary to list the Identity federation is defined as a set of agreements, authorizations for each Identity-Resource combination. In standards, and technologies that allow a group of service fact, when a new resource is available or when a new user providers to recognize credentials from other service arrives, the list of authorizations must be updated. providers that belong to the federation [1][3]. The federation 2 Mandatory Access Control (MAC) gives users the illusion of using only one unique identifier while continuing to present a different one to each service In the case where the owner of an information system provider. In federated identity architecture, each service should not be responsible for managing the underlying provider uses its own identity provider, but is able to accept security, MAC-type models can limit access based on the identities from other providers. Access to a service provider sensitivity of the data. For this purpose, the target entities are can then be through an identity of an identity provider other hierarchized in different levels of security called labels. Bell than his own. and Level [1] developed a model where a minimum level of security is required to access the resource. This level defines 3) Centralized identity the level of privilege of the user. Similarly, a security level is In this model, only an identifier and a credential are used assigned to the resource. This level determines the level of by the service providers. Three examples of implementation classification of the resource. The user then has access to the of this type of identity management [3]: resource only if his level of authorization is greater than or equal to the classification level of the resource. In addition, 3.1 Common Identity for an application, an execution level, called the current In this model, a single entity acts as the identity provider level, is also defined. The current level of an application is for all service providers. The mode of operation is halfway always less than or equal to the privilege level of the user between the isolated identity model and the federated responsible for running the application. The "no read up" identity model. With this type of implementation the single condition implies that an application can read access to identity provider is a central and sensitive point for all information only if the current level of the application is service providers. Indeed, in the event of a failure or greater than or equal to the classification level of the modification at the level of the identity domain, all the resource that manages the data. Similarly, the "no write dependent entities are impacted. down" condition assumes that an application can transmit information to a resource only if its current level is less than 3.2 Meta identity or equal to the classification level of the target resource. This The implementation of a meta-identity domain allows access control model is also called Rule Based Access service providers to share information about identities. Control (RuBAC) because access is governed by rules. 3.3 Single Sign-On (SSO) 3 Role Based Access Control (RBAC) The Single Sign-On approach is similar to an identity Unlike the IBAC model where entitlements are granted federation, but no identity match is required because there is directly to the user, in the RBAC model developed by the only one identity provider. In this architecture, a user needs National Institute of Standards and Technology (NIST), to authenticate only once (single sign-on) with a service permissions are assigned to roles. The management of provider. It is then authenticated de facto with other service authorizations is then simplified. In addition, NIST proposes providers. The Single Sign-On model can be associated with several variants of the RBAC [5], for instance, using the the identity federation model, allowing single-domain inter- notion of inheritance between roles. In RBAC, the difficulty domain authentication. lies in the completeness and the granularity of the roles. In fact, too broad roles admit too many rights and too small B. Access Management Models roles will increase the difficulty of administration. For access management, the following model can be found 4 Attribute Based Access Control (ABAC) in the literature and used in exciting systems. The model ABAC, defined in [6], proposes to have the 1 Identity based access control (IBAC) access rights according to the characteristics of the identities. Like the IBAC model, the access rights policy can be The IBAC model [1] is historically the first type of access materialized by a matrix, but not based on identities. As a control and still used by operating systems in the personal result, access rights to a resource or service are defined for 28 one or more attributes that identities may have. This that manages the permissions and rights of access to shared paradigm therefore offers more flexibility. In addition, by services in a business federation and the implementation is defining an attribute closer to the notion of role, ABAC based on the Ethereum Blockchain platform. makes it possible to simulate the behavior of an RBAC model, but generalizes it by not limiting the access rights to A. Ethereum Blockchain technologie the only users present in the organization. It allows in Blockchain technology allows a distributed computing particular to determine access rights with a finer granularity. architecture where the transactions are publicly announced In addition, defining a role as a set of attributes makes it easier to handle conflicts. The management of access rights and the participants agree on a single history of these is facilitated because it does not require additional transactions (or some kind of ledger) [10] [12]. The information. However, access security is then based on the transactions are grouped into blocks, given timestamps, and values assigned to the attributes and thus on the quality and then published. The hash of each block includes the hash of integrity of the information related to the identities. the previous block to form a chain, making published blocks difficult to alter. As Bitcoin began attracting attention, 5 Organization Based Access Control (OrBAC) developers have taken advantage of the features of With the OrBAC model [4], the organization is perceived BlockChain technology as an infrastructure to create their from an abstract perspective as a set of activities that roles own platforms (aside from the main use of Blockchain in have permission, prohibition or obligation to achieve through facilitating the transfer of digital currency in Bitcoin). On the views. Just like in RBAC, it is possible to use the notion of one hand, some platforms use the Bitcoin network as inheritance for roles. Concretely, authorizations are granted infrastructure for notarization or proof of existence of digital to subjects for actions on objects through three-dimensional files, crowd funding, dispute mediation, and spam control, matrices. among others. On the other hand, some platforms have emerged and took the form of “alt coins'', which are III. PROPOSED SOLUTION alternative Blockchain-based crypto currencies that aim to After reviewing the main identity and access improve the capabilities of Bitcoin (or lack thereof) by management model, we focus on the requirements of our implementing their own features and capabilities. The authorization process that manages permissions and rights of “improvements'' can come in the form of a different proof- access to shared services in a federation of enterprises. The of-work algorithm (to shorten the verification time of trans- requirements include: actions) or different hashing algorithm. There are a lot of alt coins, but the biggest ones that have attracted a following - Providing trust between different members of the and attention is Ethereum [7]. In our work and following the federation who do not know each other. schema illustrated in figure 1, we use Ethereum as it is a - Denying any illegal access from outside the Federation, public or unlicensed block chain. Anyone with a computer unauthorized access or no access agreement. and open source software can participate by listening, trading, or exploring data, which means that all data - Decentralization of authorization process that prevents included in a transaction or smart contract is public. We the risk of loss of access control that allows services to be stopped. need a database to store users, attributes, permissions and logs. Each company shares its service in the federation for Today, one of the most important technologies used in the benefit of users. The transactions can be public or the security field is the Blockchain. The Blockchain ensures private according to the agreement between the members of trust without a trusted third party. Confidence is obtained by: the federation and the governance should not be controlled • Validation of transactions added to blocks by a member of the federation. • For a transaction added to BlockChain, you cannot edit or delete. Based on such technology, smart contracts are agreements between parties that are written in executable code on the Blockchain instead of being written in natural language,. The execution is then managed automatically by the BlockChain according to the conditions described in the contract. We propose a solution based on the smart management system contracts. The idea behind this solution is to define an authorization process that manages permissions and access rights to shared services in a business federation. This process satisfies the requirements by providing trust between different members using Blockchain. It also denies any illegal access from outside the federation. With Blockchain, the decentralization of authorization process can be also done. All steps are done automatically from Smart Contracts, so no needs for a manager on the process. Our solution is based on ABAC access management model explained earlier to define an authorization process Figure 1: Types of Blockchain [10] 29 Regarding other well-known blockchain technology, we IV. ETHEREUM BASED IMPLEMENTATION note that Bitcoin [2] is a crypto currency and uses the technique of the blockchain as a payment network. In A. ETHEREUM addition, Bitcoin does not support the necessary smart In 2013, Ethereum was proposed by Vitalik Buterin to create contracts required in our process. As for Hyperledger Fabric a BlockChain-based distributed computing platform with the [11], it is a private or licensed blockchain protocol designed capability of building and running decentralized applications for B2B business applications. Most managed blockchain or smart contracts [7] [8]. As a BlockChain-based protocols allow authentication, authorization and cryptocurrencies, it offers the same features as Bitcoin of authorization of actions. This makes Hyperledger Fabric easy mobile payments, reliability, full control of one's own more suitable for companies in various industries (such as money, high availability, fast international payments, zero supply chain, healthcare, and banks) that want to use or low fees, protected identity, and privacy. Ethereum, blockchain technology for internal or collaborative purposes however, offers more than enabling online transfer of digital without operating on public networks. As our need requires money; it enables its users to build and deploy smart a public blockchain and the type of the Hyperledger fabric is contracts. Ethereum is composed of most of the protocols private blockchain and which is for internal application that other cryptocurrencies, like Bitcoin, also use. For without operating on public networks, we decided to use example, Ethereum also includes a peer-to peer protocol for Ethereum blockchain technology. In the current the Blockchain. And the Blockchain is managed and kept implementation of Ethereum, consensus is reached by secure by nodes in the network. In addition to these mining based on proof of work. protocols, the main modification and innovation of Ethereum is being a programmable Blockchain, i.e., it B. ABAC Access Management allows its users to create, deploy, and run decentralized applications on the Blockchain. In this part we discuss and compare the access management models mentioned in related work section. B. ETHEREUM VIRTUAL MACHINE In the IBAC model, access controls are based on an At the center of Ethereum is the Ethereum Virtual Machine exhaustive list of entitlements for each authorized account. (EVM), which can execute codes of arbitrary algorithmic The complexity of ACLs increases according to the number complexity. Therefore, applications that are created using of identities and the number of resources since it is known programming languages, such as JavaScript, can be necessary to exhaustively list the authorizations for each run on the EVM. To facilitate the execution of codes in the combination. The federation contains a large number of blockchain and to maintain consensus, the nodes of the users so this model is not compatible with the federation of network run the EVM and execute the same instructions. companies. Computations in the EVM are payed in ether (ETH), which is the currency used in Ethereum. The RBAC model allows to reduce the list size of the authorizations. Access controls are performed on the roles C. ETHEREUM ACCOUNTS assigned to the accounts. Application roles are granted Ethereum’s basic unit is the account. Ethereum uses two based on the business profile. The difficulty lies in the types of accounts: Externally Owned Account (EOA) and completeness and the granularity of the roles. In fact, too Contract Account. An EOA is controlled by a corresponding broad roles admit too many rights and too small roles will private key, has an ether balance, can send transactions increase the difficulty of administration. In the federation (transfer ether to another account or trigger a contract code), each user has a different right or permission so we did not and does not have an associated code. Similar to a Bitcoin use this template because of the granularity of the user roles. address, an EOA is in the form of random numbers and letters, and therefore looks anonymous and can be shared In the OrBAC model, permissions or prohibitions are based publicly. A contract account (or simply called contract) has on contextual expressions defined according to the an ether balance and has an associated code. All actions in organizational structure of the institution. In our work, the the blockchain are set in motion by the transactions created federation defines the users that they have the right of access by EOAs. This means that the code in a contract is executed and we cannot define them in advance. when it receives a transaction from an EOA, where the input parameters for the code execution are included in the The MAC model relies on flow control. Constraints are transaction. Therefore, contracts can be considered as defined on data and resources. The level of entitlement of an autonomous agents inside the EVM that execute a specific account then determines whether or not he has the right to piece of code when poked by a transaction. Code execution access the information. In our process, we do not have in a contract can also be triggered by messages from other constraints to define because the permission is provided contracts (see the next subsection for detailed explanation according to the user. on transactions and messages). In contrast to Bitcoins script, a contract performs Turing-complete computations and is In the ABAC model, access controls check the presence and typically written using some high-level language, such as value of application attributes defined at the account level. It Solidity, Serpent, and Lisp like Language. A contract's is then possible to simulate the RBAC behavior by mapping behavior is fully dependent on its code and on the the attributes on the definition of the roles. This model is the transactions sent to it and therefore offers the possibility for appropriate one for our process because according to the creating decentralized and trusted systems. attributes of each user, access rights are given. 30 D. TRANSACTIONS AND MESSAGES added to the block that came before it. Every block contains An Ethereum transaction is a signed data package that stores the hash of the previous block, and thus, creating a chain a message from an EOA to another account on the that connects the first block (genesis block) to the current blockchain. A transaction contains the Ethereum address of block. The miner who solves a block is rewarded with ether the recipient, a signature that identifies the sender, the (currently at 5 ETH). The cost of the gas used in the amount of ether being transferred, an optional data field, and transactions that are mined, and an extra reward of 1/32 per startGas and gasPrice values. The startGas limits the uncle. Uncles are stale blocks with parents that are ancestors maximum amount of gas the code execution triggered by the of the including block. Valid uncles are rewarded to increase message can incur. And the gasPrice is the amount in ether the security of the network by neutralizing the effect of to be paid for one unit of gas consumed (see the next network lag on the dispersion of mining rewards. The PoW subsection for detailed explanation on gas). When users algorithm used in Ethereum is called Ethash (a modified send transactions, they pay a small transaction fee in ether to version of the Dagger-Hashimoto algorithm) and requires a the network. This fee protects the blockchain from brute force solution i.e. miners scan and test for a nonce to malicious computational tasks, such as distributed denial-of- find a solution that is below a certain difficulty threshold. service (DDoS) attacks and infinite loops [9] [12]. A The difficulty is adjusted accordingly so that it takes message is a virtual object that can only be sent by a approximately 15 seconds to find a valid nonce. The Ethash contract to another contract. A message contains the identity PoW is a memory hard computational problem, that is, it is of the sender, the identity of the recipient, the amount of application-specific integrated circuit (ASIC) resistant and ether being transferred, input data, and a startGas value. allows a more decentralized distribution of security (as Similar to a transaction, a message leads to the recipient compared to specialized hardware used by many mining account running its code. Therefore, contracts can have pools that dominate the mining in Bitcoin). The security of relationships with other contracts in exactly the same way the blockchain relies on this PoW system, which inherently an EOA can. means that a block cannot be modified without redoing the work spent on it, including the work spent on blocks E. ETHER AND GAS chained after it. Therefore, an attacker will be outpaced by Ether (ETH) is Ethereum's native value token and is the honest miners as long as majority of the overall computation currency of the network. The sender of a transaction needs power participating in the Ethereum network are controlled to pay for the code it wants to execute, including by honest miners. In this case, a block recorded in the computation and data storage. When a code in a contract is blockchain is almost impossible to modify. executed as a result of being triggered by a message or G. Scenarios transaction, every node in the network executes this code. The cost of this execution is expressed in gas. Gas is At the beginning, a necessary agreement by the entire purchased for ether from the miners that execute the code federation member defines the rules for access to services (miners are the nodes in the Ethereum network that receive, and the requirement (attributes) by a user to obtain service propagate, verify, and execute transactions). Gas and ether access, this agreement is called Primary contract which is are decoupled because gas is supposed to be constant cost of signed by all businesses. network utilization, whereas ether, and currencies in First the attributes indicated in the agreement (main general, is volatile. Therefore, even if the price of ether contract) are pre-loaded in the smart contracts, then each increases, the gas price in terms of ether of executing a director (Local manager) records the users and their function in a contract remains constant. Every attributes. An access request is in the form of a Token computational step that is executed in a contract or request is created automatically after a comparison between transaction requires gas, and each transaction includes a gas the users attributes to the pre-loaded one. Token represents limit and a fee that it is willing to pay per gas. The price of the permission and the right of access. The token contains the gas is decided by the miners, and miners have the choice the user's ID and address, date to expire, Token status, and of including the transaction and collecting the fee or not delegation option fields. Depending on the attributes, the (similar to the transaction fee in Bitcoin, wherein miners can Token is created with different values. Different scenarios decide to get the fee or not). Ethereum clients automatically are given below. purchase gas for the ether specified by the sender as maximum expenditure for a transaction, and the excess gas • Scenario 1: Request a Service Access Token not used by the transaction execution is returned to the A user requests a Token to access a service. The Smart sender in ether. Therefore, overspending on the gas is not an contract verifies the identity of the user from his ID and his issue because the user will only be charged for the gas address. The smart contract examines the attributes to give a consumed by a transaction. Readers can refer to [7] [12] to request for access to the specific service from the pre-loaded read more about Gas. conditions. If the attributes satisfy the conditions, a Token is created and returned to the user, otherwise the request is F. MINING AND PROOF-OF-WORK rejected. After having a Token, each access to the services is Transactions are grouped together in blocks, which are then checked (verification of the expiration date and status of the added to the blockchain through the process called mining. Token). The mining process uses a proof-of-work (PoW) system wherein miners all around the world use special software to • Scenario 2: Revoke an Access or User solve mathematical problems. Blocks are connected and This is used to revoke an access of a user left the company linked together to form a blockchain, where a new block is or who changed status that does not allow preserving the old 31 permissions. The local manager sends a revocation request containing "ID user" and Token to Smart contracts which in turn add the user and their Tokens to the revocation list. • Scenario 3: Request service access To obtain a service provided in the Federation, an access request will be made by the user by presenting their "TOKEN ID" in the smart contract Verification which in turn verifies this Token (@user, ID user, expiry date and status of the Token) and returns access to the user. If the answer is negative the request is rejected. • Scenario 4: Service Delegation If a user gives his Token to another user, when a service access request is made the Smart Contracts Verification Service takes the Token and the delegated user address and checks whether it is Token with delegation. If it is the case, the access to service is given. H. Design and implementation According to the scenarios presented above, we propose the following design: Figure 2: Component diagram • Component Diagram In our solution for this process, 5 components are proposed. Figure 2 illustrates the component diagram and relationships • Sequence diagram between components: We show in Figure 3, the sequence diagram to present how the implementation functions and the different phases of our • Service/Local User Manager: Its function is to add and process are working. The process consists of 5 phase: identify all users of the company (ID, @, Attributes) and to 1. Loading policies phase to set the attributes in order to manage add-on and revocations. have an access service. 2. The second phase is to create User in order to add users of • Owner Manager: Several people are authorized by the companies. company to define the attributes for the creation of a Token 3. The third phase is create Token, which is responsible for and for the revocation conditions of the Token. giving users access to benefit from the services in the federation. • Smart contracts Add User: This Smart contract is pre- 4. Access Service phase is the fourth to verify the token loaded by the data of all Users (ID, Attributes, address before giving the access. User). This Contract represents the core of the project 5. Finally the revocations phase in order to revoke a user or because it includes the main database which allows any user expired token. to obtain access to the services. • Smart contracts Token: The intelligent contract allows the creation of Tokens by taking as input the Users ID. This Smart contract is pre-loaded with attributes (defined by Owner service). • Smart contracts Authentication/Service: it takes as input Token ID, then it checks if this Token exists in the BlockChain and if it is valid. If yes it provides the service otherwise the request is rejected. Figure 3: Sequence Diagram (1/2) 32 [6] L. Wang, D. Wijesekera, S. Jajodia. “A logic-based framework for attribute based access control,” ACM workshop on Formal methods in security engineering, pages 45-55, 2004. [7] Ethereum. “Blockchain App Platform,” Accessed: Nov. 28, 2017. www.ethereum.org/ [8] G. Wood. “Ethereum: A Secure Decentralised Generalised TransactionLedger,” Yellow Paper. Accessed: Nov. 28, 2015.www.ethereum.github.io/yellowpaper/paper.pdf [9] Jason Paul Cruz, “ RBAC-SC: Role-Based Access Control Using Smart Contract,” Graduate School of Information Science and Technology, Osaka University, Suita 565-0871. Japan ,March 7, 2018 [10] V. Gatteschi, F. Lamberti, C. Demartini, C. Pranteda and V. Santamaría, "To Blockchain or Not to Blockchain: That Is the Question,"in IT Professional, vol. 20, no 2, pp.62-74, Mar./Apr. 2018. [11] Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos, Christidis Angelo,“Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains,” arXiv:1801.10228v2 [cs.DC] ,IBM, 17 Apr 2018. [12] Imran Bashir, “Mastering Blockchain Distributed ledgers decentralization and smart contracts explained“ First edition book 2017, www.packtpub.com. Figure 4: Sequence Diagram (2/2) [13] Damiano Di Francesco Maesa, Paolo Mori, and Laura Ricci, ”Blockchain Based Access Control”, University of Pisa, Department of Computer Science, Pisa, Italy. [14] Jan Mendling et al., Blockchains for Business Process Management- Challenges and Opportunities, in ACM Transactions on Management Information Systems, Volume 9 Issue 1, February 2018 V. CONCLUSION In this paper, we presented a new smart contract-based authorization management system. It manages permissions and rights of access to shared services in a federation of enterprises. We proposed a blockchain-based management system by adopting the ABAC access model. The blockchain is a machine used to ensure that the execution of transactions is carried out in strict accordance with previously established rules. So it's a kind of digital trust. According to the effectiveness of the platforms, we choose Ethereum as a platform for our solution. In the ABAC model, access control checks the presence and value of application attributes defined at the account level. In this solution, the confidence is obtained by: • Validation of transactions before being added to blocks • A transaction added to the Blockchain cannot be modified or deleted. As future work, we will work to raise the level of security. More precisely, define other types of tokens and will come out of the general Token for all the service in a federation of companies in the specific Token at the same service level and develop this process to become more efficient. REFERENCES [1] Guillaume HARRY, “IAM - Gestion des identités et des accès : concepts et états de l’art ,” CC-BY-NC-ND, 2017.www.crns.fr [2] Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” October 2008 , www.bitcoin.org/bitcoin.pdf [3] A. Jøsang, J. Fabre, B. Hay, J. Dalziel, S. Pope. “Trust Requirements in Identity Management. Australasian Information Security Workshop,” 2005 volume 44, pages 99-108, 2005. [4] F. Cuppens, N. Cuppens-Boulahia. “ Les modèles de sécurité. Dans Sécurité des systèmes d'information,” (Traité IC2, série Réseaux et télécoms). Hermès, pages 13-48, 2006. [5] Guillaume HARRY, “Failles de sécurité des applications Web,” contenu sous licence Creative Commons CC-BY-NC-ND CNRS,38pages,2012.www.resu.dsi.cnrs.fr/IMG/pdf/failles_de_securit e_v1-3.pdf 33