Authorization control has been well studied for years, and there are quite a few theories and techniques available for handling access control for a single or a centralized system. However unique and challenging security issues concerning business collaboration in the context of service oriented computing (SOC) have arisen due to the dynamic and loosely coupling nature of the environment in which business collaboration is conducted. In this paper, we discuss di erent authorization control issues in business collaboration and present an overview to our proposed PD-AC framework, which we believe it has laid a good foundation for future work in the area of policy consistency checking, policy negotiation, and security policy enforcement in business collaboration.
Web services and Service Oriented Computing (SOC) provides infrastructural support for cross-organization collaboration in distributed environments. However security concerns become one of the main barriers that prevent widespread adoption of this new technology. Each organization or business unit has its own interest and security polices for de ning who has access right for speci c services and how services can be used. In web services environment with complex crossorganization collaborations, Di erent security challenges will arise with di erent number of participants involved in collaboration.
Access control is enforced in a single organization by using pre-de ned authorization control polices. Common authorization control practices include requester credential veri cations, role assignments and access decision makings.
In collaborative business world, a service can be accessed by a party which can pass it to other parties. We shall use some examples in health care to illustrate some issues.
Suppose a patient granted access right to a General Practitioner (GP) in a medical centre on patient's health record. Since the physician is a member of a research institute, he could also let researchers in this institute access to this health record based on the security policy of the medical centre. However the patient may not want the GP give access right to anyone on his health record unless there is an emergency. How can we use security policies to control the way in which information or service is propagated between organizations?
Problem can also arise from service composition. For example, a medical center allows the patients who hold an OSHC (overseas student health cover) to book appointments on line for general inquiry and ultrasound exam based on its policy. A radiology institute wants to collaborate with the medical center and accepts on line bookings from the medical center. However, OSHC is not accepted by the radiology institute's policy. It is challenge to decide which authorization control policy they should follow if these two organizations collaborated in the presence of this policy con ict.
Moreover, organizations collaborate with each other in various ways. Before organizations engage in collaboration, their authorization policies need to be analyzed to decide the possibility of collaboration under the authorization constraints de ned by each individual party. Therefore, we need to evaluate consistencies of access policies of di erent organizations. Intuitively, the concept of 'access policy consistency' is referred as that the access policies of di erent organizations are con ict free, for the same service. And organizations are able to collaborate in the intended way securely in terms of access control policies.
To address these complex security policy issues, we need a framework that can analyze, evaluate and integrate security policies if necessary for collaboration purpose, based on which negotiation can be guided and security integrity can be enforced. Security control in business collaboration should take individual organization's access policy into account, as well as the type of the collaboration which is referred as collaboration pattern in the paper.
Access control issues in signle organization or signle domain have been well
studied [
The rest of paper is organized as follows. We rst explain the basic elements included in the security policy and relationship between these elements in Section 2. In Section 3 we identify and model di erent types of collaborations. In Section 4 we model and discuss security controls for di erent types of collaboration in health care environment. We propose our framework in Section 5. Formal de nition and of policies and rules are presented in Section 6. Related work is discussed in Section 7. In Section 8, we give some concluding remarks and outline future research directions.
A number of studies concentrated on authorization architecture [
A few of studies have touched policy level security issues, which focused on
identifying di erent security requirements and proposed speci cations for these
requirement. Trust-Serv[
There are few papers on Web service authorization control in the
collaborative environment. We are aware of the work presented by [
In summary, none of these studies went deep into di erent types of crossorganization collaboration, which could raise di erent requirements on access control policy of prospective collaborative partners. Our goal is thus to provide a framework that could identify types of cross-organization collaborations in this context; de ne collaboration requirements in terms of security policy; generate policy integration rules. Most importantly our work is in the context of business collaboration which involves multiple organizations rather than simple interaction between individual requester and single service provider.
In this paper we present some of our initial results in modeling security requirements and integrating security policies for business collaboration. We believe this study is the rst step towards achieving an understanding of a secured of business collaboration in terms of authorization control. 3
The core function of our PD-AC (Policy Driven Authorization Control) framework is realized by a Policy Evaluation Engine, which is associated with every organization that provides services in business collaboration, see Figure 1. Policy Evaluation Engine is used to analyze the nature of collaboration, make access decision, and nally generate the collaborative security policies. The proposed framework consists of two components: request mediator and policy evaluation engine. Upon receiving a request for a service, the request mediator rstly identi es the type of requested service, which is a process that identify whether the requested service is a collaborative service. If it is a simple service that does not involve any collaboration, the mediator will perform normal access control functions: looking up database, check which role in the database has the requested privilege; compare requester's credential with security requirement; make access decision.
However, if it is a collaboration request (prospective collaboration partner), the request mediator will pass the request to the Policy Evaluation Engine to perform the following functions: { Identify requested collaboration type; { Evaluate requester's authorizaton policy according to policy requirements for requested collaboration type; { Make collaboration decision; { Generate collaborative authorization policies for the collaborated service if the requester if acceptable (from previous step);
In the following subsections, we will discuss di erent types of collaboration and policy evaluation engine in more detail. 3.1
Business collaborations consist of complex relationships and interactions among
organizations. Authorization policies of all participate organizations need be
carefully considered and evaluated. Our analyze shows that di erent
collaboration types a ects the requirements on collaborative partner's authorization
policy. We have conclude four di erent ways of collaboration between
organizations and provided simple examples in Health Care domain [
Simple Access (SA): it depicts the most simplest `request service - provide service' scenario that involves two organizations.
Composite Services. The Composite Service we discuss here is referring to the service that is based on the integration of multi-service providers. Two di erent cases are identi ed in service composition: 1. Composite service with agent (CSWA): Multiple numbers of service providers provide their services through an centralized agent, i.e. health insurance company and health service providers. 2. Joined service without an agent (JSOA): Two organizations involving in a peer-to-peer collaboration and provide a joined service by integrating their business processes or integrating part of their business processes together to form a new service directly without any agent. Service Outsourcing (SO): As the result of globalization, Outsourcing and o shore Outsourcing has become a popular trend in many industries, SO depicts collaboration relationship between outsourcer and outsourcees. Service Propagation (SP): it depicts collaborations that involving multiple organizations and `forward' privilege could be passed from one organization to another organization. 3.2
Authorization policy of prospective partners are compared and evaluated in
Policy Evaluation Engine to determine the suitability for requested collaboration
pattern. Before we can compare and evaluate policies from di erent
organizations, we need to understand all the necessary elements and their relationships for
a generic authorization policy. Therefore, an authorization policy model is
proposed to specify authorization policy in an individual organization. We base our
policy model on Role-Based Access Control (RBAC)[
Three categorizes of inconsistencies have been discussed in our work: role,
credential and privilege inconsistencies[
We have identi ed several cross-organization collaboration patterns, di
erent collaboration pattern can result in di erent requirements for authorization
policies of prospect collaborative partners. The requirements we discussed in our
work are basic requirements that must be satis ed by the prospect partner to be
considered for requested collaboration. Policy requirements for di erent
collaboration patterns are analyzed. Inconsistencies are discussed for each collaboration
pattern[
In this paper, we proposed an authorization conrol framework for business collaboration. Our analyze shows that di erent ways of collaboration could a ects the requirements on authorization policy of collaborative partner. The proposed framework use a policy evaluation engine to analyze collaboration suitability of prospective partners for requested collaboration pattern from authorization policy perspective. In our previous work, we have concluded di erent business collaboration patterns and discussed di erent requirements for the prospective partner's authorization policies in the collaboration. An description logic based authorization policy model has been proposed to specify the authorization policy of an individual organization. Inconsistencies between authorization policies from di erent collaboration participants are identi ed and classi ed based on the model, based on which the collaboration possibility are analyzed. In the future we intend to extend this work to incorporate the following: { Context constraints that a ect access control. { Inconsistencies that caused by role hierarchies and separation of duty. { Collaboration access control policy requriements from business transaction and process perspective.