Identity in the Information Society

, Volume 2, Issue 2, pp 137-154

First online:

Open Access This content is freely available online to anyone, anywhere at any time.

Delegation of access rights in multi-domain service compositions

  • Laurent BussardAffiliated withEuropean Microsoft Innovation Center
  • , Anna NanoAffiliated withEuropean Microsoft Innovation Center
  • , Ulrich PinsdorfAffiliated withEuropean Microsoft Innovation Center Email author 


Today, it becomes more and more common to combine services from different providers into one application. Service composition is however difficult and cumbersome when there is no common trust anchor. Hence, delegation of access rights across trust domains will become essential in service composition scenarios. This article specifies abstract delegation, discusses theoretical aspects of the concept, and provides technical details of a validation implementation supporting a variety of access controls and associated delegation mechanisms. Abstract delegation allows to harmonize the management of heterogeneous access control mechanisms and to offer a unified user experience. The authors observe standardization efforts to reduce application and domain-specific delegation mechanisms, but this variety is very unlikely to completely disappear.


Access control Authorization Composite services Delegation Identity Service oriented architectures SOA