Achieving DRBAC Authorization in Multi-trust Domains with MAS Architecture and PMI

  • Somchart Fugkeaw
  • Piyawit Manpanpanich
  • Sekpon Juntapremjitt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5044)


This paper presents the approach of the distributed RBAC (DRBAC) access control of the multi-application delegated to the multi-user and multi-relying party federations. In our approach, DRBAC utilizes Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) to serve the authentication and authorization. We propose the dynamic mapping scheme based on the Attribute Certification model in handling user identification, role assignment, and privilege delegation. To encourage distributedness, better scalability and performance, as well as ease of management and extension, Multi-Agent Systems concept is applied for the automation of the authentication, authorization and accountability functionalities. For the trust management of multiple PKI domains, we employ the Certificate Trust Lists (CTLs) model to make the different PKI domains can interoperate effectively. Finally, our ongoing implementation is demonstrated to prove our proposed model.


Distributed Role Based Access Control Authentication Public Key Infrastructure Privilege Management Infrastructure Multi-Agent Systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lee, D.-G., Kang, S.-I., Seo, D.-H., Lee, I.-Y.: Authentication for single/Multi domain in ubiquitous computing using attribute certification. In: Gavrilova, M.L., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganá, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3983, pp. 326–335. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization (April 2002),
  3. 3.
    Wang, X., Zhao, G., Zhang, X., Jin, B.: An Agent-Based Model For Web Services Transaction Processing. In: IEEE International Conference on e-Technology, e-Commerce, and e-Services (EEE 2005), pp. 186–189. IEEE Computer Society, China (2005)CrossRefGoogle Scholar
  4. 4.
    Fugkeaw, S., Manpanpanich, P., Jantrapremjitt, S.: AmTRUE: Authentication Management and Trusted Role-based Authorization in Multi-Application and Multi-User Environment. In: IEEE International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2007). IEEE Computer Society, Spain (2007)Google Scholar
  5. 5.
    Thompson, W., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based access control for widely distributed resources. In: Proc. of the 8th USENIX Security Symposium, USA (1999)Google Scholar
  6. 6.
    ITU-T Rec. X.509, ISO/IEC 9594-8 The Directory: Authentication Framework (2000) Google Scholar
  7. 7.
    Chadwick, D.W., Otenko, A., Ball, E.: Role based access controls with X.509 attribute certificates. IEEE Internet Computing, 62–69 (2003)Google Scholar
  8. 8.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: ACM Symposium On Access Control Models And Technologies (SACMAT 2002), pp. 135–140. ACM, USA (2002)Google Scholar
  9. 9.
    Zhou, W., Meinel, C.: Implement Role-Based Access Control With Attribute Certificates. In: International Conference on Advanced Communication Technology (ICACT 2004), Korea, pp. 536–541 (2004)Google Scholar
  10. 10.
    Freudenthal, E., Pesin, T., Port, L.: DRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. Technical Report TR2001-819, Department of Computer Science, New York UniversityGoogle Scholar
  11. 11.
    Li, N., Mao, Z.: Administration in Role-Based Access Control. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), pp. 127–138. ACM, Singapore (2007)Google Scholar
  12. 12.
    Santa, G.A., Higuera, D.: Mobile User Authentication Protocols. In: Proc. Of IASTED International Conference in Wireless and Optical Communication, Canada (2001)Google Scholar
  13. 13.
    Ma, M., Woodhead, S.: Constraint-enabled Distributed RBAC for Subscription-based Remote Network Services. In: IEEE International Conference on Computer and Information Technology (CIT 2006). IEEE Computer Society, USA (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Somchart Fugkeaw
    • 1
  • Piyawit Manpanpanich
    • 1
  • Sekpon Juntapremjitt
    • 2
  1. 1.Thai Digital ID Co.,Ltd.BangkokThailand
  2. 2.Whitehat Certified Co.,Ltd.BangkokThailand

Personalised recommendations