An Algorithm for Role Mapping Across Multi-domains Employing RBAC

The problem of access control across multiple security domains in data sharing environment is addressed and a rule-based algorithm for role mapping acrossmulti-domains is presented. The algorithm resolves effciently the conflicts of cyclic inheritance and separation ofduties, and the problem of regression inheritance. The algorithm takes the "Least privilege theorem" into accountand prohibits accesses from illegal domains. Further more,the algorithm makes the establishment of role mappingacross multi-domains more effciently by preserving historical information of role mapping paths established successfully before, and satisfies preferably the access controlrequirement across dynamic multi-domains in data sharing environment. Evaluation by access instances shows theeffciency of our algorithm.