Secure Federated Data Sharing (SFDS) is a standards-based approach to facilitate the sharing of data through access control. The ability to share data among collaborating organizations is highly desirable, however, challenges persist regarding interoperability and security in the exchange of resources among organizations. Data can be from different systems, in different formats, organized under different schemas, and protected under different access control policies. SFDS solves both the interoperability and security problems by providing policy preserving access to data where it currently resides, rather than attempting to exchange, or centrally store data. Applying an Attribute-based Access Control (ABAC) model, SFDS grants or denies access to resources based on user assignments to attributes such as the user’s institution, position, certification, etc., and a set of policies that are specified in terms of those attributes.
SFDS is based on the integration of two existing security standards: W3C Verifiable Credentials (VC) and ANSI/INCITS Next Generation Access Control (NGAC). VC allows organizations to issue credentials to their users containing cryptographically verifiable attributes. Other organizations in the federation will then be able to verify the integrity of the credential and the attribute claims stored within. To ensure the attributes users are assigned to are meaningful across all organizations in the federation, a common set of attributes must be agreed upon. This common set of attributes can be used in the schema of a VC to ensure only known attributes are issued to users. Once a user’s attributes are verified, they will be used by local NGAC instances to determine the data they have access to. NGAC is an Attribute-based Access Control standard designed to model access control policies in a directed acyclic graph. Users are assigned to User Attributes which enable access with associated Objects through their Object Attributes. Users, Objects, their Attributes, and access rights are expressed as nodes and edges in the graph. Objects are logical representations of resources for the purposes of administering and enforcing access control policies on those resources. With this policy model, NGAC can protect data of any kind including SQL, NoSQL, and files. The NGAC graph is designed to fit in the memory of an authorization server which can then enforce the policies on requests to access the data.
SFDS utilizes the flexibility of NGAC to onboard previously unknown users to the verified attributes they possess in their VC. Since each organization retains autonomy of their policy, they are not limited to the agreed upon common set of attributes that can be found in a VC. Policies can be further crafted to ensure compliance with any legislative or organizational regulations which may not be the same across the federation.
