3.6. Conclusion

In this chapter, we have discussed the main notions and models for access control and presented extensions that are relevant in the context of distributed systems. It is important to emphasize that in addition to what has been discussed in this chapter, the research field is very active in the area of access control for distributed systems, and many relevant research directions are being investigated. A relevant direction is represented by access control for grid computing systems and virtualized environments. Those systems and environments are quite challenging because of the very large number of users and distributed administration of resources. In particular, they are characterized by the fact that there is no single authority controlling all resources that may be required by a user to perform certain tasks. In such a case, the user must be able to obtain multiple authorizations from independent administrative authorities; this approach, however, entails the issue of conflicting authorizations. The management of identity attributes is also an important requirement for those systems and environments; however, it is not yet clear whether current IdM solution would scale well to support dynamic, very large user populations and resource providers. Another important area is represented by the web service security and workflow systems. Despite the several initiatives ongoing in the industry community, and in particular the definition of an XACML profile for web services, the problem of access control is still largely unexplored. Research is needed to address the problem of conversational web services and the development of access control system suitable for business processes expressed according to workflow models.