Secure interoperation with O2O contracts

The evolution of today’s markets and the high volatility of business requirements put an increasing emphasis on the ability for systems to accommodate the changes required by new organizational needs while maintaining security objectives satisfiability. This is all the more true in case of collaboration and interoperability between different organizations and thus between their information systems. Usual solutions do not anticipate interoperability security requirements or do it in a non satisfactory way. In this paper, we propose contract and compatibility principles to achieve a secure interoperation. Contracts () are used to explicitly represent the rules that determine the way interaction between organizations must be controlled to satisfy secure accesses to resources. Compatibility relations make it possible to derive interoperability security policies. a The term contract has a semantics close to Lindenberg’s framing theory, see for instance [Lin92]