Subject Switching Algorithms for Access Control in Federated Databases

Authentication in federated database systems present difficulties because the autonomously operated components may not know the identity of federation users. One proposed solution is subject switching, where the federation translates the federated users identity to that of an agreed upon component subject. This translation may be problematic, due to not having component subjects with the same accesses requested by federation users. Therefore, we propose using proximity measures between requested and provided accesses and present two policy neutral algorithms to find proximity minimizing matches between a federation subject and a collection of component subjects.