Secure interoperability with O2O contracts

International audience; The evolution of markets and the high volatility of business requirements put an increasingemphasis on the ability for systems to accommodate the changes required by neworganizational needs while maintaining security objectives satisfiability. This is even moretrue in case of collaboration and interoperability between different organizations and thus between their information systems. Usual solutions do not anticipate interoperability security requirements or do it in a non satisfactory way. In this chapter, we propose a contract and compatibility principles within a formal framework O2OSecure to achieve a secure interoperation.Contracts are used to explicitly represent the rules that determine the way interactionbetween organizations must be controlled to satisfy secure accesses to resources. Compatibility relations make it possible to derive interoperability security policies. We specify all the wheelwork of interoperation between organizations which might manage their security policies using access control model RBAC and/or OrBAC.Furthermore, as interoperation may lead to a lot of exchanges of information beforeand during the interoperability session, in particular those related to credentials and securitypolicies, we propose to ensure privacy protection to use the O2O licence administrativeview and an XML block based access control technique to obfuscate some of the informationexchanged.