A distributed authorization infrastructure taking into account data protection aspects

Common best-of-breed practices of authorisation and access control are not capable of meeting today's requirements for the management of user privileges and enforcing a security strategy in scalable and highly flexible distributed systems. Some security infrastructures, so called AAIs - authentication and authorization infrastructures - and PMIs - privilege management infrastructures - are better suited and capable of offering fully-fledged security services in a federation of systems out of various domains. This article comprises a privacyoriented AAI for eGovernment that incorporates attribute-based access control and a XACMLbased security architecture to enforce privacy when it comes to propagating user attributes across system boundaries. © 2011 Springer-Verlag.