International Journal of Computer Networks & Communications (IJCNC) Vol.3, No.3, May 2011 DOI : 10.5121/ijcnc.2011.3309 133           Maurizio Colombo 1 , Fabio Martinelli 1 , Paolo Mori 1 Barbara Martini 2 Molka Gharbaoui 3 , Piero Castoldi 3 1 Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy {maurizio.colombo, paolo.mori, fabio.martinelli}@iit.cnr.it 2 Laboratorio Nazionale di Reti Fotoniche, Consorzio Nazionale Interuniversitario per le Telecomunicazioni, Pisa, Italy barbara.martini@cnit.it Scuola Superiore Sant'Anna, Pisa, Italy {m.gharbaoui, castoldi}@sssup.it ABSTRACT Resource access control in a multi-provider scenario requires an authorization mechanism such that users are granted seamless access to resources (connectivity services, application services and contents) in different provider domains. This paper proposes the integration of a Role-based authorization system in a network service provisioning framework, in order to support multi-provider networks. This authorization system allows the access to provider’s services by unknown users, i.e. users that have been registered in different administrative domains, provided that those domains have trust relations with the original one. By removing the user subscription as pre-condition for resource access, the proposed access model offers increasing opportunities for service delivery and resource usage with benefits for both providers and users. The paper presents the architecture of the proposed system, along with a reference implementation and the evaluation of the delay in the service delivery time introduced by the proposed security support. KEYWORDS Next Generation Network, Multi-provider Networks, Access Control, Trust Management 1. INTRODUCTION Next Generation Networks (NGN) [1,2] promote the provisioning of a wide range of new services delivered from multitude of providers thus creating new market opportunities. This evolving service provisioning scenario is also fostered by advanced features presented by ever- sophisticated user terminals (e.g., PDA, laptop) in terms of processing capabilities and mobility. Each provider relies on different expertise and assets and interwork each other to deliver services to users while addressing its own business target. Network Providers (NPs) operate a network infrastructure while offering connectivity and IP-based service, e.g., Internet access services (e.g., ADSL, Wifi, VPN). Application Service Providers (ASPs) operate a service * This work was partially supported by the EU FP7 project “Network of Excellence on Engineering Secure Future Internet Software Services and Systems” (NESSOS), FP7-ICT- 2009-5 n. 256980