When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), this one reaches a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. Additionally, the PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work, we solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. The two classes of attributes are related by defining a simple ontology. We also introduce in the paper the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Arnaud Sahuguet , Stefan Brands , Kim Cameron , Cahill Conor , Aude Pichelin , Fulup Ar Foll , Mike Neuenschwander, Identity management on converged networks: a reality check, Proceedings of the 15th international conference on World Wide Web, May 23-26, 2006, Edinburgh, Scotland  [doi>10.1145/1135777.1135887]
	2	William H. Winsborough, Kent E. Seamons and Vicki E. Jones. Automated trust negotiation. In DARPA Information Survivability Conference and Exposition. volume I, pages 88--102, IEEE Press. January, 2000.
	3	Kent E. Seamons, Marianne Winslett and Ting Yu. Limiting the disclosure of access control policies during automated trust negotiation. In Proceedings of the Symposium on Network and Distributed System Security, (NDSS'01). February, 2001
	4	William H. Winsborough, Jay Jacobs. Automated Trust Negotiation in Attribute-based Access Control DISCEX (2) 2003: 252-
	5	Eric Yuan , Jin Tong, Attributed Based Access Control (ABAC) for Web Services, Proceedings of the IEEE International Conference on Web Services, p.561-569, July 11-15, 2005  [doi>10.1109/ICWS.2005.25]
	6	William H. Winsborough , Ninghui Li, Safety in automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.352-390, August 2006  [doi>10.1145/1178618.1178623]
	7	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	8	ITU-T Recommendation X.509. X509.Information technology Open systems interconnection. The Directory: Public-key and attribute certificate frameworks, March 2000.
	9	http://shibboleth.internet2.edu/
	10	http://www.oasisopen.org/committees/download.php/6837/sstc-samltech-overview-1.1-cd.pdf
	11	http://www.oasisopen.org/committees/download.php/20645/sstc-samltech-overview-2-draft-10.pdf
	12	http://www.projectliberty.org/
	13	Andrew Shikiar. Introduction & Overview Talk. Mobile Deployment Workshop 3GSM Barcelona 2007.
	14	Thomas R. Gruber, Toward principles for the design of ontologies used for knowledge sharing, International Journal of Human-Computer Studies, v.43 n.5-6, p.907-928, Nov./Dec. 1995  [doi>10.1006/ijhc.1995.1081]