In heterogeneously networked computer networks, each device in the network may have its own authorized users/user groups. Each user or user group may have device-specific access rights on the device. Conventional user access methods provide a centralized server that is used first to establish users and user groups and then communicate with other devices to establish native user and users groups on other devices. As a result, the central server maintains a map of users and user groups on different devices. When a user on a device wishes to access another device, the centralized server translates the user on the first device to another user on the second device such that the access rights on the second device can be verified and resources can be accessed or denied.
Such conventional role-based access control systems and methods utilize a centralized user profile registry to control computing resources that a user is permitted to access. When a user requests to access certain resources, the request, along with the user, is first routed to the user registry. The user registry contains a user profile database and is able to retrieve user profile and user-specific access control list (ACL) policies. The user registry verifies user permission on the request based on user profile and user-specific ACL policies. Only when the request matches the user's ACL policy, the permission is granted.
One of the disadvantages of such conventional centralized user management is that the central server presents a single point of failure where the server fails, it brings down the entire security control system. Another disadvantage of such a conventional approach is that it assumes devices in a network are homogeneous in their access control policies (e.g., a user can be uniformly recognized on devices in the network), and there is only one security system in the network. Therefore, in such a conventional approach, user management in networked heterogeneous devices requires that a centralized server must be presented and user and user groups must be established first before any other devices can be added to the network. Such an approach is deficient in a home environment where the network is not pre-planned, and devices can be added to the network in random order.
Further, in such conventional approaches, user management and their access control for devices in a home environment is problematic. Instead of a skilled, dedicated system administrator who understands the details and complexity of an enterprise network environment, it is unlikely that there will be a dedicated system administrator in a home environment. In addition, devices in a home network environment are more functionally diversified than that of an enterprise environment. As a result, the user management and access control of resource in a home network environment must unify the difference of heterogeneity of devices and must be made easy for a home usage.