The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Role-based Access Control on the Web

Download

Download PDF Document
PDF

Author

Joon S. Park, Ravi Sandhu, Gail-Joon Ahn

Entry type

article

Abstract

Current approaches to access control on the Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.

Download

PDF

Date

2001

URL

https://www.cerias.purdue.edu/ ... btex_archive/p37-park.pdf

Booktitle

ACM Transactions on Information and System Security

Key alpha

Park

Pages

37 - 71

School

George Mason University, University of North Carolina at Charlotte

Volume

4 issue 1

Publication Date

2001-01-01

Isbn

1094-9224

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.