Joon S. Park
Ravi Sandhu
Abstract
Current approaches to access control on the Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.
- AHN, G.-J. AND SANDHU, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. 3, 4 (Nov.).]] Google Scholar
Digital Library
- AHN, G.-J., SANDHU,R.S.,KANG, M., AND PARK, J. 2000. Injecting RBAC to secure a Web-based workflow system. In Proceedings of 5th ACM Workshop on Role-Based Access Control (RBAC '00, Berlin, Germany, July 26 - 27). ACM, New York, NY.]] Google ScholarDigital Library
- BELLARE, M., CANETTI, R., AND KRAWCZYK, H. 1996. Keying hashing functions for message authentication. In Proceedings of the Conference on Advances in Cryptography (CRYPTO '96). Springer-Verlag, New York, NY.]] Google ScholarDigital Library
- BOOCH, G., RUMBAUGH, J., AND JACOBSON, I. 1999. The Unified Modeling Language User Guide. Addison-Wesley Publishing Co., Inc., Redwood City, CA.]] Google ScholarDigital Library
- CALLAS, J., DONNERHACKE, L., FINNEY, H., AND THAYER, R. 1998. OpenPGP message format. RFC 2440.]] Google ScholarDigital Library
- DIERKS,T.AND ALLEN, C. 1999. The TLS (Transport Layer Security) Protocol. RFC 246.]]Google Scholar
- DIFFIE,W.AND HELLMAN, M. 1997. ANSI X9.42: Establishment of symmetric algorithm keys using Diffie-Hellman. ANSI, New York, NY.]]Google Scholar
- ELLISON, C., FRANTZ, B., LAMPSON, B., RIVEST, R., THOMAS, B., AND YLONEN, T. 1999. SPKI (simple public key infrastructure). RFC 2693.]]Google Scholar
- ENCOMMERCE. 2000. getAccess. http://www.encommerce.com/products.]]Google Scholar
- FARRELL, S. 1998a. An Internet AttributeCertificate profile for Authorization. Draft. draft-ietf-tls-ac509prof-00.txt.]] Google ScholarDigital Library
- FARRELL, S. 1998b. TLS extensions for AttributeCertificate based authorization. Draft. draft-ietf-tls-attr-cert-00.txt.]]Google Scholar
- FERRAIOLO, D., CUGINI, J., AND KUHN, R. 1995. Role-based access control (RBAC): Features and motivations. In Proceedings of the 11th Annual Conference on Computer Security Applications (New Orleans, LA, Dec. 11-15). 241-248.]]Google Scholar
- FERRAIOLO,D.AND KUHN, D. R. 1992. Role based access control. In Proceedings of the 15th Annual Conference on National Computer Security. National Institute of Standards and Technology, Gaithersburg, MD, 554-563.]]Google Scholar
- FIELDING, R., GETTYS, J., MOGUL, J., FRYSTYK, H., MASINTER, L., LEACH, P., AND BERNERS-LEE,T. 1999. Hypertext Transfer Protocol-HTTP/1.1. RFC 2616. ftp://ftp.isi.edu/in-notes/rfc2616.txt.]] Google ScholarDigital Library
- GARFINKEL, S. 1995. Pretty Good Privacy. O'Reilly Associates.]]Google Scholar
- GUIRI, L. 1995. A new model for role-based access control. In Proceedings of the 11th Annual Conference on Computer Security Applications (New Orleans, LA, Dec.). IEEE Computer Society Press, Los Alamitos, CA, 249-255.]]Google Scholar
- GIURI,L.AND IGLIO, P. 1996. A formal model for role-based access control with constraints. In Proceedings of 9th IEEE Workshop on Computer Security Foundations (Kenmare, Ireland, June). IEEE Press, Piscataway, NJ, 136-145.]] Google ScholarDigital Library
- HOUSLEY, R., FORD, W., POLK, W., AND SOLO, D. 1998. Internet X.509 public key infrastructure certificate and CRL profile. Draft. draft-ietf-pkix-ipki-part1-11.txt.]] Google ScholarDigital Library
- HOWES, T., SMITH, M., AND GOOD, G. 1999. Understanding and Deploying LDAP Directory Services. Macmillan Publishing Co., Inc., Indianapolis, IN.]] Google ScholarDigital Library
- HU, M.-Y., DEMURJIAN, S., AND TING, T. 1995. User-role based security in the ADAM object-oriented design and analyses environment. In Database Security VIII: Status and Prospects, J. Biskup, M. Morgernstern, and C. Landwehr, Eds. Elsevier North-Holland, Inc., Amsterdam, The Netherlands.]]Google Scholar
- ITU-T. 1993. Information technology-Open systems Interconnection-The Directory: Authentication framework. ITU-T Recommendation X.509. ISO/IEC 9594-8:1993.]]Google Scholar
- ITU-T. 1997. Information technology-Open systems interconnection-The directory: Authentication framework. Recommendation X.509.]]Google Scholar
- KRISTOL,D.M.AND MONTULLI, L. 1999. HTTP state management mechanism. draft-ietf-http-state-man-mec-12.txt.]] Google ScholarDigital Library
- LAI,X.AND MASSEY, J. L. 1991. A proposal for a new block encryption standard. In Proceedings of the Workshop on Advances in Cryptology (EUROCRYPT '90, Aarhus, Denmark, May 21-24), I. B. Damgard, Ed. Springer Lecture Notes in Computer Science. Springer-Verlag, New York, NY, 389-404.]] Google ScholarDigital Library
- MOHAMMED,I.AND DILTS, D. M. 1994. Design for dynamic user-role-based security. Comput. Security 13, 8, 661-671.]]Google ScholarDigital Library
- MOORE,K.AND FREED, N. 1999. Use of HTTP state management. Draft. draft-ietf-http-state-man-mec-12.txt.]] Google ScholarDigital Library
- NEUMAN, C. 1994. Using Kerberos for authentication on computer networks. IEEE Commun. Mag. 32,9.]]Google ScholarDigital Library
- NIXDORF, S. 2000. TrustedWeb. http://www.sse.ie/TrustedWeb.]]Google Scholar
- NYANCHAMA,M.AND OSBORN, S. L. 1994. Access rights administration in role-based security systems. In Proceedings of the IFIP Working Group 11.3 Working Conference on Database Security. Elsevier North-Holland, Inc., Amsterdam, The Netherlands, 37-56.]] Google ScholarDigital Library
- OSBORN, S., SANDHU,R.S.,AND MUNAWER, Q. 2000. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Security 3, 2 (May).]] Google ScholarDigital Library
- PARK,J.S.,AHN, G. -J., AND SANDHU, R. S. 2001. RBAC on the Web using LDAP. In Proceedings of the 15th IFIP WG 11.3 Working Conference on Database and Application Security (Ont., Canada, July 15-18). IFIP.]]Google Scholar
- PARK,J.S.AND SANDHU, R. S. 2000a. Binding identities and attributes using digitally signed certificates. In Proceedings of 16th Annual Conference on Computer Security Application (New Orleans, LA, Dec. 11-15).]] Google ScholarDigital Library
- PARK,J.S.AND SANDHU, R. S. 2000b. Secure cookies on the Web. IEEE Internet Comput. 4,4 (July-Aug.), 36-44.]] Google ScholarDigital Library
- PARK,J.S.AND SANDHU, R. S. 1999a. RBAC on the Web by smart certificates. In Proceedings of 4th ACM Workshop on Role-Based Access Control (RBAC '99, Fairfax, VA, Oct. 28-29). ACM, New York, NY.]] Google ScholarDigital Library
- PARK,J.S.AND SANDHU, R. S. 1999b. Smart certificates: Extending X.509 for secure attribute services on the Web. In Proceedings of 22nd National Conference on Information Systems Security (Crystal City, VA, Oct.).]]Google Scholar
- PARK,J.S.,SANDHU,R.S.,AND GHANTA, S. 1999. RBAC on the Web by secure cookies. In Proceedings of the IFIP WG11.3 Workshop on Database Security (July). Chapman & Hall, London, UK.]] Google ScholarDigital Library
- PARKER,T.AND PINKAS, D. 1995. SESAME V4-OVERVIEW: Version 4. SESAME Technology.]]Google Scholar
- RESCORLA,E.AND SCHIFFMAN, A. 1998. Security extensions For HTML. Draft. draft-ietf-wts-shtml-05.txt.]] Google ScholarDigital Library
- RIGNEY, C., RUBENS, A., SIMPSON,W.A.,AND WILLENS, S. 1997. Remote authentication dial In user service RADIUS. RFC 2138.]] Google ScholarDigital Library
- RIVEST, R. 1992. The MD5 message digest algorithm. RFC 1321.]] Google ScholarDigital Library
- RIVEST, R., SHAMIR, A., AND ADELMAN, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.]] Google ScholarDigital Library
- SANDHU, R. S. 1995. Rationale for the RBAC96 family of access control models. In Proceedings of the First ACM Workshop on Role-Based Access Control (RBAC '95, Gaithersburg, MD, Nov. 30,-Dec. 1), C. E. Youman, R. S. Sandhu, and E. J. Coyne, Eds. ACM Press, New York, NY.]] Google ScholarDigital Library
- SANDHU,R.S.,COYNE,E.J.,FEINSTEIN,H.L.,AND YOUMAN, C. E. 1994. Role-based access control: A multi-dimensional view. In Proceedings of the 10th Conference on Computer Security Applications (Dec.). IEEE Computer Society Press, Los Alamitos, CA, 54-62.]]Google ScholarCross Ref
- SANDHU,R.S.,BHAMIDIPATI, V., AND MUNAWER, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Trans. Inf. Syst. Secur. 1, 2 (Feb.), 105-135.]] Google ScholarDigital Library
- SANDHU,R.S.AND PARK, J. S. 1998. Decentralized user-role assignment for Web-based intranets. In Proceedings of the Third ACM Workshop on Role-Based Access Control (RBAC '98, Fairfax, VA, Oct. 22-23), C. Youman and T. Jaeger, Chairs. ACM Press, New York, NY, 1-12.]] Google ScholarDigital Library
- SANDHU,R.S.,COYNE,E.J.,FEINSTEIN,H.L.,AND YOUMAN, C. E. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.]] Google ScholarDigital Library
- SCHIFFMAN,A.AND RESCORLA, E. 1998. The secure HyperText transfer protocol. Draft. draft-ietf-wts-shttp-06.txt.]] Google ScholarDigital Library
- STEINER, J., NEUMAN, C., AND SCHILLER, J. 1988. Kerberos: An authentication service for open network systems. In Proceedings on USENIX Winter Conference. USENIX Assoc., Berkeley, CA.]]Google Scholar
- VON SOLMS,S.H.AND VAN DER MERWE, I. 1994. The management of computer security profiles using a role-oriented approach. Comput. Security 13, 8, 673-680.]]Google ScholarDigital Library
- WAGNER,D.AND SCHNEIER, B. 1996. Analysis of the SSL 3.0 protocol. In Proceedings of the USENIX Conference on Electronic Commerce. USENIX Assoc., Berkeley, CA, 29-40.]] Google ScholarDigital Library
- YOUMAN, C., COYNE, E., AND SANDHU,R.S.,EDS. 1997. Proceedings of the Second ACM Workshop on Role-Based Access Control. (RBAC '97, Fairfax, VA, Nov. 6-7). ACM Press, New York, NY.]] Google ScholarDigital Library
- ZIMMERMANN, P. R. 1995. The Official PGP User's Guide. MIT Press, Cambridge, MA.]] Google ScholarDigital Library
Index Terms
- Role-based access control on the web
Recommendations
Security analysis in role-based access control
The administration of large role-based access control (RBAC) systems is a challenging problem. In order to administer such systems, decentralization of administration tasks by the use of delegation is an effective approach. While the use of delegation ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Reviews
Stanley A. Kurzban
Current approaches to access control on the Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches. — Authors’ Abstract The past decade has seen a growing awareness that roles are key to the effectiveness of access control. This extremely well-written and self-contained paper does an excellent job of expositing for researchers and practitioners alike a proposal for useful treatment of this concept in the important context of the Web. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments